Zimlets Proxy Servlet
An AJAX client running in a web browser is not permitted to directly make requests to servers other than the originating server, as dictated by the browser security control. Instead, the server hosting AJAX client must make proxy requests on behalf of the client. By using the Proxy Servlet, Zimlets can access remote resources from other servers, as well as make requests to 3rd party systems. The default URL binding for Proxy Servlet is /service/proxy. This servlet takes accepts the following parameters:
- target - the target URL
- auth - authentication method (optional). Currently HTTP basic authentication is supported by Proxy Servlet. (auth=basic)
- user - username used for the authentication (optional)
- pass - password used for the authentication (optional)
The Proxy Servlet will copy any data sent through the POST method to the remote server specified by the target parameter. It will also copy any extra non-functional HTTP headers from the request.
The Proxy Servlet checks the target URL against the list of allowed domains that are listed in COS. When the proxy request target does not appear in the allowed domain list, Proxy Servlet will return HTTP error 403 forbidden.
The Proxy Servlet can optionally cache the contents.Only the non-authenticated contents are cached. The cacheable contents are identified by the content-type header. For example, the caching can be turned on only for static images with image/gif or image/jpeg content types. The set of cacheable content types are also listed in COS.