[Developers] example mqlwrite using javascript

Jack Alves jack.alves at gmail.com
Fri Mar 20 01:00:39 UTC 2009 

For my use case I can hard code user name and password. Is there a trick I
can due with something like Jaxer server-side javascript? Or do I need to
use another language like python on a server?



2009/3/19 Alec Flett <alecf at metaweb.com>

> Short answer: you can't do it from pages not on freebase.com
>
> Long answer:
>
> Writes are done http POST - but freebase.com actually restricts POSTs to
> those containing the header "X-Metaweb-Request" The trick there is that the
> only way to alter headers in a request is to use XMLHttpRequest, and you
> can't make XMLHttpRequest calls across domain names.
>
> This is one of those unfortunate aspects of the overall browser / domain
> security architecture. If we didn't require that header, then any arbitrary,
> malicious web page could do a form POST and it would be done as whoever is
> logged in... i.e. I could say
>
> <html onload="forms[0].submit()">
>   <form name="foo" method="POST" target="
> http://www.freebase.com/api/service/mqlwrite">
>     <input type="hidden" name="queries" value="{"query": {"id":
> "/en/david_bowie", "name": {"value": "Bowie Sucks", "connect": "update",
> "lang": "/lang/en"}">
>   </form>
>
>   Welcome, naive user, I just defaced freebase.com on your behalf!
> </html>
>
> Because of the header restriction, this will fail if you try this today.
>
> Alec
>
> On Mar 18, 2009, at 12:41 PM, Jack Alves wrote:
>
> Can anyone point me to a javascript example of a mqlwrite. I'm doing reads
> with the following jquery call. I can't figure out what to do for writes.
>
>     $.ajax({
>         url: 'http://www.freebase.com/api/service/mqlread',
>         dataType: "jsonp",
>         cache: true,
>         success: mqlread_cb,
>         data: { queries: query }
>     });
>
> thanks
>
> jack
> _______________________________________________
> Developers mailing list
> Developers at freebase.com
> http://lists.freebase.com/mailman/listinfo/developers
>
>
>
> _______________________________________________
> Developers mailing list
> Developers at freebase.com
> http://lists.freebase.com/mailman/listinfo/developers
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freebase.com/pipermail/developers/attachments/20090319/42c7fc1c/attachment.htm

More information about the Developers mailing list