如何在 Rails 3.0 上的 Ruby 中对不同域进行 AJAX 调用

Question

I have an action email in my controller of application running on www.example.com and I am trying to send the form data of email to www.data.example.com/email where my another application receives the request and I am able to save the data in js format. But I want to send back the acknowledgement to www.example.com and replace the html using rjs template. Here are some code for you reference:

email.html.erb called on www.example.com

   <div id="div_content">
    <%= form_for(@user, :url => "http://data.example.com/mail", :remote => true) do |f| %>
    <%= f.label :email %>
    <%= f.text_field :email%>
    <% end %>
   </div>

email action of application on: data.example.com/email -

def email
  @user = User.create(params[:user])
  respond_to do |format|
    if @user.save!
       format.html { redirect_to(user_page_path(@user.vip_id), :notice => 'Thank you! You are now on our priority list.') }
       format.js
    else
       format.html { render :text => "user can not be saved at this moment!"}
    end
  end
end

email.js.rjs called on www.data.example.com/email

page.replace_html :div_content, :partial => "show", :object => @user

I can see in my log that request comes all the way from one domain to sub domain and even action gets triggered but, I can not get the response back to the main domain. So, is there any way to send a callback to main domain. I just want to reflect changes there at the form which is inside div_content div and want to replace with content of _show.html.erb which I have on my sub domain.

Many Thanks,
Surya:)

Answer 1

This is happening because rails thinks you are trying to launch a cross site request forgery attack against yourself. By default rails has a security feature baked in that rejects form submission from outside sources (ie your other app)

Easiest (but not the most secure), way around it would be to add this to the top of the controller you are posting the data to:

protect_from_forgery :except => :email

RE COMMENTS

Ahh I see, I was not paying very close attention when I first read your post, sorry about that. I missed all the parts about rjs.

I am certainly no expert on rjs but it looks like you are doing most everything right. Only suspicious part to me is this line:

page.replace_html :div_content, :partial => "show", :object => @user

I think it should be:

page.insert_html(:bottom, "div_content", :partial => "show")

Also you might want to try and replace the rjs template with

page.alert("debug");

Just to make sure its really not coming back, because I would suspect it is...

Answer 2

Guys here is what I got to make it work -

Well I was trying to do cross domain communication using my both RoR app as I mentioned right up there in my question!

Finally I have found a way to achieve the same using "EasyXDM" (www.easyxdm.net) it solved the problem. It works great on most of the browsers including IE7 and Firefox older versions. CORS is another solution if you want to get it done, but it fails to work on IE7...

whoa. now I can rely on the cross domain communication between my different apps without using an iFrame.