stackoom
  简体   繁体   中英

How should I set up a search widget that customers can embed on their sites?

 原文  2012-06-30 01:17:27       php/ forms/ codeigniter/ search/ cross-domain

Question

My company crawls the websites of companies in our system and allows users to search those companies specifically. We currently use Sphinx for all our search tools.

Our customers ( the companies we index ) are asking for a search widget that they can embed on their sites to add search functionality to their own websites. The search widget will allow a user to submit a search query from our customer's website. The results will then load on our site ( this search functionality is already working on our site ... just not the embeddable widget ). At first this seemed simple, but then I started thinking about security and cross domain form submissions.

The search functionality already exists on our site at a uri like this: /companies/profile_search/1581/die-cutting

companies is my controller. profile_search is my method. 1581 is the id of the company to be searched. die-cutting is the search query.

I'd like our customers to be able to simply cut and paste code into their site to embed the widget.

  1. Should I simply direct the search query to the above url?
  2. If no, how should I set this up so that it's secure?
  3. Are there other concerns I'm overlooking here?

Our site is built mostly in PHP using CodeIgniter and Sphinx for search, if that is helpful.

3 answers

solution1
 1 ACCPTED  2012-06-30 01:41:17

CodeIgniter has built-in CSRF protection, which might get in your way if you ask your customers paste a form into their sites.

The easy way to do this would be to give your customers an iframe tag to paste in, and serve the form from your site, using target="_top" to make form submissions reload the whole window.

solution2
 0  2012-06-30 22:48:49

You could also simply disable CSRF for this method only; using either a pre-system hook or, more hackishly as a conditional in config.php such as: 

 $config['csrf_protection'] = (stripos($_SERVER["REQUEST_URI"],'/controller/method') === FALSE) ? TRUE : FALSE;

A detailed discussion on temporarily disabling CSRF can be found here .

solution3
 0  2012-06-30 22:52:10

对于跨域请求,您可以使用JSONP: http : //en.wikipedia.org/wiki/JSONP

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How should I set up configs in PHP that can be accessed in includes? How should i set up my classes? How should I set up Laravel routes? How to set up cross sites cookies? How can I set autoplay to a vimeo video using embed tag? MAMP: How can I run both Vhost sites and default sites How to set up IBLOCK route for Bitrix system with multiple sites? How to properly set up Varnish for Symfony2 sites? How to set up custom fields in the registration widget? Can I embed video on external sites while still using tokens to protect the content?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM