ngx_xss: Native support for cross-site scripting in an nginx
W-Mark Kubacki
wmark+nginx at hurrikane.de
Fri Jan 29 23:05:58 MSK 2010
2010/1/29 agentzh <agentzh at gmail.com>:
> On Fri, Jan 29, 2010 at 5:11 AM, Tobia Conforto
> <tobia.conforto at gmail.com> wrote:
>>
>> Am I the only one wondering what's the use of this module?
>
> The initial motivation of writing this module is to build a
> full-fledged blog app that is powered completely by nginx.conf and
> client-side JavaScript. I already have something runnable now. Here's
> the nginx.conf that I've got so far if you're interested:
>
> http://agentzh.org/misc/nginx.conf
You can set "document.domain" in JS and then have a domain
blog.xyz.com, say static pages with header and footer, for example on
a CDN, and a domain api.xyz.com which does your actual magic.
Therefore drizzle and rds_json module (btw, see my issue on Github)
seem to me being the main parts. xss would cover the case where the
blog's (2nd level) domain differs from the one to serve the JSON
responses.
Thanks for sharing!
--
Mark
[1] http://wiki.nginx.org/Nginx3rdPartyModules#RDS_JSON_Module
[2] http://wiki.nginx.org/Nginx3rdPartyModules#Drizzle_Module
More information about the nginx
mailing list