Commit Graph

53 Commits

Author SHA1 Message Date
Brion Vibber
92880b41e4 Update util.min.js for attachment preview on Firefox, Chrome 2010-11-24 17:36:40 -08:00
Brion Vibber
b73c162256 Partial fix for tickets #2194, #2393: Workaround for Meteor breaking AJAX error responses returned on posting new notices. Fixes things in Firefox 4, but Safari 5 and Chrome 8 still don't return data... either on success or failure! Sigh.
The Meteor realtime plugin sets document.domain to the common prefix between the main server and the Meteor server's hostnames, which overrides the same-origin controls on JavaScript DOM access so the two parts of the app can speak to each other.
This unfortunately causes "fun" side effects for XMLHTTPRequest access to the main domain... if the new domain doesn't match the actual host (eg 'status.net' instead of 'brion.status.net') then we can't access the XHR's responseXML attribute, which holds a DOM tree of the parsed XML return data.
As a workaround, if we can't get at the contents there, we'll parse a fresh DOM tree in the local context from the responseText property, which remains available.

In the longer term, recommend retooling the realtime stuff so it's not fiddling with document.domain. It could also be an issue as it could allow local JavaScript XSS attacks to migrate to subdomains in other open windows.
2010-11-17 16:08:41 -08:00
Evan Prodromou
da4f8d465f Use minified version of util.js 2010-11-17 12:16:50 -05:00