views:

201

answers:

2

I have wildcard subdomains for example:

.example.com goes to example.com/app/

It seems uploadify works fine if I use the directory instead of the subdomain. But when I use the subdoman and click on the upload image nothing happens. It seems to load the flash fine and no JS errors but when I click on the button I do not get a file browser. Maybe the way I do the wildcard domains affects it, not sure. here is my htaccess:

RewriteCond %{HTTP_HOST} ^(.*).example.com
RewriteCond %{HTTP_HOST} !^www.example.com [NC]
RewriteRule ^(.*)$ http://example.com/app/%1/$1 [P]

I also use the full path to call the js and flash files. They are not located under the subdomain but under the root domain. So I just use the full url path, here is an example of my js:

$("#fileInput").uploadify({
      'uploader'       : 'http://example.com/js/upload/_scripts/uploadify.swf',
      'script'         : 'http://sub.example.com/discuss/upload/do_upload/' + session_id,
      'cancelImg'      : 'http://example.com/images/icons/del.png',
      'folder'         : '/files/',
      'multi'          : true,
                'auto' : true,
                'queueSizeLimit' : 10,
                'buttonImg' : 'http://example.com/images/attachafile2.jpg',
                'width' : 91,
                'height' : 23,
                'wmode' : 'transparent'
   });
A: 

Based on the Wikipedia entry for the same origin policy it sounds to like this won't work because sub.domain.com != domain.com as far as JavaScript is concerned. That being said, it also sounds like that so long as JavaScript believes it's requesting the same domain everything should be just peachy.

I think if you tell Uploadify to post to the original not-rewritten-path and allow Apache to handle the rewrite automatically, then JavaScript won't think it's violating the same origin policy.

For example: If you remapped domain.com/path/to/foo to foo.domain.com and then in your JavaScript request /path/to/foo, Apache will translate the request accordingly and JavaScript won't know the difference.

Nathan Taylor
+1  A: 

uploadify uses flash to perform the upload. Flash is subject to the same origin policy, much like a native browser, except that it has a loophole.

Flash will look for a file called crossdomain.xml at the root of the webserver. This XML file dictates which other domains may access its contents via flash.

For example, here is twitter's crossdomain file

It may be sufficient in your case to create or modify this file to accept connections from the various domains involved.

Good luck!

jimbojw
Thats what I figured out after playing around more. I changed the way some stuff was setup and it seemed to work now.
mikelbring