Problems with new install

[highfellow]

I'm having trouble getting the new web client to work with my domain. I set up an http api server (at api.buddycloud.highfellow.org), which seems to be running OK. I've tested this by sending the request:

https://api.buddycloud.highfellow.org/andy@highfellow.org/content/posts?max=1

and it returns an xml fragment as it should.

I decided to install the webclient on my local machine, to make it easier to work on later. I'm using a standard apache setup from ubuntu 12.04. If I visit http://localhost/webclient, I just see a blank page.

Looking at it in the chrome developer tools, it looks like all of the resources are loading OK. (I.e. under 'network' I get a number of 200 responses for all the scripts and css files it's loading.) However the DOM is just the same as the raw index.html file. I.e. nothing has been added to the page in the sidebar or content divs.

My config.js looks like:

define({
  baseUrl: 'https://api.buddycloud.highfellow.org',
  homeDomain: 'highfellow.org',
  defaultChannel: 'lounge@topics.buddycloud.org',
  release: true
});

I've tried debugging it by putting a breakpoint at the point where main.js enters 'initialise()', and stepping through. It fetches the credentials, sets the user event listeners (loginSuccess and loginError), calls user.login, and then exits. If I keep stepping it after this point, it's running through a loop in requirejs.

One thing that may be relevant is that the only scripts that are shown in the 'scripts' tab of the dev tools are 'modernizr,js', 'require.js', 'main.js', 'User.js', 'backbone.js', and 'UserCredentials'. I assume this means that although the other scripts have been loaded and parsed OK, they have never been executed.

If anyone can help with this, that would be great.

Thanks,

andy

[highfellow]

If I change config.js back to the default, it still shows a blank screen:

define({
  baseUrl: 'https://api.buddycloud.org',
  homeDomain: 'buddycloud.org',
  defaultChannel: 'lounge@topics.buddycloud.org',
  release: true
});

[denisw]

Have you added the rewrite rules needed for release: true to your Apache config? (I don't know how well they are documented.) Does release: false work?

[highfellow]

OK, thanks. I just found out that changing release to false gets the splash screen to load OK (both on buddycloud.org and my domain)

This isn't documented at the moment, so probably should be. Putting comments in config.js saying what each option means would be helpful for new users.

I still can't log in on my domain though. (it says 'wrong username or password'). I've tested the api by doing this with the same password:

andy@monkey:/local/www/webclient$ curl -v --insecure --basic -u andy@highfellow.org:xxx https://api.buddycloud.highfellow.org/andy@highfellow.org/content/posts?max=1
* About to connect() to api.buddycloud.highfellow.org port 443 (#0)
*   Trying 95.211.35.213... connected
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server key exchange (12):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using ECDHE-RSA-AES256-SHA
* Server certificate:
*    subject: serialNumber=8KKSxkXIlxhcWTgblvyj32kqqLqyYNOI; C=GB; O=*.webfaction.com; OU=GT32045455; OU=See www.rapidssl.com/resources/cps (c)11; OU=Domain Control Validated - RapidSSL(R); CN=*.webfaction.com
*    start date: 2011-10-19 00:06:50 GMT
*    expire date: 2013-10-20 14:04:16 GMT
*    subjectAltName does not match api.buddycloud.highfellow.org
* Server auth using Basic with user 'andy@highfellow.org'
> GET /andy@highfellow.org/content/posts?max=1 HTTP/1.1
> Authorization: Basic xxx
> User-Agent: curl/7.22.0 (i686-pc-linux-gnu) libcurl/7.22.0 OpenSSL/1.0.1 zlib/1.2.3.4 libidn/1.23 librtmp/2.3
> Host: api.buddycloud.highfellow.org
> Accept: */*
> 
< HTTP/1.1 200 OK
< Server: nginx
< Date: Sat, 20 Oct 2012 16:41:50 GMT
< Content-Type: application/atom+xml
< Content-Length: 1382
< Connection: keep-alive
< X-Powered-By: Express
< Access-Control-Allow-Origin: *
< Access-Control-Allow-Credentials: true
< Access-Control-Allow-Methods: GET, POST, PUT, DELETE
< Access-Control-Allow-Headers: Authorization, Content-Type, X-Requested-With, X-Session-Id
< Access-Control-Expose-Headers: Location, X-Session-Id
< X-Session-Id: 46e8f546420d1c71bf7d8efee133de44
< 
<feed xmlns="http://www.w3.org/2005/Atom"><title>andy@highfellow.org posts</title><id>xmpp:buddycloud.highfellow.org?pubsub;action=retrieve;node=/user/andy@highfellow.org/posts</id><updated>2012-10-19T18:14:25.103Z</updated><entry xmlns="http://www.w3.org/2005/Atom"><content>The problem turned out to be mainly that I didn't have LD_LIBRARY_PATH set to the local library dir for my user account, so it was finding the wrong versions of the libraries (or none at all in the case of libicu). This might not apply on a system where someone has root. 

Also, node-stringprep needed a version downgrade in package.json to install OK. I.e put '0.1.4' in the version field.</content><author><name>andy@highfellow.org</name><uri>acct:andy@highfellow.org</uri></author><in-reply-to xmlns="http://purl.org/syndication/thread/1.0" ref="d17b3d7e-6986-4f5f-b07a-29e8ebbd726d"/><id>9fa86c18-31ca-4083-8ca5-cdd9f3502d65</id><published>2012-10-19T18:14:25.103Z</published><updated>2012-10-19T18:14:25.103Z</updated><link rel="self" href="x* Connection #0 to host api.buddycloud.highfellow.org left intact
* Closing connection #0
* SSLv3, TLS alert, Client hello (1):
mpp:buddycloud.highfellow.org?pubsub;action=retrieve;node=/user/andy@highfellow.org/posts;item=9fa86c18-31ca-4083-8ca5-cdd9f3502d65"/><verb xmlns="http://activitystrea.ms/spec/1.0/">post</verb><object xmlns="http://activitystrea.ms/spec/1.0/"><object-type>comment</object-type></object><title>The problem turned out to be mainly tha…</title></entry></feed>

As far as I know, this means it's working OK. I haven't yet set up a SRV record for the api; I don't know if this is actually required.

