[dev] Unauthenticated HordeCore Ajax
Ralf Lang
lang at b1-systems.de
Thu Aug 15 18:27:47 UTC 2013
On 15.08.2013 18:27, Michael M Slusarz wrote:
> Quoting Ralf Lang <lang at b1-systems.de>:
>
>> Hi,
>>
>> is there any way to accomplish this HordeCore Ajax scenario?
>>
>> 1) The app needs authentication. Making it guest visible is not intended.
>>
>> 2) A specific registration/login problem report page cannot have
>> authentication
>>
>> 3) This page wants to use Ajax calls into
>> $App_Ajax_Application_Handler::method.
>
> You can mark specific Ajax methods as "external" in the Handler object.
>
> See, e.g., the 'embed' action in Kronolith_Ajax_Application_Handler.
I tried that but I noticed the Kronolith embed snippet does not work
when I am logged out. That was why I asked yunosh on IRC how this is
supposed to work and he advised me to ask on dev at .
I pushed the kronolith embed code for a specific calendar into
http://horde5-test.maintaina.com/passwd/testme.html
* shows calendar when I am logged in to ANY user.
* returns the ajax timeout response from ajax.php when I am not logged in.
/*-secure-{"msgs":[{"message":"\/login.php?url=%2Fpasswd%2F&horde_logout_token=TBOjzSlIW6Ywn8oBTzV5pg1&logout_reason=6","type":"horde.ajaxtimeout"}],"response":false}*/
I think ajax.php reacts on the exception from Registry::appInit($app)
before it can know if a handler for the action exists and if it is
marked as external. But I have not yet verified that.
--
Ralf Lang
Linux Consultant / Developer
Tel.: +49-170-6381563
Mail: lang at b1-systems.de
B1 Systems GmbH
Osterfeldstraße 7 / 85088 Vohburg / http://www.b1-systems.de
GF: Ralph Dehner / Unternehmenssitz: Vohburg / AG: Ingolstadt,HRB 3537
More information about the dev
mailing list