[Developers] example mqlwrite using javascript

Kurt Bollacker kurt at spaceship.com
Fri Mar 20 00:59:01 UTC 2009 

I could imagine building an acre app that does the writes for you.  It
would also handle the login process so that your page/app does not
need access to the write user's credentials.  Examples of this would
be very interesting to see.

								Kurt :-)

On Thu, Mar 19, 2009 at 05:15:59PM -0700, Alec Flett wrote:
> Short answer: you can't do it from pages not on freebase.com
> 
> Long answer:
> 
> Writes are done http POST - but freebase.com actually restricts POSTs  
> to those containing the header "X-Metaweb-Request" The trick there is  
> that the only way to alter headers in a request is to use  
> XMLHttpRequest, and you can't make XMLHttpRequest calls across domain  
> names.
> 
> This is one of those unfortunate aspects of the overall browser /  
> domain security architecture. If we didn't require that header, then  
> any arbitrary, malicious web page could do a form POST and it would be  
> done as whoever is logged in... i.e. I could say
> 
> <html onload="forms[0].submit()">
>   <form name="foo" method="POST" 
>   target="http://www.freebase.com/api/service/mqlwrite ">
>     <input type="hidden" name="queries" value="{"query": {"id": "/en/ 
> david_bowie", "name": {"value": "Bowie Sucks", "connect": "update",  
> "lang": "/lang/en"}">
>   </form>
> 
>   Welcome, naive user, I just defaced freebase.com on your behalf!
> </html>
> 
> Because of the header restriction, this will fail if you try this today.
> 
> Alec
> 
> On Mar 18, 2009, at 12:41 PM, Jack Alves wrote:
> 
> >Can anyone point me to a javascript example of a mqlwrite. I'm doing  
> >reads with the following jquery call. I can't figure out what to do  
> >for writes.
> >
> >    $.ajax({
> >        url: 'http://www.freebase.com/api/service/mqlread',
> >        dataType: "jsonp",
> >        cache: true,
> >        success: mqlread_cb,
> >        data: { queries: query }
> >    });
> >
> >thanks
> >
> >jack
> >_______________________________________________
> >Developers mailing list
> >Developers at freebase.com
> >http://lists.freebase.com/mailman/listinfo/developers
> 

> _______________________________________________
> Developers mailing list
> Developers at freebase.com
> http://lists.freebase.com/mailman/listinfo/developers

More information about the Developers mailing list