[highfellow]

Do you know if a proper SSL certificate is necessary for the webclient to work with the api under https? My web host provides a certificate but it's keyed to their domain name not mine. I was trying to avoid spending money on a real certificate when this server is just being used by me at the moment.

[Schnouki]

I think that as long as the certificate is accepted by your browser, it should be ok. I usually get certificates from https://cacert.org/. Their root CA is not accepted by all browsers, but it's good enough what I'm doing with it.

Thomas

Le 20 oct. 2012 à 19:08, Andrew Baxter notifications@github.com a écrit :

Do you know if a proper SSL certificate is necessary for the webclient to work with the api under https? My web host provides a certificate but it's keyed to their domain name not mine. I was trying to avoid spending money on a real certificate when this server is just being used by me at the moment.

— Reply to this email directly or view it on GitHub.

[imaginator]

Here's how it works:

Your media server hosts media for any channels that you host.

Remote users will be redirected to retrieve media off your domain by their API server.

Some of these remote users' browsers might complain when being redirected to https://api.buddycloud.highfellow.org/pictures@highfellow.org/media/123.jpg

S.

On 21 October 2012 00:20, Thomas Jost notifications@github.com wrote:

I think that as long as the certificate is accepted by your browser, it should be ok. I usually get certificates from https://cacert.org/. Their root CA is not accepted by all browsers, but it's good enough what I'm doing with it.

Thomas

Le 20 oct. 2012 à 19:08, Andrew Baxter notifications@github.com a écrit :

Do you know if a proper SSL certificate is necessary for the webclient to work with the api under https? My web host provides a certificate but it's keyed to their domain name not mine. I was trying to avoid spending money on a real certificate when this server is just being used by me at the moment.

— Reply to this email directly or view it on GitHub.

— Reply to this email directly or view it on GitHubhttps://github.com/buddycloud/webclient/issues/66#issuecomment-9637480.

Simon Tennant | buddycloud.com | +49 17 8545 0880 | office hours: goo.gl/tQgxP

[highfellow]

The thing I was concerned about was whether the webclient itself would have trouble with the api domain not having its own certificate.

I've tried switching api.buddycloud.highfellow.org to http (and changing the url in config.js), and this doesn't make any difference - I still can't log in from the web client, but I can go to http://api.buddycloud.highfellow.org/andy@highfellow.org/content/posts?max=1 and get an xml fragment.

If I put a bogus api url in config.js, I get exactly the same error on login ('Wrong username or password'), which suggests the problem I'm having could be with the connection to the api server, but is being reported as a failed login.

[highfellow]

I've just realised I had my api domain wrong in config.js - it was api.highfellow.buddycloud.org instead of api.buddycloud.highfellow.org.

With the domain set right, it still doesn't login, but I'm getting a bit more information in the console. The last 3 lines look like this:

OPTIONS http://api.buddycloud.highfellow.org/subscribed 200 (OK) jquery.js:8281
GET http://api.buddycloud.highfellow.org/subscribed 401 (Unauthorized) subscribed:1
XHR finished loading: "http://api.buddycloud.highfellow.org/subscribed".

loading http://api.buddycloud.highfellow.org/subscribed manually and giving my username and password returns some json with a list of channels.

[highfellow]

I've just successfully logged in in firefox (v16.0.1), but not in chrome (v20.0.1132.47 Ubuntu 12.04). In firefox, the channel I'm viewing comes up OK, but not the list of channels in the sidebar.

I'll get back to this later next week probably.

[highfellow]

I've tried moving the client code from my laptop's localhost to https://buddycloud.highfellow.org/new-client. I'm currently able to log in in chrome and the posts in my channel come up, but there's nothing in the left sidebar except 'Find Channels'. I can switch to another user's channel by clicking on their icon in a post, but there's no way to switch channels directly.

I also tried adding a .htaccess file with 'Header set Access-Control-Allow-Origin *' (in case it's a cross-domain request issue), but this doesn't seem to make a difference.

The javascript console is pasted below. There seem to be several api requests which are still getting '401 (Unauthorized)'. E.g. 'GET http://api.buddycloud.highfellow.org/andy@highfellow.org/metadata/posts 401 (Unauthorized) jquery.js:8281' If I open this url manually in the browser, it returns some json with my channel details in.

