Post_url returned data

alexschreyer

Hi All,

Does anyone know of a way to capture returned data from a post_url operation? This is something I came across in my Sketchfab uploader plugin and I can't figure out how to get around it. In short:

I send some JSON data to an API via post_url:

dlg.post_url("https://api.sketchfab.com/model","somedata")

This prompts some returned data like the following, which I would like to capture for display:

{"success": false, "error": "bad api call"}

Since post_url doesn't return anything, I get on Windows IE trying to save a download and on the Mac this string replacing my WebDialog's content. Would be so much better if I could assign the post-url result to a variable.

Cheers,
Alex

Dan Rathbun

You might check out the standard Ruby libraries CGI and those classes wrapped in Net that begin with HTTP... (such as Net::HTTPResponce)

BTW .. did you use UI::WebDialog#allow_actions_from_host() ?

alexschreyer

Is there an easy way to call the Net functions without having full Ruby installed? I thought that was a requirement. Would be best if I could use them, though.

It doesn't seem to make any difference in functionality if I use allow_actions_from_host...

Cheers,
Alex

Jim

You can do a POST request using an XmlHttpRequest object from inside your webdialog.

Or if you are using jQuery, use jQuery.post()

alexschreyer

I tried Ajax via jquery before. The problem was that I was moving a lot of data (a base64 encoded model) from Ruby to jQuery and somehow even the Ajax post function in jquery would only send the request as a get request. In any case, I wanted to keep the data on the ruby side and sending it using post_url makes sense for efficiency but unfortunately the function doesn't know what to do with the returned data.

I already filed a FR for this but I thought you guys had an alternative method.

Cheers,
Alex

Dan Rathbun

@alexschreyer said:

Is there an easy way to call the Net functions without having full Ruby installed?

I would not recommend it. Some day all SU users will have a full Ruby install. (fingers crossed)

Search this forum for XMLHTTPRequest
It has been discussed, but I never had a reason to use it.

Somehow the Google sites send data back to WebDialogs.

alexschreyer

@dan rathbun said:

Some day all SU users will have a full Ruby install. (fingers crossed)

I am all for that!!!

Cheers and thanks!
Alex

Dan Rathbun

@alexschreyer said:

I tried Ajax via jquery before. The problem was that I was moving a lot of data (a base64 encoded model) from Ruby to jQuery and somehow even the Ajax post function in jquery would only send the request as a get request.

@unknownuser said:

(http://api.jquery.com/load/)":a6sasixz]

The POST method is used if data is provided as an object; otherwise, GET is assumed.

... and ...

Due to browser security restrictions, most "Ajax" requests are subject to the same origin policy; the request can not successfully retrieve data from a different domain, subdomain, or protocol.

So be sure you create a Javascript Object holding your data, not a simple String or Array.

alexschreyer

@dan rathbun said:

Due to browser security restrictions, most "Ajax" requests are subject to the same origin policy; the request can not successfully retrieve data from a different domain, subdomain, or protocol.

So be sure you create a Javascript Object holding your data, not a simple String or Array.

Yes, I had been trying/fighting with the same origin thing on this and I believe my problem here was that I was requesting data from a different server. This required me to do this as a JSON/JSONP request, which I could only send as a string, hence the resulting GET request for the POST AJAX function in jQuery. Catch-22...

Cheers,
Alex

Jim

Ah, so maybe you need to get sketchfab to serve up the contents of the webdialog in order to use jQuery .post()?

Dan Rathbun

@unknownuser said:

(http://api.jquery.com/load/)":w6xqf2o1]...

Due to browser security restrictions, most "Ajax" requests are subject to the same origin policy; the request can not successfully retrieve data from a different domain, subdomain, or protocol.

Working with client-side browser extensions lately... and found a link to this article within the Google Chrome Extension Developer's Documentation, on the Content Security Policy page.

@unknownuser said:

**, of Google Developer Relations, at html5rocks.com in Tutorial: AN INTRODUCTION TO CONTENT SECURITY POLICY":w6xqf2o1]

Content Security Policy 1.0 is a W3C Candidate Recommendation, and browser vendors are expected to rapidly adopt the standard. That said, the W3C’s Web Application Security Working Group isn’t lounging around, patting itself on the back; work has already begun on the specification’s next iteration. Content Security Policy 1.1’s Editors’ Draft is under active development.

Client-side browser extensions like Chrome's, put the " content_security_policy" key & value string, within the extension's manifest object, saved as a manifest.json file.

Server's will begin using HTTP Responce Headers (as described in the article,) and later perhaps as %(#8000BF)[<META>] elements in the %(#8000BF)[<HEAD>] of a web document.

Chrome experimentaly already allows the %(#8000BF)[<meta http-equiv="X-WebKit-CSP" content="[POLICY STRING GOES HERE]">] tag.

MSIE as usual, is behind the rest of the browser world.

Dan Rathbun

@Alex: I see Sketchfab has a page with your plugin, ...

Did you solve this issue ??

I did find this page that has interesting reading, although the samples use GET.
Cross-Origin XMLHttpRequest

So I wonder if this might work when "allow actions from host" were true?