Cross-origin XHR in packaged apps

Showing 1-7 of 7 messages
Cross-origin XHR in packaged apps Fred Wenzel 11/13/12 10:29 AM
Hey there Gaia devs,

Is there a way to do for cross-origin requests (in this case, audio file
downloads) in packaged apps?

tofumatt and I are prototyping a podcasts app, i.e., a feed reader
that'll download podcasts and keep them around for your offline
listening pleasure.

There are some interesting problems in there (for example, perhaps
keeping the downloads in an indexeddb) but what's bafflingly complicated
is actually downloading the files.

I can drop the remote audio file into an audio tag but then I can't get
to it to store it for later, offline use. So I tried to access the file
via XHR, but that seems to fail due to cross-origin restrictions
(obviously in a website, not so obviously in a packaged app, too).

Implementing a server-side proxy to go with my packaged app for the sole
reason of circumventing cross-origin restrictions doesn't sound like a
good solution to this problem.

Am I missing something?

Thanks,
Fred

Re: Cross-origin XHR in packaged apps Vivien 11/13/12 10:32 AM
On 13/11/2012 19:28, Fred Wenzel wrote:
> Hey there Gaia devs,
>
> Is there a way to do for cross-origin requests (in this case, audio
> file downloads) in packaged apps?
>

Your applications needs to have extended privileges (so needs to be
certified) and then it needs to have the systemXHR permission.
https://github.com/mozilla-b2g/gaia/blob/master/apps/browser/manifest.webapp#L12

Then when you do a request you need to add a special attribute:
https://github.com/mozilla-b2g/gaia/blob/master/apps/browser/js/places.js#L125

Vivien.

> tofumatt and I are prototyping a podcasts app, i.e., a feed reader
> that'll download podcasts and keep them around for your offline
> listening pleasure.
>
> There are some interesting problems in there (for example, perhaps
> keeping the downloads in an indexeddb) but what's bafflingly
> complicated is actually downloading the files.
>
> I can drop the remote audio file into an audio tag but then I can't
> get to it to store it for later, offline use. So I tried to access the
> file via XHR, but that seems to fail due to cross-origin restrictions
> (obviously in a website, not so obviously in a packaged app, too).
>
> Implementing a server-side proxy to go with my packaged app for the
> sole reason of circumventing cross-origin restrictions doesn't sound
> like a good solution to this problem.
>
> Am I missing something?
>
> Thanks,
> Fred
>
> _______________________________________________
> dev-gaia mailing list
> dev-...@lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-gaia

Re: Cross-origin XHR in packaged apps Fred Wenzel 11/13/12 10:40 AM
Thank for pointing this out, that's very helpful.

Why is this API certified (rather than just privileged)? I imagine this
is something that apps will need to use frequently.

~F
Re: Cross-origin XHR in packaged apps Vivien 11/13/12 10:43 AM
On 13/11/2012 19:40, Fred Wenzel wrote:
> Thank for pointing this out, that's very helpful.
>
> Why is this API certified (rather than just privileged)? I imagine
> this is something that apps will need to use frequently.
>
It could be privileged only. I don't remember.

Vivien.
Re: Cross-origin XHR in packaged apps ptheriault 11/13/12 12:02 PM
The discussion in the original bug was to allow privileged and certified apps access to this:
https://bugzilla.mozilla.org/show_bug.cgi?id=692677

But currently the permissions installer will not install it for a privileged app, only a certified app.
https://mxr.mozilla.org/mozilla-central/source/dom/apps/src/PermissionsInstaller.jsm#216

Not sure how you are developing, but one option is to put your app in the test_apps directory in gaia,  set the app_type field in the manifest to 'certified' and build with make instead of installing the app via navigator.mozApps.install - this will allow you to build a certified app (or it did the last time I tested)

I'll raise a bug to gain privileged access since I am pretty sure that was the plan.
Re: Cross-origin XHR in packaged apps Fred Wenzel 11/13/12 12:28 PM
Thanks, please CC me on the bug.

I am developing with the Firefox OS Simulator, so I will have to try if
that works with certified apps (for now, until the privilege level is
fixed).

Fred
Re: Cross-origin XHR in packaged apps Jim Porter 11/13/12 6:28 PM
On 11/13/2012 12:28 PM, Fred Wenzel wrote:
> Is there a way to do for cross-origin requests (in this case, audio file
> downloads) in packaged apps?

Yes. You'll need the "systemXHR" permission for your app, and then you
need to create your XHRs like so:

   var xhr = new XMLHttpRequest({mozSystem: true});

You can look at the email app for more details.

- Jim