XHR finished loading: "https://buddycloud.highfellow.org/new-client/templates/overlay/welcome.html". text.js:264
XHR finished loading: "https://buddycloud.highfellow.org/new-client/templates/overlay/footer.html". text.js:264
XHR finished loading: "https://buddycloud.highfellow.org/new-client/templates/content/discover.html". text.js:264
XHR finished loading: "https://buddycloud.highfellow.org/new-client/templates/content/searchBar.html". text.js:264
XHR finished loading: "https://buddycloud.highfellow.org/new-client/templates/sidebar/actionBar.html". text.js:264
XHR finished loading: "https://buddycloud.highfellow.org/new-client/templates/sidebar/channels.html". text.js:264
XHR finished loading: "https://buddycloud.highfellow.org/new-client/templates/sidebar/personalChannel.html". text.js:264
XHR finished loading: "https://buddycloud.highfellow.org/new-client/templates/content/searchResults.html". text.js:264
XHR finished loading: "https://buddycloud.highfellow.org/new-client/templates/content/header.html". text.js:264
XHR finished loading: "https://buddycloud.highfellow.org/new-client/templates/content/channelDetails.html". text.js:264
XHR finished loading: "https://buddycloud.highfellow.org/new-client/templates/content/preferences.html". text.js:264
XHR finished loading: "https://buddycloud.highfellow.org/new-client/templates/content/stream.html". text.js:264
XHR finished loading: "https://buddycloud.highfellow.org/new-client/templates/content/editChannel.html". text.js:264
XHR finished loading: "https://buddycloud.highfellow.org/new-client/templates/content/post.html". text.js:264
XHR finished loading: "https://buddycloud.highfellow.org/new-client/templates/content/channelListDetails.html". text.js:264
XHR finished loading: "https://buddycloud.highfellow.org/new-client/templates/content/editHeader.html". text.js:264
XHR finished loading: "https://buddycloud.highfellow.org/new-client/templates/content/channelList.html". text.js:264
XHR finished loading: "http://api.buddycloud.highfellow.org/subscribed".
GET http://api.buddycloud.highfellow.org/andy@highfellow.org/metadata/posts 401 (Unauthorized) jquery.js:8281
XHR finished loading: "http://api.buddycloud.highfellow.org/andy@highfellow.org/metadata/posts". jquery.js:8281
GET http://api.buddycloud.highfellow.org/dave@highfellow.org/metadata/posts 401 (Unauthorized) jquery.js:8281
XHR finished loading: "http://api.buddycloud.highfellow.org/dave@highfellow.org/metadata/posts". jquery.js:8281
GET http://api.buddycloud.highfellow.org/miles@highfellow.org/metadata/posts 401 (Unauthorized) jquery.js:8281
XHR finished loading: "http://api.buddycloud.highfellow.org/miles@highfellow.org/metadata/posts". jquery.js:8281
GET http://api.buddycloud.highfellow.org/nina@highfellow.org/metadata/posts 401 (Unauthorized) jquery.js:8281
XHR finished loading: "http://api.buddycloud.highfellow.org/nina@highfellow.org/metadata/posts". jquery.js:8281
GET http://api.buddycloud.highfellow.org/ralph@highfellow.org/metadata/posts 401 (Unauthorized) jquery.js:8281
XHR finished loading: "http://api.buddycloud.highfellow.org/ralph@highfellow.org/metadata/posts". jquery.js:8281
GET http://api.buddycloud.highfellow.org/satori@highfellow.org/metadata/posts 401 (Unauthorized) jquery.js:8281
XHR finished loading: "http://api.buddycloud.highfellow.org/satori@highfellow.org/metadata/posts". jquery.js:8281
GET http://api.buddycloud.highfellow.org/zoe@highfellow.org/metadata/posts 401 (Unauthorized) jquery.js:8281
XHR finished loading: "http://api.buddycloud.highfellow.org/zoe@highfellow.org/metadata/posts". jquery.js:8281
GET http://api.buddycloud.highfellow.org/gully@highfellow.org/metadata/posts 401 (Unauthorized) jquery.js:8281
XHR finished loading: "http://api.buddycloud.highfellow.org/gully@highfellow.org/metadata/posts". jquery.js:8281
GET http://api.buddycloud.highfellow.org/suw@highfellow.org/metadata/posts 401 (Unauthorized) jquery.js:8281
XHR finished loading: "http://api.buddycloud.highfellow.org/suw@highfellow.org/metadata/posts". jquery.js:8281
GET http://api.buddycloud.highfellow.org/birchwind@buddycloud.org/metadata/posts 401 (Unauthorized) jquery.js:8281
XHR finished loading: "http://api.buddycloud.highfellow.org/birchwind@buddycloud.org/metadata/posts". jquery.js:8281
GET http://api.buddycloud.highfellow.org/kevin@doomsong.co.uk/metadata/posts 401 (Unauthorized) jquery.js:8281
XHR finished loading: "http://api.buddycloud.highfellow.org/kevin@doomsong.co.uk/metadata/posts". jquery.js:8281
GET http://api.buddycloud.highfellow.org/astro@buddycloud.org/metadata/posts 401 (Unauthorized) jquery.js:8281
XHR finished loading: "http://api.buddycloud.highfellow.org/astro@buddycloud.org/metadata/posts". jquery.js:8281
GET http://api.buddycloud.highfellow.org/fahrertuer@buddycloud.org/metadata/posts 401 (Unauthorized) jquery.js:8281
XHR finished loading: "http://api.buddycloud.highfellow.org/fahrertuer@buddycloud.org/metadata/posts". jquery.js:8281
GET http://api.buddycloud.highfellow.org/makers@topics.highfellow.org/metadata/posts 401 (Unauthorized) jquery.js:8281
XHR finished loading: "http://api.buddycloud.highfellow.org/makers@topics.highfellow.org/metadata/posts". jquery.js:8281
GET http://api.buddycloud.highfellow.org/dodo@buddycloud.org/metadata/posts 401 (Unauthorized) jquery.js:8281
XHR finished loading: "http://api.buddycloud.highfellow.org/dodo@buddycloud.org/metadata/posts". jquery.js:8281
GET http://api.buddycloud.highfellow.org/siouxsie@buddycloud.org/metadata/posts 401 (Unauthorized) jquery.js:8281
XHR finished loading: "http://api.buddycloud.highfellow.org/siouxsie@buddycloud.org/metadata/posts". jquery.js:8281
GET http://api.buddycloud.highfellow.org/cat_content@topics.buddycloud.org/metadata/posts 401 (Unauthorized) jquery.js:8281
XHR finished loading: "http://api.buddycloud.highfellow.org/cat_content@topics.buddycloud.org/metadata/posts". jquery.js:8281
GET http://api.buddycloud.highfellow.org/books@topics.buddycloud.org/metadata/posts 401 (Unauthorized) jquery.js:8281
XHR finished loading: "http://api.buddycloud.highfellow.org/books@topics.buddycloud.org/metadata/posts". jquery.js:8281
XHR finished loading: "http://api.buddycloud.highfellow.org/andy@highfellow.org/subscribers/posts".
