2

Use Case: I am working on an image uploader which uses ajax upload function.I want to upload images to a subdomain user creates on the website.For example,when the user creates a domain on the website I copy a php script for uploading images to the new domain viz image-cropping.php.I want to send a request to this file when the user uploads any image to his domain.

Issue:
When I try to upload an image I get Error: Permission denied to access property 'readyState'.My calling js file is on xyz.google.com and the upload php script is on abc.google.com.

Research
After doing some googling and research I learnt javascript won't allow to send request cross domain and it needs a http proxy to handle this.Here is the code I have tried.The script to run the ajax uploader.In action I have the path to file on other domain(the path is built dynamically).

   new AjaxUpload(btnUpload, {
        action: 'includes/modules/domain_creation/proxy.php',
        name: 'image',
        onSubmit: function(file, ext){
            if (! (ext && /^(jpg|png|jpeg|gif|JPG|JPEG|PNG|GIF)$/.test(ext))){ 
                alert('Only JPG, PNG or GIF files are allowed');
                return false;
            }
            $('#thumbImg').html('<img src="http://localhost/gobiggi_VS_2_2/images/appImages/imageLoader.png" />');
        },

1) Am I doing it in the right way(working on it for first time)?Is the proxy actually needed?
2)How and where can I set the proxy so that the error permission can be negotiated?
3)What security issues does it open up(Is it safe?If not what's an alternative)?Any pointers or suggestions would be helpful for me.
Thank you for your time.

Update:
I am using this proxy script for uploading the image.Part of the code is

   $domainUsername = $_SESSION['domainUsername'];
   $domainNameWeb = $_SESSION['domainName'];
   //$fileParameterProxy = $_FILES['image'];
   //Destination URL: Where this proxy leads to the upload script
     $destinationURL = 'http://www.'.$domainNameWeb.'/'.$domainUsername.'/upload.php';
   //The only domain from which requests are authorized.
   $RequestDomain = 'abc.net';

Now I don't get the Error for permission but I am not able to get the image on to the server.When I try to do print_r($_FILES) I get a blank array on my upload script.

I believe I am missing something!!Can someone please correct?
Thank you for your time!

Improve this question
0

1 Answer 1

Reset to default
1

1 and 2) You have to set your proxy as action, because that is the place where you are allowed to upload the files. The proxy then will do the request to the other domain, where it can send the files to.

3) Depends on your proxy implementation. You should avoid to store the files locally or execute/include anything from user input, like always when writing php scripts. Directly send the tmp file to your destination server, this will also be the fastest implementation.

Improve this answer
Sign up to request clarification or add additional context in comments.

14 Comments

Thank you for the inputs,but can you help me out how the request would be?Also,I learned http requests not being safe and using https instead.Can you throw some light on it please?
Which kind of proxy are you using? Where is it stored? http is not encrypted, https is. But if you need it depends on the data you are sending. Is it something sensitive?
Currently I am not using any proxy.Actually working on proxies for the first time!! :P I tried sending a plain http request as in the question above and got the error mentioned.The function specifically needs to upload images stored on the user domain(User will create his own domain from the site).The information is somewhat critical as user data is invloved in it.
If the data is critical you should https. But first things first: You have to create a proxy on your current domain for your usecase. You won't be able to upload directly to the other domains.
Thank you for the inputs till now.One final question I have is what changes exactly I have to make in the action for setting the proxy?Currently I have the url of the upload file residing on the user domain.How can I call it using a proxy?
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.