The security issue is that it is not allowed to manipulate a page from
one server by means of a page coming from another server without the
users permission. This should only be allowed for trusted servers,
because the server where the data is coming from is not aware of this
manipulation. It would be nice to have an easy way to tell the browser
on the fly that you trust a server rather than switching off the
security setting for the whole session.
Larry, you can try the TEL portal as an example of a proxy. When you
have not set the security options in the right way the portal will
prompt you for this and send subsequent SRU requests via a proxy service
on the same machine as where the portal is coming from.
Theo
>>> [log in to unmask] 15-4-04 15:10:06 >>>
Larry,
I mean the SRU server would take the stylesheet URL from the SRU
parameters,
load that stylesheet to a file in the SRU server domain, and serve both
SRU
XML data and stylesheet from the same domain.
(I'm not suggesting SRU should do this. I think it better to understand
why
a browser cannot store a stylesheet and process various XML responses
using
it. I don't understand what the security issue is that prevents this.)
Bill
-----Original Message-----
From: Larry E. Dixson [mailto:[log in to unmask]]
Sent: 15 April 2004 12:23
To: [log in to unmask]
Subject: Re: Stylesheets in SRU requests
Bill,
I don't understand. Do you mean configure the SRU server to forward
all requests to another server? What about SRU requests?
Larry
On Thu, 15 Apr 2004, Oldroyd, Bill wrote:
> This will work for a local implementation where you can load
stylesheets
to
> be served from the relevant domain , but for general use this
approach is
> only going to work if an SRU server acts as a "proxy" for the
requested
> stylesheet ?.
>
> Bill
>
> -----Original Message-----
> From: Larry E. Dixson [mailto:[log in to unmask]]
> Sent: 08 April 2004 13:45
> To: [log in to unmask]
> Subject: Re: Stylesheets in SRU requests
>
>
> Matthew,
> Thanks very much. The latter option (i.e., serving the stylesheets
> from z3950.loc.gov) is clearly the approach that I want to take.
> Larry
>
> On Thu, 8 Apr 2004, Matthew J. Dovey wrote:
>
> > The default security settings for Internet Explorer have "Allow
> > datasources across domains" to false (at least with IE 6). The
> > stylesheet is stored on a different server (lcweb.loc.gov) to the
server
> > from which the XML originates (z3950.loc.gov) hence the "Access
denied"
> > error. Either changing the Internet Explorer settings or serving
the
> > stylesheet from z3950.loc.gov would solve the problem.
> >
> > Matthew
> >
> > > -----Original Message-----
> > > From: Z39.50 Next-Generation Initiative [mailto:[log in to unmask]]
> > > On Behalf Of Larry E. Dixson
> > > Sent: Thursday, April 08, 2004 12:46 PM
> > > To: [log in to unmask]
> > > Subject: Stylesheets in SRU requests
> > >
> > > How can I get XSLT stylesheets to work for _others_ when
> > > the link is present in an SRU request?
> > >
> > > Sorry, I think this was discussed previously, but I wasn't
> > > "ready" for the information at that time.
> > >
> > > I have a test page of SRU requests (directed at LC) at the
> > > following address:
> > >
> > > http://lcweb/z3950/srutestlc.html
> > >
> > > There are three requests (in a row) that include a link to a
> > > stylesheet. All of those work for _me_ but not for anyone
> > > else here.
> > >
> > > How do I solve?
> > > Thanks.
> > > Larry
> > >
> > > ------------------------------------------------------------
> > > Larry E. Dixson Internet: [log in to unmask]
> > > Network Development and MARC
> > > Standards Office, LM639
> > > Library of Congress Telephone: (202) 707-5807
> > > Washington, D.C. 20540-4402 Fax: (202) 707-0115
> > >
> > >
> >
>
>
>
**************************************************************************
>
> Experience the British Library online at www.bl.uk
>
> Help the British Library conserve the world's knowledge. Adopt a
Book.
> www.bl.uk/adoptabook
>
>
*************************************************************************
>
> The information contained in this e-mail is confidential and may be
legally
> privileged. It is intended for the addressee(s) only. If you are not
the
> intended recipient, please delete this e-mail and notify the
> [log in to unmask] : The contents of this e-mail must not be disclosed
or
> copied without the sender's consent.
>
> The statements and opinions expressed in this message are those of
the
> author and do not necessarily reflect those of the British Library.
The
> British Library does not take any responsibility for the views of
the
> author.
>
>
*************************************************************************
>
**************************************************************************
Experience the British Library online at www.bl.uk
Help the British Library conserve the world's knowledge. Adopt a Book.
www.bl.uk/adoptabook
*************************************************************************
The information contained in this e-mail is confidential and may be
legally
privileged. It is intended for the addressee(s) only. If you are not
the
intended recipient, please delete this e-mail and notify the
[log in to unmask] : The contents of this e-mail must not be disclosed
or
copied without the sender's consent.
The statements and opinions expressed in this message are those of the
author and do not necessarily reflect those of the British Library.
The
British Library does not take any responsibility for the views of the
author.
*************************************************************************
|