XHR finished loading: "http://api.buddycloud.highfellow.org/andy@highfellow.org/metadata/posts".
XHR finished loading: "http://api.buddycloud.highfellow.org/andy@highfellow.org/content/posts".
The page at https://buddycloud.highfellow.org/new-client/#andy@highfellow.org displayed insecure content from http://api.buddycloud.highfellow.org/andy@highfellow.org/media/avatar?maxwidth=50&maxheight=50.
The page at https://buddycloud.highfellow.org/new-client/#andy@highfellow.org displayed insecure content from http://api.buddycloud.highfellow.org/andy@highfellow.org/media/avatar.
The page at https://buddycloud.highfellow.org/new-client/#andy@highfellow.org displayed insecure content from http://api.buddycloud.highfellow.org/andy@highfellow.org/media/avatar?maxwidth=50&maxheight=50.
The page at https://buddycloud.highfellow.org/new-client/#andy@highfellow.org displayed insecure content from http://api.buddycloud.highfellow.org/andy@highfellow.org/media/avatar.
The page at https://buddycloud.highfellow.org/new-client/#andy@highfellow.org displayed insecure content from http://api.buddycloud.highfellow.org/andy@highfellow.org/media/avatar?maxwidth=50&maxheight=50.
2The page at https://buddycloud.highfellow.org/new-client/#andy@highfellow.org displayed insecure content from http://api.buddycloud.highfellow.org/andy@highfellow.org/media/avatar?maxwidth=34&maxheight=34.
The page at https://buddycloud.highfellow.org/new-client/#andy@highfellow.org displayed insecure content from http://api.buddycloud.highfellow.org/andy@highfellow.org/media/avatar.
The page at https://buddycloud.highfellow.org/new-client/#andy@highfellow.org displayed insecure content from http://api.buddycloud.highfellow.org/andy@highfellow.org/media/avatar?maxwidth=50&maxheight=50.
The page at https://buddycloud.highfellow.org/new-client/#andy@highfellow.org displayed insecure content from http://api.buddycloud.highfellow.org/simon@buddycloud.org/media/avatar?maxwidth=34&maxheight=34.
The page at https://buddycloud.highfellow.org/new-client/#andy@highfellow.org displayed insecure content from http://api.buddycloud.highfellow.org/andy@highfellow.org/media/avatar?maxwidth=34&maxheight=34.
The page at https://buddycloud.highfellow.org/new-client/#andy@highfellow.org displayed insecure content from http://api.buddycloud.highfellow.org/andy@highfellow.org/media/avatar.
The page at https://buddycloud.highfellow.org/new-client/#andy@highfellow.org displayed insecure content from http://api.buddycloud.highfellow.org/andy@highfellow.org/media/avatar?maxwidth=50&maxheight=50.
The page at https://buddycloud.highfellow.org/new-client/#andy@highfellow.org displayed insecure content from http://api.buddycloud.highfellow.org/simon@buddycloud.org/media/avatar?maxwidth=34&maxheight=34.
The page at https://buddycloud.highfellow.org/new-client/#andy@highfellow.org displayed insecure content from http://api.buddycloud.highfellow.org/andy@highfellow.org/media/avatar?maxwidth=34&maxheight=34.
The page at https://buddycloud.highfellow.org/new-client/#andy@highfellow.org displayed insecure content from http://api.buddycloud.highfellow.org/andy@highfellow.org/media/avatar.
The page at https://buddycloud.highfellow.org/new-client/#andy@highfellow.org displayed insecure content from http://api.buddycloud.highfellow.org/andy@highfellow.org/media/avatar?maxwidth=50&maxheight=50.
The page at https://buddycloud.highfellow.org/new-client/#andy@highfellow.org displayed insecure content from http://api.buddycloud.highfellow.org/isabella@buddycloud.org/media/avatar?maxwidth=34&maxheight=34.
The page at https://buddycloud.highfellow.org/new-client/#andy@highfellow.org displayed insecure content from http://api.buddycloud.highfellow.org/andy@highfellow.org/media/avatar.
The page at https://buddycloud.highfellow.org/new-client/#andy@highfellow.org displayed insecure content from http://api.buddycloud.highfellow.org/andy@highfellow.org/media/avatar?maxwidth=50&maxheight=50.
The page at https://buddycloud.highfellow.org/new-client/#andy@highfellow.org displayed insecure content from http://api.buddycloud.highfellow.org/andy@highfellow.org/media/avatar.
The page at https://buddycloud.highfellow.org/new-client/#andy@highfellow.org displayed insecure content from http://api.buddycloud.highfellow.org/andy@highfellow.org/media/avatar?maxwidth=50&maxheight=50.
2The page at https://buddycloud.highfellow.org/new-client/#andy@highfellow.org displayed insecure content from http://api.buddycloud.highfellow.org/andy@highfellow.org/media/avatar?maxwidth=34&maxheight=34.
The page at https://buddycloud.highfellow.org/new-client/#andy@highfellow.org displayed insecure content from http://api.buddycloud.highfellow.org/andy@highfellow.org/media/avatar.
The page at https://buddycloud.highfellow.org/new-client/#andy@highfellow.org displayed insecure content from http://api.buddycloud.highfellow.org/andy@highfellow.org/media/avatar?maxwidth=50&maxheight=50.
The page at https://buddycloud.highfellow.org/new-client/#andy@highfellow.org displayed insecure content from http://api.buddycloud.highfellow.org/andy@highfellow.org/media/avatar?maxwidth=34&maxheight=34.
The page at https://buddycloud.highfellow.org/new-client/#andy@highfellow.org displayed insecure content from http://api.buddycloud.highfellow.org/schnouki@pouet.im/media/avatar?maxwidth=34&maxheight=34.
The page at https://buddycloud.highfellow.org/new-client/#andy@highfellow.org displayed insecure content from http://api.buddycloud.highfellow.org/andy@highfellow.org/media/avatar?maxwidth=34&maxheight=34.
The page at https://buddycloud.highfellow.org/new-client/#andy@highfellow.org displayed insecure content from http://api.buddycloud.highfellow.org/simon@buddycloud.org/media/avatar?maxwidth=34&maxheight=34.
The page at https://buddycloud.highfellow.org/new-client/#andy@highfellow.org displayed insecure content from http://api.buddycloud.highfellow.org/andy@highfellow.org/media/avatar.
The page at https://buddycloud.highfellow.org/new-client/#andy@highfellow.org displayed insecure content from http://api.buddycloud.highfellow.org/andy@highfellow.org/media/avatar?maxwidth=50&maxheight=50.
