AJAX solution for CGI disabled server
Jun 25, 2012
Consider this scenario: You want to primarily host your home-page on a server in which CGI scripting (PHP, ASP, JSP, etc) are disabled due to security reasons (this is typically the case for many university/academic web-sites). So HTML and JavaScript are the only things you can use. However, you have a different secondary hosting service which allows CGI (typically we will consider PHP). So what you would like to do is host your CMS scripts (PmWiki, Drupal, etc) on the CGI-enabled secondary server, and use the primary CGI-disabled server to host HTML+JavaScript that will fetch the PHP-generated contents from the secondary server upon appropriate request from the visitor/client brower.
Terminologies and design considerations
In the discussion that follows we will use the following terminologies:
- CGI-disabled primary server: The server in which you would like to host your home page. Thus, visitors should be visiting your page on this server and will have in their browser's address bar the URL of this server displayed. The visitors should, in general, be totally unaware of the presence of any secondary server from which the contents are being fetched. We should also take care that search-engine crawlers can discover and index the contents of this server.
- CGI-enabled secondary server: This is the server where the PHP scripts are physically hosted. In general, this should remain invisible to your visitors.
In the first glance a simple JavaScript-based HttpRequest
may appear to do the trick. However there are quite a few considerations that need to be made:
- Most secure browsers do not allow cross-domain HttpRequest. In general we will assume that the CGI-disabled primary server and the CGI-enabled secondary server are serving different domains. So we need to employ a different trick.
- Although we will use AJAX-based approaches for fetching and displaying the contents, we would like to be able to provide a visitor/client an unique URL for each page. The way we will achieve that is by using hash fragments (the contents following the '#' in the address bar of the browser).
- The content fetched from the CGI-enabled secondary server may contain URLs to its own domain. Those need to be changed and converted to URLs pointing to the web-site on the CGI-disabled primary server with appropriate hash-fragment.
- We would like search engines to discover and index the URLs from the CGI-disabled primary server with appropriate hash-fragments, and not the URLs from the CGI-enabled secondary server. For this we will adopt Google's recently introduced AJAX-crawling standards (see https://developers.google.com/webmasters/ajax-crawling/docs/getting-started for details).