Yeah, whenever anybody says that, they actually mean they *are* going to brag about something, I know. I think I just did something kinda cool, though. See, one of the departments has a few pages of their website on a third-party webhost, due to a long and complicated story that I'm not going to get into because this is already going to be a long explanation.
This hosting company is flexible enough that Danielle could make our template work over there, but there really wasn't any way to include the departmental navigation files from our site. They'd just have to edit both the local copy for their pages on our servers, and the hardcoded version on every page on the other web host. Making it worse was the fact that the webhost only allows a certain number of edits before they start charging every time a file is changed (which still boggles my mind.)
Ordinarily we could just use curl() or the like to fetch the file from our server, but this company doesn't use PHP. They still run ColdFusion, of all things. If ColdFusion has a way to fetch and include offsite files, I don't know it. But I figured out a way to use jQuery and JSONP to have the pages on the other host talk to our webserver and get the sidebar include file they need. They just need to source a JS script from our site, and it reads variables from the page to know which navigation files to include. I could've hard-coded it for this one department, but I hate doing that when I can make a tool that can be used again.
But, security! I hear some of you saying. You're right that it's a bad idea to let people fetch files off your site based on javascript code; anybody can mess with it using Firebug or some such, and change the variables. That won't work too well here, though; it's locked down to specific folders and filename patterns (no slashes or .. for instance) plus there are a couple more secuirty features I'm not going to talk about.
If you want more detail, email me. That's all for now.
No comments:
Post a Comment