The page at https://buddycloud.highfellow.org/new-client/#andy@highfellow.org displayed insecure content from http://api.buddycloud.highfellow.org/andy@highfellow.org/media/avatar.
The page at https://buddycloud.highfellow.org/new-client/#andy@highfellow.org displayed insecure content from http://api.buddycloud.highfellow.org/andy@highfellow.org/media/avatar?maxwidth=50&maxheight=50.
The page at https://buddycloud.highfellow.org/new-client/#andy@highfellow.org displayed insecure content from http://api.buddycloud.highfellow.org/andy@highfellow.org/media/avatar?maxwidth=34&maxheight=34.
The page at https://buddycloud.highfellow.org/new-client/#andy@highfellow.org displayed insecure content from http://api.buddycloud.highfellow.org/simon@buddycloud.org/media/avatar?maxwidth=34&maxheight=34.
The page at https://buddycloud.highfellow.org/new-client/#andy@highfellow.org displayed insecure content from http://api.buddycloud.highfellow.org/isabella@buddycloud.org/media/avatar?maxwidth=34&maxheight=34.
The page at https://buddycloud.highfellow.org/new-client/#andy@highfellow.org displayed insecure content from http://api.buddycloud.highfellow.org/andy@highfellow.org/media/avatar.
The page at https://buddycloud.highfellow.org/new-client/#andy@highfellow.org displayed insecure content from http://api.buddycloud.highfellow.org/sonny@buddycloud.org/media/avatar?maxwidth=50&maxheight=50.
The page at https://buddycloud.highfellow.org/new-client/#andy@highfellow.org displayed insecure content from http://api.buddycloud.highfellow.org/andy@highfellow.org/media/avatar?maxwidth=34&maxheight=34.
The page at https://buddycloud.highfellow.org/new-client/#andy@highfellow.org displayed insecure content from http://api.buddycloud.highfellow.org/simon@buddycloud.org/media/avatar?maxwidth=34&maxheight=34.
The page at https://buddycloud.highfellow.org/new-client/#andy@highfellow.org displayed insecure content from http://api.buddycloud.highfellow.org/andy@highfellow.org/media/avatar.
The page at https://buddycloud.highfellow.org/new-client/#andy@highfellow.org displayed insecure content from http://api.buddycloud.highfellow.org/dodo@buddycloud.org/media/avatar?maxwidth=50&maxheight=50.
The page at https://buddycloud.highfellow.org/new-client/#andy@highfellow.org displayed insecure content from http://api.buddycloud.highfellow.org/andy@highfellow.org/media/avatar?maxwidth=34&maxheight=34.
The page at https://buddycloud.highfellow.org/new-client/#andy@highfellow.org displayed insecure content from http://api.buddycloud.highfellow.org/andy@highfellow.org/media/avatar.
The page at https://buddycloud.highfellow.org/new-client/#andy@highfellow.org displayed insecure content from http://api.buddycloud.highfellow.org/dodo@buddycloud.org/media/avatar?maxwidth=50&maxheight=50.
The page at https://buddycloud.highfellow.org/new-client/#andy@highfellow.org displayed insecure content from http://api.buddycloud.highfellow.org/tuomas@buddycloud.org/media/avatar?maxwidth=34&maxheight=34.
The page at https://buddycloud.highfellow.org/new-client/#andy@highfellow.org displayed insecure content from http://api.buddycloud.highfellow.org/andy@highfellow.org/media/avatar.
The page at https://buddycloud.highfellow.org/new-client/#andy@highfellow.org displayed insecure content from http://api.buddycloud.highfellow.org/simon@buddycloud.org/media/avatar?maxwidth=50&maxheight=50.
The page at https://buddycloud.highfellow.org/new-client/#andy@highfellow.org displayed insecure content from http://api.buddycloud.highfellow.org/andy@highfellow.org/media/avatar?maxwidth=34&maxheight=34.
The page at https://buddycloud.highfellow.org/new-client/#andy@highfellow.org displayed insecure content from http://api.buddycloud.highfellow.org/simon@buddycloud.org/media/avatar?maxwidth=34&maxheight=34.
The page at https://buddycloud.highfellow.org/new-client/#andy@highfellow.org displayed insecure content from http://api.buddycloud.highfellow.org/andy@highfellow.org/media/avatar?maxwidth=34&maxheight=34.
2The page at https://buddycloud.highfellow.org/new-client/#andy@highfellow.org displayed insecure content from http://api.buddycloud.highfellow.org/simon@buddycloud.org/media/avatar?maxwidth=34&maxheight=34.
The page at https://buddycloud.highfellow.org/new-client/#andy@highfellow.org displayed insecure content from http://api.buddycloud.highfellow.org/andy@highfellow.org/media/avatar?maxwidth=34&maxheight=34.
The page at https://buddycloud.highfellow.org/new-client/#andy@highfellow.org displayed insecure content from http://api.buddycloud.highfellow.org/simon@buddycloud.org/media/avatar?maxwidth=34&maxheight=34.
2The page at https://buddycloud.highfellow.org/new-client/#andy@highfellow.org displayed insecure content from http://api.buddycloud.highfellow.org/andy@highfellow.org/media/avatar?maxwidth=34&maxheight=34.
The page at https://buddycloud.highfellow.org/new-client/#andy@highfellow.org displayed insecure content from http://api.buddycloud.highfellow.org/andy@highfellow.org/media/avatar.
The page at https://buddycloud.highfellow.org/new-client/#andy@highfellow.org displayed insecure content from http://api.buddycloud.highfellow.org/andy@highfellow.org/media/avatar?maxwidth=50&maxheight=50.
The page at https://buddycloud.highfellow.org/new-client/#andy@highfellow.org displayed insecure content from http://api.buddycloud.highfellow.org/andy@highfellow.org/media/avatar.
The page at https://buddycloud.highfellow.org/new-client/#andy@highfellow.org displayed insecure content from http://api.buddycloud.highfellow.org/andy@highfellow.org/media/avatar?maxwidth=50&maxheight=50.
The page at https://buddycloud.highfellow.org/new-client/#andy@highfellow.org displayed insecure content from http://api.buddycloud.highfellow.org/sonny@buddycloud.org/media/avatar?maxwidth=34&maxheight=34.
The page at https://buddycloud.highfellow.org/new-client/#andy@highfellow.org displayed insecure content from http://api.buddycloud.highfellow.org/andy@highfellow.org/media/avatar?maxwidth=34&maxheight=34.
The page at https://buddycloud.highfellow.org/new-client/#andy@highfellow.org displayed insecure content from http://api.buddycloud.highfellow.org/andy@highfellow.org/media/avatar.
The page at https://buddycloud.highfellow.org/new-client/#andy@highfellow.org displayed insecure content from http://api.buddycloud.highfellow.org/andy@highfellow.org/media/avatar?maxwidth=50&maxheight=50.
