I have a few api's that require http access (non https. They don't work!)
In my rails application how would i go about changing this to make it work?
Here is what i've done so far. In my production.rb is
config.force_ssl = false
Is there anything else i can do?
Sam
Edit
Heres my ajax code, (part of it)
type: 'GET',
crossDomain: true,
dataType: 'jsonp',
url: 'URL HERE',
success: function(json) {
The url is a http, however heroku changes it to https.
Sam
Related
I am trying to log work in JIRA using the Web API :-
My data is:
var post = {};
post.commment = "Test";
post.timeSpent = "6h";
My Ajax call is:
$.ajax({
url: lv_url,
type : 'POST',
data : post,
headers: {
Accept : "application/json; charset=utf-8",
},
contentType: "application/json; charset=utf-8",
dataType : 'json',
xhrFields: {
withCredentials: true
},
async: false,
success : function(data) {
}
});
https://jiraserver.co/rest/api/2/issue/SOCOMPT-1575/worklog
"GET" call is working fine but when i try to POST i get the error:-
1) OPTIONS https://jiraserver.co/rest/api/2/issue/SOCOMPT-1575/worklog 500 (Internal Server Error)
2) XMLHttpRequest cannot load https://jiraserver.co/rest/api/2/issue/SOCOMPT-1575/worklog. Invalid HTTP status code 500
These are the 2 errors is get.
Please Help Guys i really need to get this working.
Thanks in advance,
Vishesh.
I was also strugging on this one as I kept getting HTTP 500 when trying to post to the worklog endpoint.
if you are able check the jira server logs (under logs/catalina.out)
jira seems to be very picky with the iso8601 date format
Try setting also the "started" timestamp in your payload as I believe this is required (for the API like the web UI) even if the documentation is not really clear on that.
post.started = '2015-02-25T14:01:30.000-0500';
I'm playing around with omniauth in a rails/ember app, and I'm hitting a bit of a wall with google sign in. I get presented the pop-up to allow the site to authenticate me, but after clicking accept the request bombs out:
Uncaught SecurityError: Blocked a frame with origin "https://localhost:3001" from
accessing a frame with origin "https://accounts.google.com". Protocols, domains,
and ports must match.
I'm using a self-signed cert to get HTTPS in local development, but how do I test this auth logic locally?
Coffeescript attempting to do the sign in:
$ ->
$.ajax
url: '//apis.google.com/js/client:plus.js?onload=gpAsyncInit'
dataType: 'script'
cache: true
window.gpAsyncInit = ->
$(".google-login").click (e) ->
e.preventDefault()
gapi.auth.authorize
immediate: false
response_type: "code"
client_id: "<%= ENV["GOOGLE_CLIENT_ID"] %>"
scope: "email profile"
, (response) ->
if response and not response.error
jQuery.ajax
type: "POST"
url: "/auth/google_oauth2/callback"
dataType: "json"
data: response
success: (json) ->
alert 'success!'
else
alert response.error
Try replacing localhost with a valid domain, eg. mydevserver.me.com. You can point mydevserver.me.com to 127.0.0.1 in your /etc/hosts. You will also need to add http://mydevserver.me.com/mycallback as a callback url to the Google API console
Yesterday, I was happily making API calls to SurveyMonkey from my local development machine (http://localhost:nnnn)
This morning however (after changing exactly nothing), I'm suddenly getting the following error:
XMLHttpRequest cannot load https://api.surveymonkey.net/v2/surveys/get_survey_list?api_key=xxxxxxxxxx. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:8500' is therefore not allowed access. The response had HTTP status code 596.
