I have a question regarding the (relaxed) browser security of app.js as i have read somewhere in documentation (i tried searching for it but could not find it). I do see that there is an option that can be set here:
https://github.com/appjs/appjs/blob/master/docs/index.md
I have started building a desktop application using adobe AIR using Starling and Feathers UI because the service i am building the app for (Pinboard) does not have CORS enabled and will not do so in the future (see this google group chat about it). However, i would like to start with (node-webkit / App.js / similar HTML5 desktop framework) as well, just to see how that goes (and also i believe that building good transitional interfaces is a lot easier and faster in HTML5 nowadays).
My generalized question is: will app.js and other HTML5 desktop application frameworks allow me to circumvent CORS requirements? I am trying to find more concrete information about the browser security settings but i can not find it. Any pointer to such information (of different desktop application frameworks) will be greatly appreciated!
Michael
On the "server" side of your app, you are running Node.js, which does not enforce any CORS restrictions. That's a browser thing, Node.js is just a JavaScript runtime.
On the client side of your app though, you might suffer from CORS, that depends on the runtime/framework and I couldn't find anything about App.js either. But you could simply proxy requests to Pinboard through the server side, which would work around all CORS issues. There are a quite a few proxy servers for Node.js that could be used for this purpose, like node-http-proxy.
Related
Just have a question about apps that are uploaded on the Windows Store, Andriod Store, and Apple Store. I have never built an App before for any of the three stores, but the Multi Hybrid Extension for Visual Studio seems to be a great start to cover all three Platforms.
How do I protect my code for apps that are uploaded to the three stores? The core development for the Apache Cordova extension is done in HTML5 and Javascript. On a regular HTML / Javascript website, the end user can simply right click and View Source of the page and see all the code I've written.
My question is, how is this protected for apps that are uploaded to the app store? Will someone be able to reverse engineer my application and get the code and simply re-sell it?
Thank you all for your time
You want to, develop once, deploy many. Then, you’ll want to use HTML5 to do it.
You can use Apache Cordova directly, but you’ll want to use a service like Telerik AppBuilder, Adobe Phonegap or Intel XDK.
Regarding your question, your best bet is to use a good JavaScript source code obfuscation service to protect your sources before publishing. There is no such thing as a 100% full proof solution when it comes to JavaScript obfuscation, but professional tools such as JScrambler can take you a long way. At least JScrambler I know that it supports Mobile and HTML5, which is good because they make sure the resulting code is compliant.
There are other tools, even free ones. But be careful though, there are tons of other tools that do obfuscation, encoding/packing or minfication that seem to provide protection, but are reversed in a few minutes. So, unless you really know how to tell the difference, I recommend that you rely on a professional service.
I am a web and iOS developer. On mobile we have famous tools to collect all the exceptions and errors that application thorws.
There's Crashlytics (and others) that with few lines of code to install the sdk, start tracking everything automatically. Then them display the error and useful informations on their website with priority and other stats.
Exists something like that for web applications? Or explicitly for php or js apps?
Thanks ;)
There's was a great discussion on this topic by Paul Irish on Google+ https://plus.google.com/+PaulIrish/posts/12BVL5exFJn (No longer available after Google+ closed). But here is the summary of that post.
Some of the services mentioned:
bugsense.com
jslogger.com
qbaka.com
muscula.com
errorception.com
exceptionhub.com
bugsnag.com
exceptional.io
airbrake.io
getsentry.com
github.com/Offbeatmammal/jsErrLog - open source
github.com/occ/TraceKit - most comprehensive stacktrace library
www.exceptional.io is exactly what you're asking for. It costs $9 per month after a free trial.
Integration with PHP is done by including a wrapper and a couple of lines of code:
https://github.com/ankane/exceptional-php/
It can also be integrated with javascript with a couple of lines:
<script type="text/javascript" src="http://js.exceptional.io/exceptional.js"></script>
<script type="text/javascript">
Exceptional.setKey('your_api_key');
</script>
Another option is New Relic, although it does a lot more than purely error logging - it provides all kinds of server monitoring metrics.
https://docs.newrelic.com/docs/applications-menu/errors-dashboard
Future users may find following useful.
Sentry is a Crashlytics like solution for lots of platforms
Web front-ends and their frameworks / libraries like React, Angular, Vue.
Back-ends languages and their runtimes / frameworks / libraries like Rails, Express, Lavarel.
Serverless platforms
IoT
Mobile clients including frameworks like React Native, Flutter.
Desktop platforms ex: MacOS, Windows, Linux
Gaming platforms ex: Unity, Unreal
Data
In addition to error reporting it also support performance monitoring.
More than anything it is a fully open sourced product including the both client and the server, not just opensource core. So it can be fully self hosted.
Note : I am not affiliated with Sentry in anyway.
There is a javascript code residing in my Android app's webkit container. This code makes use of WebSockets to communicate with the server. The same JS code works in other platforms such as iOS, but in Android 2.3, it doesn't. I read somewhere that the webkit in Android does not support WebSockets, and support will come only in Jelly Bean onwards.
In view of this, I need to provide a wrapper from the native layer (in Java) making use of plain sockets. From the little I know about sockets, it seems straightforward to support the usual APIs such as open(), send(), receive(), etc.
Is there anything else I need to know that the WebSocket protocol needs, which I will need to provide from the wrapper code? After all, the server talks to the client (my android app) as if it is a WebSocket, and not a native socket.
Some notes to consider: a) I cannot make use of any third-party library - it will have to be developed in-house. b) There will not be any binary data transferred; only text.