The page at https://buddycloud.highfellow.org/new-client/#andy@highfellow.org displayed insecure content from http://api.buddycloud.highfellow.org/andy@highfellow.org/media/avatar.
The page at https://buddycloud.highfellow.org/new-client/#andy@highfellow.org displayed insecure content from http://api.buddycloud.highfellow.org/andy@highfellow.org/media/avatar?maxwidth=50&maxheight=50.
The page at https://buddycloud.highfellow.org/new-client/#andy@highfellow.org displayed insecure content from http://api.buddycloud.highfellow.org/andy@highfellow.org/media/avatar.
The page at https://buddycloud.highfellow.org/new-client/#andy@highfellow.org displayed insecure content from http://api.buddycloud.highfellow.org/andy@highfellow.org/media/avatar?maxwidth=50&maxheight=50.
The page at https://buddycloud.highfellow.org/new-client/#andy@highfellow.org displayed insecure content from http://api.buddycloud.highfellow.org/andy@highfellow.org/media/avatar?maxwidth=34&maxheight=34.
The page at https://buddycloud.highfellow.org/new-client/#andy@highfellow.org displayed insecure content from http://api.buddycloud.highfellow.org/andy@highfellow.org/media/avatar.
The page at https://buddycloud.highfellow.org/new-client/#andy@highfellow.org displayed insecure content from http://api.buddycloud.highfellow.org/simon@buddycloud.org/media/avatar?maxwidth=50&maxheight=50.
The page at https://buddycloud.highfellow.org/new-client/#andy@highfellow.org displayed insecure content from http://api.buddycloud.highfellow.org/andy@highfellow.org/media/avatar?maxwidth=34&maxheight=34.
The page at https://buddycloud.highfellow.org/new-client/#andy@highfellow.org displayed insecure content from http://api.buddycloud.highfellow.org/simon@buddycloud.org/media/avatar?maxwidth=34&maxheight=34.
The page at https://buddycloud.highfellow.org/new-client/#andy@highfellow.org displayed insecure content from http://api.buddycloud.highfellow.org/andy@highfellow.org/media/avatar?maxwidth=34&maxheight=34.
The page at https://buddycloud.highfellow.org/new-client/#andy@highfellow.org displayed insecure content from http://api.buddycloud.highfellow.org/simon@buddycloud.org/media/avatar?maxwidth=34&maxheight=34.
4The page at https://buddycloud.highfellow.org/new-client/#andy@highfellow.org displayed insecure content from http://api.buddycloud.highfellow.org/andy@highfellow.org/media/avatar?maxwidth=34&maxheight=34.
The page at https://buddycloud.highfellow.org/new-client/#andy@highfellow.org displayed insecure content from http://api.buddycloud.highfellow.org/andy@highfellow.org/media/avatar.
The page at https://buddycloud.highfellow.org/new-client/#andy@highfellow.org displayed insecure content from http://api.buddycloud.highfellow.org/simon@buddycloud.org/media/avatar?maxwidth=50&maxheight=50.
The page at https://buddycloud.highfellow.org/new-client/#andy@highfellow.org displayed insecure content from http://api.buddycloud.highfellow.org/andy@highfellow.org/media/avatar.
The page at https://buddycloud.highfellow.org/new-client/#andy@highfellow.org displayed insecure content from http://api.buddycloud.highfellow.org/simon@buddycloud.org/media/avatar?maxwidth=50&maxheight=50.
The page at https://buddycloud.highfellow.org/new-client/#andy@highfellow.org displayed insecure content from http://api.buddycloud.highfellow.org/andy@highfellow.org/media/avatar?maxwidth=34&maxheight=34.
The page at https://buddycloud.highfellow.org/new-client/#andy@highfellow.org displayed insecure content from http://api.buddycloud.highfellow.org/simon@buddycloud.org/media/avatar?maxwidth=34&maxheight=34.
The page at https://buddycloud.highfellow.org/new-client/#andy@highfellow.org displayed insecure content from http://api.buddycloud.highfellow.org/tuomas@buddycloud.org/media/avatar?maxwidth=34&maxheight=34.
The page at https://buddycloud.highfellow.org/new-client/#andy@highfellow.org displayed insecure content from http://api.buddycloud.highfellow.org/simon@buddycloud.org/media/avatar?maxwidth=34&maxheight=34.
The page at https://buddycloud.highfellow.org/new-client/#andy@highfellow.org displayed insecure content from http://api.buddycloud.highfellow.org/andy@highfellow.org/media/avatar?maxwidth=34&maxheight=34.
The page at https://buddycloud.highfellow.org/new-client/#andy@highfellow.org displayed insecure content from http://api.buddycloud.highfellow.org/andy@highfellow.org/media/avatar.
The page at https://buddycloud.highfellow.org/new-client/#andy@highfellow.org displayed insecure content from http://api.buddycloud.highfellow.org/andy@highfellow.org/media/avatar?maxwidth=50&maxheight=50.
The page at https://buddycloud.highfellow.org/new-client/#andy@highfellow.org displayed insecure content from http://api.buddycloud.highfellow.org/andy@highfellow.org/media/avatar?maxwidth=34&maxheight=34.
The page at https://buddycloud.highfellow.org/new-client/#andy@highfellow.org displayed insecure content from http://api.buddycloud.highfellow.org/andy@highfellow.org/media/avatar.
The page at https://buddycloud.highfellow.org/new-client/#andy@highfellow.org displayed insecure content from http://api.buddycloud.highfellow.org/andy@highfellow.org/media/avatar?maxwidth=75&maxheight=75.
The page at https://buddycloud.highfellow.org/new-client/#andy@highfellow.org displayed insecure content from http://api.buddycloud.highfellow.org/andy@highfellow.org/media/avatar?maxwidth=50&maxheight=50.
GET https://api.embed.ly/1/oembed?callback=jQuery181017761820158921182_1351247772958&urls=http%3A%2F%2Ffed.wiki.org%2Fview%2Fwelcome-visitors%2Fview%2Fsmallest-federated-wiki,http%3A%2F%2Fen.wikipedia.org%2Fwiki%2FUser%3AHaeB%2FTimeline_of_distributed_Wikipedia_proposals&maxwidth=400&secure=true&wmode=opaque&_=1351247776284 403 (Forbidden) jquery.js:8169
GET https://api.embed.ly/1/oembed?callback=jQuery181017761820158921182_1351247772959&urls=http%3A%2F%2Fwww.flickr.com%2Fphotos%2F59973966%40N07%2F8056546647%2Fin%2Fphotostream&maxwidth=400&secure=true&wmode=opaque&_=1351247776320 403 (Forbidden) jquery.js:8169
GET https://api.embed.ly/1/oembed?callback=jQuery181017761820158921182_1351247772960&urls=http%3A%2F%2Fwww.bbc.co.uk%2Fnews%2Fmagazine-19547365&maxwidth=400&secure=true&wmode=opaque&_=1351247776332 403 (Forbidden) jquery.js:8169
