diff options
| author | Christoph Burschka | 2014-01-18 13:05:04 +0100 |
|---|---|---|
| committer | Christoph Burschka | 2014-01-18 13:05:04 +0100 |
| commit | f9fa22d4b549b94d7334332b5b432707ae90fa04 (patch) | |
| tree | e7f9594ac7fb41257d6ba936158b10c228a76fbc | |
| parent | Implement session auth for Drupal. (diff) | |
| download | ejabberd-auth-php-f9fa22d4b549b94d7334332b5b432707ae90fa04.tar.gz | |
Explain the cross-domain thing.
| -rw-r--r-- | plugins/session/README.md | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/plugins/session/README.md b/plugins/session/README.md index 6fccc82..832e779 100644 --- a/plugins/session/README.md +++ b/plugins/session/README.md @@ -38,11 +38,16 @@ domain should be sufficient). Usage ----- +Note: Standard security policies prevent JavaScript from making cross-domain +requests, and particularly from transmitting cookies with such requests. +Therefore, your forum, the `rpc.php` script, *and* the web client must be hosted +on the same domain for this feature to work. + Whenever you need to authenticate to ejabberd, make a POST request to the URL that points at `www/rpc.php` with `salt` set to a reasonably random 16 character value. -If the client making the POST request has a valid session for the site you're +If the client making the POST request transmits a valid session for the site you're authenticating with, then you will receive a JSON-encoded response as follows: `{"user":"<user>","secret":"<secret>","time":"<time>"} |