Thanks,
Rajath
Websockets are not raw sockets, they require an initial handshake then simple per-message framing. See the protocol spec for details. The sections on handshake and data framing will be most relevant.
I know you said you can't use third party libraries but be aware that projects like Java-Websocket might be interesting to you. It's liberally licensed so suitable for inclusion in any closed source app. Or you might find it useful as a reference while debugging your own code.
I was asked to provide a tablet application with HTML5/JS/CSS which does not have dependency on any platform. Requirements:
Cross-platform mobile/tablet application
Offline capability and Storage (it should work in lack of internet connectivity and be able to synch after get connected)
Real-time data (it should be able to show any small changes from sensor values)
I should be able to connect to a CAN interface and get sensor values and ECU data. Because I have not come up with any solution for this part, I am thinking about Bluetooth. However, HTML5 doesn't support Bluetooth.
I'd appreciate to give me some vision if HTML5/JS/CSS can deal with this requirements (especially with Bluetooth)
Another question is that is it possible not to use any frameworks such as PhoneGap, RHoMobile, .... and just develop cross-platform app with raw HTML5/CSS/JS and have all requirements?
Have you looked in to PhoneGap / Cordova yet?
You can easily create cross-platform mobile applications using HTML5, JS and CSS.
http://phonegap.com
The built-in API provides access to most of the device's native features and functions. You can manage offline storage using localStorage or SQLite databases, and can detect network connectivity statuses to determine if you are offline / online and what level of connection you have (Edge, 3G, 4G, WiFi). With a combination of those, you could manage your data synchronisation.
As for bluetooth, the PhoneGap API doesn't support it out of the box, but it is highly extensible so developers can create their own plugins for missing or required functionality.
The community is awesome and many of the plugins have been compiled into a central repository on GitHub: https://github.com/phonegap/phonegap-plugins
I know that there is a Bluetooth plugin for Android available on that repository.
You can also write your own plugins quite easily to add any extra features that you need:
http://www.adobe.com/devnet/html5/articles/extending-phonegap-with-native-plugins-for-android.html
http://www.adobe.com/devnet/html5/articles/extending-phonegap-with-native-plugins-for-ios.html
** EDIT **
You posted an amendment to the question afterI'd written this answer mentioning PhoneGap. The honest answer is no, without a framework that interacts with the native device functionality, raw HTML5, CSS and JS would not be able to deal with bluetooth etc.
No, you cannot. A pure web application is not able, and will likely never be able, to use bluetooth.
HTML5 Bluetooth and Audio
Having developed a Web App before, I can tell you that anything involving offline has to be simple, and using device hardware is out.
Check out the frameworks, you may be able to get something to work. But it may just be a better/more realistic bet to develop a Native Application from the get go.
After a lot of searching I came up with MoSync which is a cross-platform SDK and is intended for developing different mobile applications. I believe MoSync can be the best answer for this question since it is really a rich SDK (C, C++, HTML, JavaScript) and has great tools and community that try their best to help you.
For further information I encourage developers to check here or visit their websites.
Most of the future mobile apps will be developed using HTML5. HTML5 standards are getting adopted very rapidly and those standards are supporting phone features like GPS, Accelerometer, Camera, Storage etc.
I will recommend you to use PhoneGap if you want to use any device features.
I am looking for Titanium Appcelerator alternatives for Desktop application development with HTML and JavaScript. I want to convert a web app to a desktop application. Hence, there will be a lot of server interaction. Appcelerator was a good choice, but it looks like the company is no longer interested in the Desktop SDK. Also, ajax request from Appcelerator does not retain cookies.
I read that Adobe Air can be used for desktop app development, but I don't want to use flash.
How good is XULRunner? Will it allow features like Growl notificaiton and creating tray icons?
Will I be able to develop applications using mostly Javascript and HTML in Qt?
I started looking into Titanium for desktop dev. I liked the concept but not the implementation. I then stumbled upon chromiumembedded and have been mostly very happy with it. It's basically a web browser control based on chromium.
http://code.google.com/p/chromiumembedded/
It's written in C++ so you can do all the low level OS stuff you want(Growl, tray icons, local file access, com ports, etc) in your container app, and then all the application logic and gui in html/javascript. It allows you to intercept any http request to either serve local resources or perform some custom action. For example, a request to http://localapp.com/SetTrayIconState?state=active could be intercepted by the container and then call the C++ function to update the tray icon.
It also allows you to create functions that can be called directly from javascript.
My biggest challenge has been debuging. It's very difficult to debug javascript directly in CEF. There's no support for anything like Firebug that I am aware of.
Appjs (appjs.org) looks very promising.
You could also check Bowline which is another alternative: http://bowlineapp.com/.
Although it's not officially intended for general-purpose use, a number of people have had success using brackets-shell for HTML/JS desktop apps. It embeds Chromium (CEF) and adds APIs for menu bar management and file IO. It also embeds an instance of Node.js so you get access to all its APIs for launching processes, etc. It's MIT-licensed and available for Mac & Win, with a Linux version currently making rapid progress.
As I mentioned, it's not officially a general-purpose app shell, but someone wrote a detailed blog post about how to customize brackets-shell for your own uses.
I notice that the other answer about Titanum says CEF is hard to debug. I'm not sure if that's true in Titanium, but in brackets-shell it's easy to debug JS – you just open http://localhost:9234/ to load a full instance of the Chrome Developer Tools (including breakpoints, profiling, etc.).
TideSDK is a continuation of the old Titanium desktop http://www.tidesdk.org/