GET https://api.embed.ly/1/oembed?callback=jQuery181017761820158921182_1351247772961&urls=http%3A%2F%2Fhighfellow.org%2Fmisc%2Frandom-word%2Frandom-word.py,http%3A%2F%2Fwww.ohio.edu%2Fresearch%2Fcommunications%2Fblamegame.cf,http%3A%2F%2Fwww.foreignpolicy.com%2Farticles%2F2011%2F04%2F29%2Fwishful_thinking%3Fpage%3Dfull,http%3A%2F%2Fphoto.tutsplus.com%2Farticles%2Fcomposition-articles%2Fa-guide-to-perfect-portrait-posing-and-more%2F,http%3A%2F%2Fwww.makeuseof.com%2Ftag%2F4-fun-and-simple-things-you-can-do-using-terminal-mac%2F,http%3A%2F%2Fwww.theoildrum.com%2Fnode%2F5884&maxwidth=400&secure=true&wmode=opaque&_=1351247776354 403 (Forbidden) jquery.js:8169
GET https://api.embed.ly/1/oembed?callback=jQuery181017761820158921182_1351247772962&urls=http%3A%2F%2Fwww.flickr.com%2Fphotos%2F59973966%40N07%2Fsets%2F72157630899736072%2F,http%3A%2F%2Fwww.flickr.com%2Fphotos%2F59973966%40N07%2Fsets%2F72157626100224517%2F&maxwidth=400&secure=true&wmode=opaque&_=1351247776390 403 (Forbidden) jquery.js:8169
GET https://api.embed.ly/1/oembed?callback=jQuery181017761820158921182_1351247772963&urls=http%3A%2F%2Fneave.com%2Fwebcam%2Fhtml5%2F&maxwidth=400&secure=true&wmode=opaque&_=1351247776413 403 (Forbidden) jquery.js:8169
GET https://api.embed.ly/1/oembed?callback=jQuery181017761820158921182_1351247772964&urls=https%3A%2F%2Fgithub.com%2Fdodo%2Fzshrc%2Fblob%2Fmaster%2Ffunc%2Ftrackpoint-scroll&maxwidth=400&secure=true&wmode=opaque&_=1351247776426 403 (Forbidden) jquery.js:8169
GET https://api.embed.ly/1/oembed?callback=jQuery181017761820158921182_1351247772965&urls=http%3A%2F%2Facko.net&maxwidth=400&secure=true&wmode=opaque&_=1351247776441 403 (Forbidden) jquery.js:8169
Resource interpreted as Font but transferred with MIME type application/octet-stream: "https://buddycloud.highfellow.org/new-client/css/fonts/Nunito-Regular-webfont.woff".
GET https://api.embed.ly/1/oembed?callback=jQuery181017761820158921182_1351247772966&urls=https%3A%2F%2Fgithub.com%2Fbuddycloud%2Fsymbian-client%2Fblob%2Fmaster%2Fdata%2FBuddycloud.l01,https%3A%2F%2Fgithub.com%2Fbuddycloud%2Fsymbian-client%2Fblob%2Fmaster%2Fdata%2FBuddycloud.l512,https%3A%2F%2Fbuddycloud.org%2Fwiki%2FMediaWiki%3ACommon.css,https%3A%2F%2Fbuddycloud.org%2Fwiki%2FTemplate%3AProject,https%3A%2F%2Fbuddycloud.org%2Fwiki%2FMediaWiki%3ASidebar,https%3A%2F%2Fwebtranslateit.com%2F&maxwidth=400&secure=true&wmode=opaque&_=1351247776472 403 (Forbidden) jquery.js:8169
GET https://api.embed.ly/1/oembed?callback=jQuery181017761820158921182_1351247772967&urls=http%3A%2F%2Fwww.newscientist.com%2Fblogs%2Fshortsharpscience%2F2012%2F08%2Fz-the-diamond-melting-machine.html&maxwidth=400&secure=true&wmode=opaque&_=1351247776479 403 (Forbidden) jquery.js:8169
GET https://api.embed.ly/1/oembed?callback=jQuery181017761820158921182_1351247772968&urls=http%3A%2F%2Fhighfellow.org%2Fmisc%2Fdt-demo%2Fhello-world.html&maxwidth=400&secure=true&wmode=opaque&_=1351247776494 403 (Forbidden) jquery.js:8169
GET https://api.embed.ly/1/oembed?callback=jQuery181017761820158921182_1351247772969&urls=http%3A%2F%2Fwww.flickr.com%2Fphotos%2F59973966%40N07%2Fsets%2F72157630899736072&maxwidth=400&secure=true&wmode=opaque&_=1351247776504 403 (Forbidden) jquery.js:8169
GET https://api.embed.ly/1/oembed?callback=jQuery181017761820158921182_1351247772970&urls=https%3A%2F%2Fdeveloper.mozilla.org%2Fen-US%2Fdocs%2FDOM%2Fwindow.navigator.language,http%3A%2F%2Fstackoverflow.com%2Fquestions%2F1043339%2Fjavascript-for-detecting-browser-language-preference,http%3A%2F%2Fdeveloper.chrome.com%2Fextensions%2Fi18n.html%23method-getAcceptLanguages,https%3A%2F%2Fgithub.com%2Ffabi1cazenave%2FwebL10n%2Fissues%2F14,http%3A%2F%2Fsrc.chromium.org%2Fviewvc%2Fchrome%3Fview%3Drev%26revision%3D2250,http%3A%2F%2Fstackoverflow.com%2Fquestions%2F2678230%2Fhow-to-getting-browser-current-locale-preference-using-javascript&maxwidth=400&secure=true&wmode=opaque&_=1351247776535 403 (Forbidden) jquery.js:8169
GET https://api.embed.ly/1/oembed?callback=jQuery181017761820158921182_1351247772971&urls=https%3A%2F%2Fgithub.com%2Ffabi1cazenave%2FwebL10n,https%3A%2F%2Fbuddycloud.org%2Fwiki%2FBuddycloud_localisation&maxwidth=400&secure=true&wmode=opaque&_=1351247776543 403 (Forbidden) jquery.js:8169
GET https://api.embed.ly/1/oembed?callback=jQuery181017761820158921182_1351247772972&urls=http%3A%2F%2Fwww.airportbus-muenchen.de%2Fcms%2Fen%2Fbus_stop%2Fmunich_airport_bus_stops%2F&maxwidth=400&secure=true&wmode=opaque&_=1351247776562 403 (Forbidden) jquery.js:8169
GET http://api.buddycloud.highfellow.org/andy@highfellow.org/media/avatar?maxwidth=50&maxheight=50 500 (Internal Server Error) jquery.js:5742
GET http://api.buddycloud.highfellow.org/andy@highfellow.org/media/avatar 500 (Internal Server Error) jquery.js:5742
GET http://api.buddycloud.highfellow.org/andy@highfellow.org/media/avatar?maxwidth=34&maxheight=34 500 (Internal Server Error) jquery.js:5742
GET http://api.buddycloud.highfellow.org/simon@buddycloud.org/media/avatar?maxwidth=34&maxheight=34 500 (Internal Server Error) jquery.js:5742
GET http://api.buddycloud.highfellow.org/isabella@buddycloud.org/media/avatar?maxwidth=34&maxheight=34 500 (Internal Server Error) jquery.js:5742
GET http://api.buddycloud.highfellow.org/schnouki@pouet.im/media/avatar?maxwidth=34&maxheight=34 500 (Internal Server Error) jquery.js:5742
GET http://api.buddycloud.highfellow.org/sonny@buddycloud.org/media/avatar?maxwidth=50&maxheight=50 500 (Internal Server Error) jquery.js:5742
GET http://api.buddycloud.highfellow.org/dodo@buddycloud.org/media/avatar?maxwidth=50&maxheight=50 500 (Internal Server Error) jquery.js:5742
GET http://api.buddycloud.highfellow.org/tuomas@buddycloud.org/media/avatar?maxwidth=34&maxheight=34 500 (Internal Server Error) jquery.js:5742
GET http://api.buddycloud.highfellow.org/simon@buddycloud.org/media/avatar?maxwidth=50&maxheight=50 500 (Internal Server Error) jquery.js:5742
GET http://api.buddycloud.highfellow.org/sonny@buddycloud.org/media/avatar?maxwidth=34&maxheight=34 500 (Internal Server Error) jquery.js:5742
GET http://api.buddycloud.highfellow.org/andy@highfellow.org/media/avatar?maxwidth=75&maxheight=75 500 (Internal Server Error) 

