从html页面提供javascript文件

Question

I have a resource from a third party vendor that serves through http protocol only. When I include a script tag like this...

<script src="http://example.com"></script>

I get a javascript variable with the JSON data, similar to this...

var data = {"total": "10", "results": [{"name": "Joe", "title": "developer"}, {"name": "Jane", "title": "engineer"}]};

I can then use the variable data in my page to output results, etc.

The problem is, I need to serve this data on a page over SSL ( https ) and I cannot make a resource request through http for an https page - meaning the <script/> include does not work.

As a solution I am requesting the resource from a server page, lets say data.cfm for example, then re-serving the JS variable through https from my server. So, in this case, I'd like a request to https://anotherserver.com/data.cfm to serve the same JS as http://example.com

<cfhttp result="myData" method="GET" charset="utf-8" url="http://example.com">
<cfoutput><pre>#myData.fileContent#</pre></cfoutput>

I should also note that the JSON data has HTML tags in it.

When I try to go to https://anotherserver.com/data.cfm I get the data, but it is not formatted correctly. For example, hyperlinks are active as hyperlinks.

I also tried using <cfdump> which returns the data as an unformatted string, but when I use the <script src="https://anotherserver.com/data.cfm"></script> tag I do not get the JS variable.

Update

With further testing, I found that if I just copy the data as text in 2 files: data.cfm and data.js the js file works as expected and the cfm file does not. This leads me to believe that the file extension is causing the resource to be read as html. So, it's really more of a Coldfusion question. How can I set the cfm file to be read as javascript by the browser? Is there some response header or metadata field that will accomplish this?

Answer 1

I'll probably get creamed in negative votes for this. The correct thing to happen is you tell that service to enable https on their servers. A public facing web based service not using https is not acceptable.

Answer 2

First of all if you are viewing the js and cfm files in the browser then js is going to show essentially as text output and cfm will be interpreted as html. This is due to mime types returned automatically by the web server or guessing done by the browser. This is why the cfm method looks different. However if you are pulling a url using a script tag it will be assumed to be javascript. If you do source code view on the cfm page it should look fine.

Secondly we would need more information to diagnose exactly what is causing the problem you are experiencing where a js file included vs a cfm file hosting the same info is resulting an error in the latter. My initial guess would be that more is going on here than we can see in your question and there is a javascript escaping issue. (edit: actually I see that some js code may make decisions based on content type so returning that could be the difference depending on how things are used)

Lastly, if you save exact output of the cfm file to a js file then you should be set. Pulling javascript from cfm file by way of script tags should have no issue. However to avoid any potential issues and also to add some caching you can save right to a static file. Caching will allow the file to only ever be pulled once in a time period (ex: once a minute). In your normal code you could add this...

<cfif not structKeyExists(application, "jsfilename_cachesaved") or application.jsfilename_cachesaved lt dateAdd("n", -1, now())>
    <cflock name="jsfileupdate" timeout="5">
        <cfif not structKeyExists(application, "jsfilename_cachesaved") or application.jsfilename_cachesaved lt dateAdd("n", -1, now())>
            <cfhttp result="myData" method="GET" charset="utf-8" url="http://example.com">
            <cffile action="write" file="#jsfilepath#" output="myData.fileContent" />
            <cfset application.jsfilename_cachesaved = now() />
        </cfif>
    </cflock>
</cfif>

(the double if statement is there to avoid unnecessary hits to lock and also unnecessary saves for users who hit the lock at the same time)