Client/Server Remoting Sample

Client/Server Remoting is performed between a Flash or JavaScript client and a Haxe Server. Clients are calling methods on the Server.

In this sample, we will see how to implement Client/Server remoting in async/unconnected mode. For this we will use the haxe.remoting.AsyncConnection.urlConnect contructor which is available on all platforms. Here's the Client.hx file, which can be compiled either in JavaScript or Flash :

class Client {
  static function display(v) {
    trace(v);
  }
  static function main() {
    var URL = "http://localhost:2000/remoting.n";
    var cnx = haxe.remoting.HttpAsyncConnection.urlConnect(URL);
    cnx.setErrorHandler( function(err) { trace("Error : "+Std.string(err)); } );
    cnx.Server.foo.call([1,2],display);
  }
}

Here's the Server code. Please note that classes can't be automatically accessed, but need first to be made available explicitly by using a Context. This way you can manage the security by only making accessible the API you want.

class Server {
  function new() { }

  function foo(x,y) { return x + y; }

  static function main() {
    var ctx = new haxe.remoting.Context();
    ctx.addObject("Server",new Server());
    if( haxe.remoting.HttpConnection.handleRequest(ctx) )
      return;
    // handle normal request
    neko.Lib.print("This is a remoting server !");
  } 
}

Compile the project using the following HXML File and setup the Neko Web Server to point to the current directory. If you navigate to http://localhost:2000/remoting.n it should display the message This is a remoting server !.

-main Client
-swf client.swf

--next

-main Server
-neko remoting.n

You can simply open the SWF or the JS compiled from Client.hx to display the traces. The client will do one Server request per call. The Server can store some persistant data in the database by using SPOD.

JS client security specifics


Please note that the html page wrapping your js client must be served from the same domain as where your server is running.
Information about this can be found here.
Also note that this means that the page can't be served directly from the file system ("file:///C:/example/path/index.html").

JS Remoting and CORS

You can use remoting across domain boundaries if you enable CORS. You need to enable the header X-Haxe-Remoting, here's an example .htaccess showing how to enable CORS:

# Enable CORS
Header set Access-Control-Allow-Origin "*"
Header set Access-Control-Allow-Methods: "GET,POST,OPTIONS,DELETE,PUT"
Header set Access-Control-Allow-Headers: X-Haxe-Remoting

Flash client security specifics


If you experience any problem see the Flash Player Security page.

Also, if you plan to access your server from swf files loaded from other domains, don't forget to set up a crossdomain.xml file on your server, enabling the X-Haxe headers.

<cross-domain-policy>
   <allow-access-from domain="*"/> <!-- or the appropriate domains -->
   <allow-http-request-headers-from domain="*" headers="X-Haxe*"/>
</cross-domain-policy>

Arguments types are not ensured

One thing that you need to be careful about is that there is no warranty of any kind that the arguments types will be respected when a method is called using Remoting. That means that even if you type the arguments of foo to Int, the client will still be able to use strings while calling the method. That can lead in some cases to security issues. If you have doubts, you can simply check the argument type when the function is called by using the Std.is method (see the Std class).

version #19790, modified 2013-09-28 01:06:45 by inkwelian