Access-Control-Allow-Origin.

[Ian Tearle]

I am trying to query whether a user is logged in by using the following function:

function getCurrentUser() {

sdk.sendRequest('users/show/me.json', 'GET', null, false, callback);

function callback(data) {

if(data) {

if(data.meta) {

var meta = data.meta;

if(meta.status == 'ok' && meta.code == 200 && meta.method_name == 'showMe') {

var message = '';

var user = data.response.users[0];

message += 'Get user profile successful!\n';

message += 'id:' + user.id + '\n';

message += 'first name:' + user.first_name + '\n';

message += 'last name:' + user.last_name + '\n';

message += 'email:' + user.email + '\n';

alert(message);

} else {

alert('No user');

}

}

} else {

alert('No user');

}

}

}

Unfortunately all I am getting is the following error:

XMLHttpRequest cannot load http://api.cocoafish.com/v1/users/show/me.json?key=ADH8AxAMeUEKijj06SBJgewvOSIWnIBl&_session_id=f5oPNtJOK9lK94Wx1kVOZbFk90E. Origin http://heritage-app.com is not allowed by Access-Control-Allow-Origin.

I cannot find anywhere I need to add the domain into an allow access. And other functions interactions are working. I.e. I can seemingly login and logout. What puzzles me is if I am logged out, why is a session_id being passed in the url? Should the SDK not remove the session on logout?

[Wei Kong]

Hi Ian,

Our server returns 401 error if the user is not logged in which can trigger a login dialog on the web browser.  can you please try

sdk.sendRequest('users/show/me.json', 'GET', {suppress_response_codes: true}, false, function(data) {

the suppress_response_codes will always 200 in http header instead.

Thanks,
Wei

Ian Tearle

March 7, 2012 9:05 AM

[Ian Tearle]

Hi Wei,

Doesn't seem to make any difference, I am still getting the same Access-Control-Allow-Orgin failure:

XMLHttpRequest cannot load https://api.cocoafish.com/v1/users/show/me.json?key=ADH8AxAMeUEKijj06SBJgewvOSIWnIBl&suppress_response_codes=true. Origin http://heritage-app.com is not allowed by Access-Control-Allow-Origin.

Is there no Session.json? - I believe that is how twitter handle it?

[Wei Kong]

Hi Ian,

If you don't mind, can you please send us a copy of your code to in...@cocoafish.com?

Thanks,
Wei

Ian Tearle

March 8, 2012 1:40 AM

Hi Wei,

Doesn't seem to make any difference, I am still getting the same Access-Control-Allow-Orgin failure:

XMLHttpRequest cannot load https://api.cocoafish.com/v1/users/show/me.json?key=ADH8AxAMeUEKijj06SBJgewvOSIWnIBl&suppress_response_codes=true. Origin http://heritage-app.com is not allowed by Access-Control-Allow-Origin.

Is there no Session.json? - I believe that is how twitter handle it?

On Wednesday, 7 March 2012 19:28:41 UTC, Wei Kong wrote:

Wei Kong

March 7, 2012 11:28 AM

[Wei Kong]

Hi Ian,

Also, what is the domain you are using to test your js/html code?

Wei

Ian Tearle

March 8, 2012 1:40 AM

Hi Wei,

Doesn't seem to make any difference, I am still getting the same Access-Control-Allow-Orgin failure:

XMLHttpRequest cannot load https://api.cocoafish.com/v1/users/show/me.json?key=ADH8AxAMeUEKijj06SBJgewvOSIWnIBl&suppress_response_codes=true. Origin http://heritage-app.com is not allowed by Access-Control-Allow-Origin.

Is there no Session.json? - I believe that is how twitter handle it?

On Wednesday, 7 March 2012 19:28:41 UTC, Wei Kong wrote:

Wei Kong

March 7, 2012 11:28 AM

[Wei Kong]

Hi,

It is fixed now. Now you will get

{
  "meta": {
    "status":"fail",
    "code":401,
    "message":"You need to sign in or sign up before continuing."
  }
}

if user is not logged in.

Wei

-- 
Wei Kong
Sent with Sparrow