AJAX with different origin

Get help using Construct 2

Post » Tue Jun 25, 2013 4:46 pm

Hi all,

So coming from a web dev background, I'd simply load any external JSON with server side code, as the server would be essential to displaying the content anyway.

With a mobile game though, it seems overkill to have to rely on the game calling both the proxy server and the content provider to retrieve the content. I can't request straight from the content provider because of same-origin policy.

I hear the term JSONP thrown around to bypass this. Would that be a viable solution for a Construct 2 game, or would I just run into more mobile issues?

Thanks!
Moderator
B
72
S
13
G
11
Posts: 900
Reputation: 11,850

Post » Tue Jun 25, 2013 9:42 pm

Haven't you tried to make a PHP page with Cross domain? I got working AJAX requests in mobiles including CocoonJS
B
91
S
31
G
29
Posts: 3,129
Reputation: 27,789

Post » Tue Jun 25, 2013 10:34 pm

I have, and that works fine. It just feels like a waste of resources polling a server that requests a third party api. Is there a way to circumvent that?
Moderator
B
72
S
13
G
11
Posts: 900
Reputation: 11,850

Post » Tue Jun 25, 2013 10:58 pm

I had that problem before with a userscript pulling datas from host I didn't own. I used YQL, an API you can pull data from by sending a GET request in an SQL style, the database being the web. Of course it accepts cross domain. It's a little slow sometimes though, but it gets the job done. A trick can let you query with post data too.
B
17
S
8
G
4
Posts: 461
Reputation: 6,077

Post » Wed Jun 26, 2013 12:46 pm

You should contact whoever runs the server where you want to directly retrieve data, and ask them to set up CORS (specifically, the Access-Control-Allow-Origin HTTP header). If you can't reach them or they don't want to do that, then a middle server that ignores the security limitation is the only way around it!
Scirra Founder
B
378
S
219
G
84
Posts: 23,854
Reputation: 187,841

Post » Fri Jun 28, 2013 10:46 am

Thanks @Ashley I got it working :)
Moderator
B
72
S
13
G
11
Posts: 900
Reputation: 11,850

Post » Fri Jul 05, 2013 1:31 pm

@Ashley I revisited this and built a reverse geocoding plugin using the Bing maps API, plus a weather retrieval plugin using the forecast.io API.

In the end I did it with JSONP - it didn't require CORS or a middle server. I can understand the security concerns with JSONP exposing an API key, but as this is designed as a Tizen/FirefoxOS/Blackberry app, are there any implications?

You know a lot more about this so I'm hesitant to just roll with it.

Cheers!thehen2013-07-05 13:32:33
Moderator
B
72
S
13
G
11
Posts: 900
Reputation: 11,850

Post » Fri Jul 05, 2013 1:43 pm

JSONP is probably fine, but it's less secure than CORS. If the server sending the JSONP got hacked or otherwise sent malicious javascript, your page will go right ahead and execute it.
Scirra Founder
B
378
S
219
G
84
Posts: 23,854
Reputation: 187,841

Post » Fri Jul 05, 2013 2:51 pm

@Ashley okay thanks, that's good to know!
Moderator
B
72
S
13
G
11
Posts: 900
Reputation: 11,850

Post » Wed Sep 18, 2013 12:29 am

I'm very interested in importing weather data into an app but not all that savvy when it comes to using external data in C2. Is there any chance you could share some more about how you did it @thehen?
If anyone can point me to any C2 tutorials that delve into that I would greatly appreciate it.
B
24
S
4
G
3
Posts: 43
Reputation: 2,793

Next

Return to How do I....?

Who is online

Users browsing this forum: Lordshiva1948, Maako, NN81 and 10 guests