From 8755b67a81ee909007c455dc5f84861084e760b3 Mon Sep 17 00:00:00 2001 From: gggeek Date: Tue, 10 Jan 2023 23:25:19 +0000 Subject: [PATCH] more demo code cleanup; enable crossdomain requests on the altervista server --- demo/client/perl/test.pl | 18 ------------------ demo/client/python/test.py | 17 +++-------------- demo/server/server.php | 13 ++++++++++++- doc/manual/phpxmlrpc_manual.adoc | 6 ++++++ 4 files changed, 21 insertions(+), 33 deletions(-) diff --git a/demo/client/perl/test.pl b/demo/client/perl/test.pl index 8eee3740..3f4420d5 100644 --- a/demo/client/perl/test.pl +++ b/demo/client/perl/test.pl @@ -13,24 +13,6 @@ my $resp = $client->call("examples.getStateName", 32); print "Got '${resp}'\n"; -# now send a mail to nobody in particular - -#$resp = $client->call("mail.send", ( -# "edd", -# "Test", -# "Bonjour. Je m'appelle Gérard. Mañana. ", -# "freddy", -# "", -# "", -# 'text/plain; charset="iso-8859-1"') -#); -# -#if ($resp->value()) { -# print "Mail sent OK.\n"; -#} else { -# print "Error sending mail.\n"; -#} - # test echoing of characters works fine $resp = $client->call("examples.echo", 'Three "blind" mice - ' . "See 'how' they run"); diff --git a/demo/client/python/test.py b/demo/client/python/test.py index 4b599e65..d7954a95 100644 --- a/demo/client/python/test.py +++ b/demo/client/python/test.py @@ -1,5 +1,5 @@ #!/usr/bin/env python3 -# -*- coding: iso-8859-1 -*- +# -*- coding: utf-8 -*- import xmlrpc.client import base64 @@ -10,22 +10,11 @@ server = xmlrpc.client.ServerProxy("http://localhost/demo/server/server.php") try: print ("Got '" + server.examples.getStateName(32) + "'") - # Disabled as demo servers often are prevented from sending mail... - #r = server.mail.send( - # "edd", "Test", - # "Bonjour. Je m'appelle Gérard. Mañana. ", "freddy", "", "", - # 'text/plain; charset="iso-8859-1"' - # ) - #if r: - # print ("Mail sent OK") - #else: - # print ("Error sending mail") - r = server.examples.echo('Three "blind" mice - ' + "See 'how' they run") print (r) # name/age example. this exercises structs and arrays - a = [ + a = [ {'name': 'Dave', 'age': 35}, {'name': 'Edd', 'age': 45 }, {'name': 'Fred', 'age': 23}, {'name': 'Barney', 'age': 36 } ] @@ -35,7 +24,7 @@ try: # test base 64 r = server.examples.decode64(b'Mary had a little lamb She tied it to a pylon') print (r) - + except xmlrpc.client.Fault as err: print("A fault occurred") print("Fault code: %d" % err.faultCode) diff --git a/demo/server/server.php b/demo/server/server.php index bca8d122..7ede3d2b 100644 --- a/demo/server/server.php +++ b/demo/server/server.php @@ -10,6 +10,17 @@ * Please _do not_ copy this file verbatim into your production server. */ +// We answer to CORS preflight requests, to allow browsers which are visiting a site on a different domain to send +// xml-rpc requests (generated via javascript) to this server. +// Doing so has serious security implications, so we lock it by default to only be enabled on the well-known demo server. +// If enabling it on your server, you most likely want to set up an allowed domains whitelist, rather than using'*' +if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS' && $_SERVER['SERVER_ADMIN'] == 'info@altervista.org') { + header("Access-Control-Allow-Origin: *"); + header("Access-Control-Allow-Methods: POST"); + header("Access-Control-Expose-Headers: Content-Encoding"); + die(); +} + require_once __DIR__ . "/_prepend.php"; use PhpXmlRpc\PhpXmlRpc; @@ -30,8 +41,8 @@ $signatures3 = include(__DIR__.'/methodProviders/validator1.php'); $signatures = array_merge($signatures1, $signatures2, $signatures3); +// Webservices used only by the testsuite - do not use them in production if (defined('TESTMODE')) { - // Webservices used only by the testsuite - do not use them in production $signatures4 = include(__DIR__.'/methodProviders/testsuite.php'); $signatures5 = include(__DIR__.'/methodProviders/wrapper.php'); diff --git a/doc/manual/phpxmlrpc_manual.adoc b/doc/manual/phpxmlrpc_manual.adoc index 397b2d2b..31379d91 100644 --- a/doc/manual/phpxmlrpc_manual.adoc +++ b/doc/manual/phpxmlrpc_manual.adoc @@ -1709,6 +1709,12 @@ $client->setCurlOptions([CURLOPT_FOLLOWLOCATION => true, CURLOPT_POSTREDIR => 3] Yes. Set `+$client->use_curl = Client::USE_CURL_ALWAYS+` then use the Client method `+$client->setCurlOptions()+` +=== Does the server support cross-domain xml-rpc calls? + +It is trivial to make phpxmlrpc servers support CORS preflight requests, allowing them to receive xml-rpc requests sent +from browsers visiting different domains. However, this feature is not enabled out of the box, for obvious security concerns. +See at the top of the file __demo/server/server.php__ for an example of enabling that. + === How to enable long-lasting method calls To be documented... -- 2.47.0