Django and Ajax Push Engine (APE): Unsafe JavaScript attempt to access frame with URL
-
08-06-2021 - |
Question
I am trying to setup an APE server for my Django project.
Setup
I followed the setup instructions in the APE wiki: Simple APE Configuration
I had to change the port though. My virtual host config reads as follows:
NameVirtualHost 127.0.0.1:8100 Listen 127.0.0.1:8100 <VirtualHost 127.0.0.1:8100> ServerName local.ape-project.org ServerAlias ape.local.ape-project.org ServerAlias *.ape.local.ape-project.org DocumentRoot "/path/to/my/project/ape-jsf/" </VirtualHost>
Running http://local.ape-project.org:8100/Tools/Check/ runs all tests successfully and returns the message:
All test done. Now you can play with your APE \o/
Django is running on port 8000:
python manage.py runserver_plus 0.0.0.0:8000
I followed the instructions for the first tutorial: Tutorial: Color Changer
I put the JavaScript code into my django project (with inclusion of
Clients/JavaScript.js
).
Problem
When i open the page, i get this error:
Unsafe JavaScript attempt to access frame with URL http://2.ape.local.ape-project.org:6969/?[{%22cmd%22:%22script%22,%22params%22:{%22domain%22:%22127.0.0.1%22,%22scripts%22:[%22http://local.ape-project.org:8100/static/ape-jsf/Source/mootools-core.js%22,%22http://local.ape-project.org:8100/static/ape-jsf/Source/Core/APE.js%22,%22http://local.ape-project.org:8100/static/ape-jsf/Source/Core/Events.js%22,%22http://local.ape-project.org:8100/static/ape-jsf/Source/Core/Core.js%22,%22http://local.ape-project.org:8100/static/ape-jsf/Source/Pipe/Pipe.js%22,%22http://local.ape-project.org:8100/static/ape-jsf/Source/Pipe/PipeProxy.js%22,%22http://local.ape-project.org:8100/static/ape-jsf/Source/Pipe/PipeMulti.js%22,%22http://local.ape-project.org:8100/static/ape-jsf/Source/Pipe/PipeSingle.js%22,%22http://local.ape-project.org:8100/static/ape-jsf/Source/Request/Request.js%22,%22http://local.ape-project.org:8100/static/ape-jsf/Source/Request/Request.Stack.js%22,%22http://local.ape-project.org:8100/static/ape-jsf/Source/Request/Request.CycledStack.js%22,%22http://local.ape-project.org:8100/static/ape-jsf/Source/Transport/Transport.longPolling.js%22,%22http://local.ape-project.org:8100/static/ape-jsf/Source/Transport/Transport.SSE.js%22,%22http://local.ape-project.org:8100/static/ape-jsf/Source/Transport/Transport.XHRStreaming.js%22,%22http://local.ape-project.org:8100/static/ape-jsf/Source/Transport/Transport.JSONP.js%22,%22http://local.ape-project.org:8100/static/ape-jsf/Source/Core/Utility.js%22,%22http://local.ape-project.org:8100/static/ape-jsf/Source/Core/JSON.js%22]}}]
from frame with URL http://127.0.0.1:8000/mydjangoapp/somepage/. Domains, protocols and ports must match.
I understand that there is a security issue with different domains and ports.
But how is this supposed to work?
La solution
It turned out that it's difficult to configure an environment that runs both Ape
and runserver
. The solution to this problem is to use another web server.
I chose Apache and the mod_wsgi module:
- mod_wsgi tutorial: Integration With Django
- be careful about static files: How to use Django with Apache and mod_wsgi