Django and Ajax Push Engine (APE): Unsafe JavaScript attempt to access frame with URL

Question

I am trying to setup an APE server for my Django project.

Setup

1. I followed the setup instructions in the APE wiki: Simple APE Configuration

   I had to change the port though. My virtual host config reads as follows:

   NameVirtualHost 127.0.0.1:8100
   Listen 127.0.0.1:8100
   <VirtualHost 127.0.0.1:8100>
       ServerName local.ape-project.org
       ServerAlias ape.local.ape-project.org
       ServerAlias *.ape.local.ape-project.org
   
       DocumentRoot "/path/to/my/project/ape-jsf/"
   </VirtualHost>
   

   Running http://local.ape-project.org:8100/Tools/Check/ runs all tests successfully and returns the message: All test done. Now you can play with your APE \o/

2. Django is running on port 8000:

   python manage.py runserver_plus 0.0.0.0:8000

3. I followed the instructions for the first tutorial: Tutorial: Color Changer

   I put the JavaScript code into my django project (with inclusion of Clients/JavaScript.js).

Problem

When i open the page, i get this error:

Unsafe JavaScript attempt to access frame with URL http://2.ape.local.ape-project.org:6969/?[{%22cmd%22:%22script%22,%22params%22:{%22domain%22:%22127.0.0.1%22,%22scripts%22:[%22http://local.ape-project.org:8100/static/ape-jsf/Source/mootools-core.js%22,%22http://local.ape-project.org:8100/static/ape-jsf/Source/Core/APE.js%22,%22http://local.ape-project.org:8100/static/ape-jsf/Source/Core/Events.js%22,%22http://local.ape-project.org:8100/static/ape-jsf/Source/Core/Core.js%22,%22http://local.ape-project.org:8100/static/ape-jsf/Source/Pipe/Pipe.js%22,%22http://local.ape-project.org:8100/static/ape-jsf/Source/Pipe/PipeProxy.js%22,%22http://local.ape-project.org:8100/static/ape-jsf/Source/Pipe/PipeMulti.js%22,%22http://local.ape-project.org:8100/static/ape-jsf/Source/Pipe/PipeSingle.js%22,%22http://local.ape-project.org:8100/static/ape-jsf/Source/Request/Request.js%22,%22http://local.ape-project.org:8100/static/ape-jsf/Source/Request/Request.Stack.js%22,%22http://local.ape-project.org:8100/static/ape-jsf/Source/Request/Request.CycledStack.js%22,%22http://local.ape-project.org:8100/static/ape-jsf/Source/Transport/Transport.longPolling.js%22,%22http://local.ape-project.org:8100/static/ape-jsf/Source/Transport/Transport.SSE.js%22,%22http://local.ape-project.org:8100/static/ape-jsf/Source/Transport/Transport.XHRStreaming.js%22,%22http://local.ape-project.org:8100/static/ape-jsf/Source/Transport/Transport.JSONP.js%22,%22http://local.ape-project.org:8100/static/ape-jsf/Source/Core/Utility.js%22,%22http://local.ape-project.org:8100/static/ape-jsf/Source/Core/JSON.js%22]}}]
from frame with URL http://127.0.0.1:8000/mydjangoapp/somepage/. Domains, protocols and ports must match.

I understand that there is a security issue with different domains and ports.

But how is this supposed to work?

Answer 1

It turned out that it's difficult to configure an environment that runs both Ape and runserver. The solution to this problem is to use another web server.

I chose Apache and the mod_wsgi module:

• mod_wsgi tutorial: Integration With Django
• be careful about static files: How to use Django with Apache and mod_wsgi