The code I'm using which generates this error is the following:
$.ajax({
url: 'https://api.surveymonkey.net/v2/surveys/get_survey_list?api_key=xxxxxxxxxx',
type: 'post',
contentType: 'application/json',
cache: false,
dataType: 'json',
data: JSON.stringify({
survey_id: 'nnnnnnnn',
respondent_ids: respondents //respondents is an array defined elsewhere
}),
headers:{
Authorization: 'bearer ' + local.SurveyMonkey.AccessToken,
'Content-Type': 'application/json'
},
success: function(survey, textStatus, jqXHR){
$('#SMResults').empty().append('<br />'+textStatus);
$p.fnLog(survey.data);
$p.fnLoadView('surveyView.cfm','SMResults',survey);
},
error: function(jqXHR, textStatus){
$('#SMResults').empty().append('Oh nos!! Something went wrong!');
$p.fnLog(jqXHR);
$p.fnLog('----------------------');
$p.fnLog(textStatus);
},
complete: function(jqXHR, textStatus){
$('#SMResults').append("<br /><br />We're done.");
}
});
Again, this code was working brilliantly last night. My attempts to turn this into a JSONP call failed. :(
Any idea what's going on? Why could I happily make these calls yesterday, but not today?
Thanks for reading.
UPDATE: It turns out upon further inspection of the response headers I'm getting:
X-Mashery-Error-Code: ERR_596_SERVICE_NOT_FOUND
Which is why there's not the appropriate Access-Control header in the response. Any idea what's up with Mashery? or Where I should be looking?
UPDATE 2: I'm feeling much more confident that this is a SurveyMonkey/Mashery problem. I just now visited the SurveyMonkey API Console page and it informed me that the console is experiencing a problem and that they're working to fix it.
I'm guessing that this is just a symptom of a larger problem.
In my project I have to integrate the library and parse the files presented in csv format. To access the library and get the information form that file I use $ajax as follows:
<script>
$(document).ready(function(){
$.ajax({
type: "GET",
url: "http://stats.xxx.tv/osexternal/reports/xxxxx/xxx_2014_YTD/2014-03-12.csv",
contentType: 'application/json',
dataType: 'json',
username: 'xxxx#xxxx.com',
password: 'dT$xxxx%949',
success: function (){
console.log('success');
},
error: function(jqXHR, textStatus, errorThrown) {
console.log(textStatus, errorThrown);
}
});
});
<script>
Can anyone let me know what's the wrong with this approach as I am getting cross domain problem.And please let me know any alternatives by using gems.
Thanks for your help in advance!
What you're running into appears to be a CORs issue of some kind. Things to note about CORs issues:
It is a security policy for Javascript, so it only affects calls in/from JS.
Being able to access it from the browser 'directly' doesn't have anything to do with CORs
CORS can be really irritating
Now, on how to solve it, you can try adding:
with_credentials: true to the Ajax arguments, but I have a feeling it's going to be something weirder than that... as well, since you have to include a username and password it's probably best not to expose those on the client for anyone to have...
So, what I'd do is make the call on the server (example is for a rails controller action, but the method could be used in a Sinatra app just the same) then return the CSV to the browser:
require 'net/http'
class MyController < ActionController::Base
# ...
def get_csv
uri = URI('http://stats.adap.tv/osexternal/reports/xxxxx/xxx_2014_YTD/2014-03-12.csv')
csv_request = Net::HTTP::Get.new(uri)
csv_request.basic_auth("username", "password")
csv_data = csv_request.request.body
csv
end
end
I'm assuming you are using Ruby because of your "gems" reference. Here's the doc for Net::HTTP
http://ruby-doc.org/stdlib-2.1.1/libdoc/net/http/rdoc/Net/HTTP.html
and a slightly easier to digest version:
http://www.rubyinside.com/nethttp-cheat-sheet-2940.html
In general, it'll always be easier (and safer) to have your server make a request to an external host (this is a broad generalization and there are absolutely cases where this isn't what you want). If you need to make a cross domain request I'd suggest starting with:
http://www.html5rocks.com/en/tutorials/cors/
It'll probably give you some good tips to figure out why it's not currently working.
Best,
I'm making an ajax request to an API which requires an auth token to be sent in the HTTP headers. Here's what I've got:
$.ajax({
type: 'GET',
url: 'http://foo.com/bar.json',
headers: { "Authorization": 'Token token=' + SECRET_KEY },
dataType: 'json',
...
}
Thing is I don't want SECRET_KEY to be publicly visible if someone were to view the javascript file. Can't seem to find a good workaround, but can't imagine no one else has encountered this... This request is being sent to a Rails app FWIW.