AJAX with different origin

  • Hi all,

    So coming from a web dev background, I'd simply load any external JSON with server side code, as the server would be essential to displaying the content anyway.

    With a mobile game though, it seems overkill to have to rely on the game calling both the proxy server and the content provider to retrieve the content. I can't request straight from the content provider because of same-origin policy.

    I hear the term JSONP thrown around to bypass this. Would that be a viable solution for a Construct 2 game, or would I just run into more mobile issues?

    Thanks!

  • Try Construct 3

    Develop games in your browser. Powerful, performant & highly capable.

    Try Now Construct 3 users don't see these ads
  • Haven't you tried to make a PHP page with Cross domain? I got working AJAX requests in mobiles including CocoonJS

  • I have, and that works fine. It just feels like a waste of resources polling a server that requests a third party api. Is there a way to circumvent that?

  • I had that problem before with a userscript pulling datas from host I didn't own. I used YQL, an API you can pull data from by sending a GET request in an SQL style, the database being the web. Of course it accepts cross domain. It's a little slow sometimes though, but it gets the job done. A trick can let you query with post data too.

  • You should contact whoever runs the server where you want to directly retrieve data, and ask them to set up CORS (specifically, the Access-Control-Allow-Origin HTTP header). If you can't reach them or they don't want to do that, then a middle server that ignores the security limitation is the only way around it!

  • Thanks Ashley I got it working :)

  • Ashley I revisited this and built a reverse geocoding plugin using the Bing maps API, plus a weather retrieval plugin using the forecast.io API.

    In the end I did it with JSONP - it didn't require CORS or a middle server. I can understand the security concerns with JSONP exposing an API key, but as this is designed as a Tizen/FirefoxOS/Blackberry app, are there any implications?

    You know a lot more about this so I'm hesitant to just roll with it.

    Cheers!

  • JSONP is probably fine, but it's less secure than CORS. If the server sending the JSONP got hacked or otherwise sent malicious javascript, your page will go right ahead and execute it.

  • Ashley okay thanks, that's good to know!

  • I'm very interested in importing weather data into an app but not all that savvy when it comes to using external data in C2. Is there any chance you could share some more about how you did it thehen?

    If anyone can point me to any C2 tutorials that delve into that I would greatly appreciate it.

Jump to:
Active Users
There are 1 visitors browsing this topic (0 users and 1 guests)