- This topic has 6 replies, 2 voices, and was last updated 12 years, 1 month ago by
.
-
Posts
-
Hi folks,
We have a number of projects underway with customers, some of which are fairly large enterprises. To date, we have been able to deal with the Cross Domain Scripting issue by using JSONP instead of JSON for data retrieval. However, we have run into a customer that is unable to switch their JSON based webservice to JSONP. We anticipate that we will run into additional projects where we were not responsible for writing the backend webservice and the customer is unable or unwilling to implement JSONP. This raises a couple of questions:
1) Do you have any suggestions for a current work around to enable cross domain JSON calls? (YQL is good for testing, but not an enterprise, permanent solution)
2) Do you have a future strategy to implement the ability to make xhr calls other than with the browser object, so as to eliminate the restriction preventing JSON from working?
We have looked at some competing tools that do not have this issue due to their use of native SDK’s, however, their cross platform capability is limited because of this. We think a lot of the MobiOne tool, and would like to find a solution to this so that we do not need to move away from it.Regards
Good questions.
Can you share some more background info:
1) What is your deployment target(s), e.g., navtive app, webapp, both?
2) Are cross-domain issues experience in the Test Center, your app on device, both?
3) Is your cross-domain issue resulting from loading webapp from website-1 and then making ajax calls or form submission to website-2?
– if yes, is website-1 the mobione app center or other site?4) can you share some details about the non-origin site that ajax/form-submits is failing?
– can it be modified to include a CORS header as an alternative to jsonpHi Wayne,
Yes, here are some more specifics below:
1) What is your deployment target(s), e.g., navtive app, webapp, both? – We are targeting native applications. If we were going to use webapps, we could likely get around this by loading the webpage from the same domain as the webservice, but we are definitely targeting native apps.
2) Are cross-domain issues experience in the Test Center, your app on device, both? – Our testing so far has shown the issue in both Test Center and in the actual app, however, testing has been brief on the installed app. If you believe the behavior on this topic to be different between Test Center and the installed app, it probably warrants more testing.
3) Is your cross-domain issue resulting from loading webapp from website-1 and then making ajax calls or form submission to website-2? – In our typical scenario, we are loading the webservice on domain/webserver-1 and loading the MobiOne app from Test Center or installed on the device. I think your question is our situation, but maybe reversed from my answer? Here are more specifics:
a) Webservice running on Microsoft based servers called https://adapter.somedomain.com/getService
b) this service returns JSON, here is an example: [{“Name”:”CAN”},{“Name”:”FMS”}]
c) Our MobiOne app uses an AJAX call to request this service but fails
d) if we change the response to JSONP, everything works. For example the above would be changed to: cbfunc([{“Name”:”CAN”},{“Name”:”FMS”}])
– if yes, is website-1 the mobione app center or other site?Does this help?
Thanks for the quick follow up.
Based on #2 , cross domain restrictions should not apply to native applications, only webapps loaded from a site. When using the Test Center to test your app in webapp form consider disabling web security from the Test Center toolbar to avoid cross origin failures.
I have a simple example project that we can share if needed that demonstrates accessing a public site via ajax request with no cross origin restrictions from a native app.
Hi Wayne,
Thanks for the quick reply. Yes, if we could review the example file, that would be helpful. If I am to understand your response below, we should test all the way to the native app on the device, and any testing done in Test Center should have web security disabled.
Thanks,
>If I am to understand your response below, we should test all the way to the native app on the device, and any testing done in Test Center should have web security disabled.
Exactly! That is the process I/we follow when developing apps that integrate 3rd party services.
