Ok… I’ve been beating my head against the wall for the last couple days trying to understand CORS as it pertains to my web app which is basically a Node.js server running Express, Jade and Stylus that dishes up a client app that uses AngularJS to help simplify the ajax type stuff, and make data binding easier.
I keep trying to do something like this and I think I’m starting to understand why it may be failing:
$http.post('https://api.sprk.io/v1/devices/elroy',{"message":"winning"}).
success(function (data, status, headers, config) {
$scope.name = data.name;
}).
error(function (data, status, headers, config) {
$scope.name = 'Error!'
});
Basically the above http post sends the Request Method: OPTIONS instead of POST. It does this because the browser knows it’s a cross domain request and it basically alerts the server to this fact. The server then needs to dish up some response that it’s ok to send various requests (GET, POST, OPTIONS, DELETE, etc). And I’m guessing the Spark API doesn’t do this yet. What’s interesting is that when you communicate directly from another server using Node.js http requests it just works, because it’s not a browser trying to implement security.
Here’s a nice short video on what the issue is more or less:
If the Spark API supported this OPTIONS request, we could do ajax calls directly from client side apps, and use frameworks like AngularJS to talk to the Spark Cloud. At least I think this is what needs to be done.
Another method I am considering… is make the client/server app implement a same-domain API (basically in the background ajax calls to the server app) that then forwards the requests to the Spark API.
Any thoughts would be helpful