Authenticated Raplet Being Removed

14 views
Skip to first unread message

cwpollock

unread,
Feb 4, 2011, 8:20:55 AM2/4/11
to Raplet developer discussion list
My raplet page is behind authentication and as long as the user is
logged into the crm system, it accesses the raplet just fine and
displays the information in gmail as expected. What I'm finding is
that when the person logs out, not only does the information not
display, the raplet disappears as a custom raplet. I'm assuming this
is part of the rapportive framework to disable non-accessible
raplets.

Is this what is causing my raplet to disappear?

If it is, perhaps you could include a meta option that would allow a
raplet to remain active, even if the user is not logged in. The
raplet option could even include a section of html to be shown if the
user isn't logged in (so they could be promted to do so).

I think this would give a level of security beyond the API KEY option
that you mention in the documentation.

Martin Kleppmann

unread,
Feb 4, 2011, 1:05:21 PM2/4/11
to raple...@googlegroups.com
Hi Chris,

Thanks for your email!

I'm a bit surprised about the behaviour you're seeing. We don't remove
a raplet automatically, even if it is failing; currently the only way
to remove a raplet is to click the 'remove' button on
rapportive.com/raplets.

If you're logged out, it's fine for the raplet to return a bit of HTML
asking the user to log in (with a link to the login page). As long as
that comes in a valid JSONP response, it should be rendered as usual.
So if you're not seeing anything appear when logged out, my first
suggestion would be to check whether the raplet is still returning a
valid JSONP response. (You can open the Chome developer tool or
Firebug to inspect the responses from your raplet endpoint.)

Does that help?

Best,
Martin

--
Martin Kleppmann
Co-founder, Rapportive
http://rapportive.com

> --
> You received this message because you are subscribed to the Google
> Groups "Raplet developer discussion list" group.
> To post to this group, send email to raple...@googlegroups.com
> To unsubscribe from this group, send email to
> raplet-dev+...@googlegroups.com
> For more options, visit this group at
> http://groups.google.com/group/raplet-dev?hl=en
>

Chris Pollock

unread,
Feb 4, 2011, 1:08:24 PM2/4/11
to raple...@googlegroups.com
When it's logged out, it DOES NOT, return a valid raplet response, is that what is causing it to be dropped?  When the user isn't logged in, it can't reach the code on that page.  

Martin Kleppmann

unread,
Feb 4, 2011, 1:19:37 PM2/4/11
to raple...@googlegroups.com
Hi Chris,

Yes, because of the way that JSONP works, if your response doesn't
have the JSONP format, we unfortunately have no way of detecting it.
That is a deliberate security feature in browsers. By formatting your
response as JSONP, you're explicitly saying that it's ok for another
domain (in this case, mail.google.com) to see the response.

Fortunately the raplet isn't actually getting dropped; it just has no
way of showing your content. As soon as your server starts returning
valid JSONP responses again, it will reappear. Does that make sense?

By the way, I should have explained this better: when you're logged
out of Rapportive, we show no raplets at all (because raplets are
stored on your user account and shouldn't be accessible unless you
have authorised). However, as soon as you log in to Rapportive, all
raplets should appear again as normal.

Best,
Martin


--
Martin Kleppmann
Co-founder, Rapportive
http://rapportive.com

Chris Pollock

unread,
Feb 4, 2011, 1:44:59 PM2/4/11
to raple...@googlegroups.com
Weird.. Ok it happened to me twice, but when I tried it now, I can't seem to repeat the issue.  I guess I'll keep testing it and let you know. 
Reply all
Reply to author
Forward
0 new messages