I am developing an app for the iphone.The thing is that i want to send the values of longitude and latitude i get from the phone using javascript to a server commanding it to search for something.Do i have to read about cross domain stuff? How could this be done?
I know that i can use Ajax but it can serve me if i refer to the same domain.
For example how can i do this:
$.post('http://127.0.0.1:8000/search/',{lon:30}) and have my database searched for objects that have this longitude?
I don't want to do this:
$.post('/search/',{lon:30})
I use django on the server side.
There is something called JSONP that is meant to solve this problem. You can read about it here. Its basically regular json with a callback function.
Also have a look at the below link:
http://groups.google.com/group/prototype-scriptaculous/browse_thread/thread/3f93834df24114b9/9c6596da9bedd4b2?q=#9c6596da9bedd4b2
JSONP or "serverside AJAX proxy" are your two options if the target server is in a different domain than your application.
Related
I haven't really written any javascript but am building an iOS application that will utilize JavaScriptCore's framework to read a javascript code to get a variable. What I'm looking to do is set up a GET (I think) so that I can retrieve JSON data from a url and then pull a specific string from the JSON data. Within the GET method, I'll need to add credentials and one parameter. What is the best practice to do this?
As per Rory's statement above the server you are requesting the json data from must either be on the same domain as your Application/Js code or support the CORS headers.
If the above is true, then you can either use JQUery as suggested above, or for a more minimalist approach the W3Schools has a tutorial on basic Ajax.
https://www.w3schools.com/xml/dom_httprequest.asp
Lets say there is a url out there e.g. www.website.com/data.jsp
the link has the following JSON data
{"successful":"true","rows":[{"zip":"65472","user_id":"10843","name":"Rufio"}]}
I just want to be able to extract this data at runtime however I am having a hard time getting it using getJSON
$.getJSON("test2.jsp",function(result){
$("div").append(result.rows[0].user_id + " ");
});
Now if I run it using a local file with the data residing in test2.jsp as shown above it appends the user_id. However when I try to access "www.website.com/data.jsp" instead nothing happens. I don't believe the website is configured to work with JSONP either.
I need a way to figure out how to pull this data from the website at run time. Does anyone have any solutions or workarounds?
p.s. Is this something that might need to be sorted out on the other end? The people who own the website set this scenario up to be like a fake api call like typically you would pass in parameters to get back the specific information that you would need. In the case of this endpoint or url it just returns a single record or the file just contains the data listed above. They would like me to extract the data from their url at runtime.
You can't make a normal ajax call to to this other domain due to same origin policy.
You can use JSONP to load the remote page, but looking at that example output you wouldn't be able to access the data unless the remote site is setup for JSONP (assigning the JSON to a variable, calling a callback function, etc).
You could create a server-side passthrough script of your own. You don't mention what server-side technology you have available, but if you can use PHP, you do a passthrough like this:
<?php
echo file_get_contents("http://www.website.com/data.jsp");
?>
PHP (or any other server-side language) can fetch the remote data, and now you can use ajax to call your own script (which works since you're on the same domain).
I am creating a browser extension which posts to salesforce chatter using rest api.Once I get the access_token from OAuth user agent flow,I can not make call to rest services from javascript,due tobrowser same origin policy.I do not want to use a server as proxy,since I want to make the extension purely client side.
I tried JSONP workaround,but it only works for GET,I need POST to post a feed to salesforce chatter
is there a possible way.Please suggest some work around
Maybe consider passing your call to a custom rest service in salesforce. Setup a global class with the #RestResource annotation, and then within that an doPost method to handle what you're passing, in your case to make the post.
You'll still need the Oauth step to retrieve token that is then passed in with the rest request via the Authorization : Bearer header message.
See a good post on this here https://wiki.developerforce.com/page/Creating_REST_APIs_using_Apex_REST
Since Salesforce '15 you are able to configure CORS. Therefor whitelist your app domain and you can do whatever you want. Does not solve the problem to obtain an access_token. The only approach to obtain an access_token purely by javascript is to use the User-Agent Flow since the access Token is passed as URL Part....
One option is to use site like http://www.ajax-cross-domain.com/
Here is good reference on this matter http://www.d-mueller.de/blog/cross-domain-ajax-guide/
Use jsforce, you will need a proxy due to the CORS problem, sorry.
I'm trying to connect to a webapi at a location that looks like this from inside my js jquery file.
example.com/?var=input
Is there a simpler way to do it than an ajax call?
I would use AJAX for this, but I guess you could open a hidden IFRAME with the URL set to the page you want to connect to (not sure why you would do this though!).
Maybe use a JavaScript library like JQuery to make life easier?
If the data you're trying to access is returned as JSON then you can get around the browser security problems.
Here is a JQuery example where a request is made to Flickr.com from JQuery.com:
docs.jquery.com/Ajax/jQuery.getJSON
You may be run into cross domain issues if you do it with an ajax call.
Call the web-api from serverside, it would be the most appropriate way.
Here's the problem:
1.) We have page here... www.blah.com/mypage.html
2.) That page requests a js file www.foo.com like this...
<script type="text/javascript" src="http://www.foo.com/jsfile.js" />
3.) "jsfile.js" uses Prototype to make an Ajax request back to www.foo.com.
4.) The ajax request calls www.foo.com/blah.html. The callback function gets the html response and throws it into a div.
This doesn't seem to work though, I guess it is XSS. Is that correct?
If so, how can I solve this problem? Is there any other way to get my html from www.foo.com to www.blah.com on the client without using an iframe?
It is XSS and it is forbidden. You should really not do things that way.
If you really need to, make your AJAX code call the local code (PHP, ASP, whatever) on blah.com and make it behave like client and fetch whatever you need from foo.com and return that back to the client. If you use PHP, you can do this with fopen('www.foo.com/blah.html', 'r') and then reading the contents as if it was a regular file.
Of course, allow_remote_url_fopen (or whatever it is called exactly) needs to be enabled in your php.ini.
There is a w3c proposal for allowing sites to specify other sites which are allowed to make cross site queries to them. (Wikipedia might want to allow all request for articles, say, but google mail wouldn't want to allow requests - since this might allow any website open when you are logged into google mail to read your mail).
This might be available at some point in the future.
As mentioned above JSONP is a way around this. However, the site that you are requesting the data from needs to support JSONP in order for you to use on the client. (JSONP essentially injects a script tag into the page, and provides a callback function that should be called with the results)
If the site you are making a request to does not support JSONP you will have to proxy the request on your server. As mentioned above you can do this on your own server or what I have done in the past is use a http://www.jsonpit.com, which will proxy the request for you.
One option is to implement a proxy page which takes the needed url as a parameter. e.g. http://blah.com/proxy?uri=http://foo.com/actualRequest
JSONP was partially designed to get around the problem you are having
http://ajaxian.com/archives/jsonp-json-with-padding
JQuery has it in their $.getJSON method
http://docs.jquery.com/Ajax/jQuery.getJSON
The method shown above could become a large security hole.
Suggest you verify the site name against a white list and build the actual URI being proxied on the server side.
For cross domain hits this is a good working example and now is considered as some what "standard" http://www.xml.com/pub/a/2005/12/21/json-dynamic-script-tag.html.
there are other ways as well, for eg injecting iframes with document.domain altered
http://fettig.net/weblog/2005/11/28/how-to-make-xmlhttprequest-connections-to-another-server-in-your-domain/
I still agre that the easy way is calling a proxy in same domain but then it's not truly client side WS call.