Connecting two Meteor 1.3 applications using DDP

0
votes

I have two apps: site and admin. I need admin to subscribe to one one of sites publications with DDP. I can't find any recent articles or questions about this and nothing works. I've pretty much removed all protections against XSS with no success. Here is my code:

in site/server/startup.js

BrowserPolicy.content.allowSameOriginForAll("*");
BrowserPolicy.content.allowDataUrlForAll("*");
BrowserPolicy.content.allowOriginForAll("*");

in site/server/publications.js

Meteor.publish('asdf', function(){
    var self = this;
    self.added( "asdf", 'asdfasdfasdflLO', {"TEST","DATA"} );
    self.added('gallery', new Mongo.ObjectID("572b9503d338f74c4700bbbb"), {
        "uuid" : "566caf28-da7b-45d7-ad4a-523aba983cb3",
        "name" : "TEST GALLERY",
        "description" : "THIS IS A TEST",
        "order" : 0,
        "id" : 1
    });
    console.log("SUBSCRIPTION READY");

    self.ready();
    self.onStop(function(){console.log("SUBSCRIPTION STOPPED");
    })
});

in admin/server/startup.js

BrowserPolicy.content.allowSameOriginForAll("*");
BrowserPolicy.content.allowDataUrlForAll("*");
BrowserPolicy.content.allowOriginForAll("*");

in admin/lib/...../connections.js

import { DDP } from 'meteor/ddp-client' // behaves identically with or without this line

 SiteConnection = DDP.connect(Meteor.settings.public.site.rootUrl);

in admin/client/……./page.js

Template.page.onCreated(function(){
    console.log("created");

    FromSite = new Meteor.Collection();

    SiteConnection.subscribe('asdf', function() {
        console.log('Data list starts here:');
        FromSite.find().forEach(function(data){console.log(data)});
        Galleries.find().forEach(function(data){console.log(data)});
    });
});

When the admin page is visited, site logs SUBSCRIPTION READY but never sends any data.

On the other hand, when site subscribes to asdf itself, my DDP logger produces the following browser console output:

enter image description here

with this in mind we know:

  • the publication works
  • we are connecting to the correct URL

Why isn't admin getting any data? Thanks in advance

* UPDATE *

Headers from both site and admin:

$curl -I https://www.site-local.com/
HTTP/1.1 200 OK
Server: nginx/1.4.6 (Ubuntu)
Date: Mon, 09 May 2016 20:17:18 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
vary: Accept-Encoding
x-content-type-options: nosniff
access-control-allow-origin: *
x-frame-options: SAMEORIGIN
content-security-policy: default-src 'self' data: http://* https://*; script-src 'self' 'unsafe-inline' data: http://* https://*; connect-src * 'self' data: http://* https://*; img-src data: 'self' http://* https://*; style-src 'self' 'unsafe-inline' data: http://* https://*;

As one can see here: connect-src * 'self', the app is open to connecting with any domain via websockets. Hope this helps narrow down the issue.

1
javascriptnode.jsmeteorcross-domainddp

1 Answers

0
votes
FromSite = new Meteor.Collection();

This line doesn't define the collection or the connection that the collection relates to. Although it also looks like you have confused the situation a little bit. There is not cross site data transfer here. This isn't even needed:

SiteConnection = DDP.connect(Meteor.settings.public.site.rootUrl);

The problem is that your meteor collection on the client side doesn't describe the collection it refers to - what you need is this:

Template.page.onCreated(function(){
    console.log("created");

    FromSite = new Meteor.Collection('asdf');

    Meteor.subscribe('asdf', function() {
        console.log('Data list starts here:');
        FromSite.find().forEach(function(data){console.log(data)});
        Galleries.find().forEach(function(data){console.log(data)});
    });
});

Notice the changes on line 4 and 6

If I am not mistaken SiteConnection appears to just make a second connection to the default Meteor server.