[imaginator]

Hi Andy - could you try to rule things out by changing the config to point at api.buddycloud.org and try against my account there (I'll send you the credentials).

[highfellow]

I've just tried making myself a username (highfellow@buddycloud.org) on demo.buddycloud.org, so I can test my webclient install. The user seemed to create successfully, but I end up with just a skeleton page, with nothing in the left sidebar except 'find channels', and just a box with 'find channels and posts' in the main part of the page, plus a spinner. The javascript console in chrome (20.0) shows:

GET https://api.buddycloud.org/highfellow@buddycloud.org/metadata/posts 404 (Not Found) jquery.js:8281
GET https://api.buddycloud.org/recommendations?max=5&user=highfellow%40buddycloud.org 500 (Internal Server Error) jquery.js:8281

I get a similar looking page in firefox (16.0.1)

I'll try again in a few hours in case this is just due to a temporary server fault.

(This is for demo.buddycloud.org itself, not the webclient I am running on my local host)

[rodrigods]

Known issue: https://github.com/buddycloud/buddycloud-http-api/issues/21

[imaginator]

Well spotted @rodrigods

[highfellow]

I've just tried opening highfellow@buddycloud.org in beta.buddycloud.org (the old client), editing the metadata, and then opening it again in both demo.buddycloud.org, and in my localhost webclient install (set to point to api.buddycloud.org). Both work OK :-D

I'll have another look at my http api install. I suspect the problem is to do with the way my webhost is proxying the incoming http requests to the server, so I'll try asking them to open a public port I can access it on directly.

[highfellow]

I've reinstalled the api server from the latest tarball and set it up with direct access through an open port. I also asked my webhost to create an SRV record for the api. I'm having the same problems as before (see https://github.com/buddycloud/webclient/issues/66#issuecomment-9809250). I.e. some of the api requests from the client are being refused as unauthorised (401) by the api server, even though the same requests done manually succeed.

My webclient config (which is on my laptop's localhost, and works OK when I point it at the buddycloud server), looks like this:

define({
  baseUrl: 'http://api.buddycloud.highfellow.org:22024',
  homeDomain: 'highfellow.org',
  defaultChannel: 'lounge@topics.buddycloud.org',
  release: false
});

The api server config looks like this:

// HTTP API server configuration. See README.md for details.

// Default settings (apply to all profiles)
exports._ = {
  port: 22024,
};

// Production settings (used by default)
exports.production = {
  debug: true,
  xmppDomain: 'highfellow.org',
  xmppHost: 'localhost',
  xmppPort: 5222,
  https: false,
  xmppAnonymousDomain: 'highfellow.org',
  channelDomain: 'buddycloud.highfellow.org',
  //pusherComponent: 'pusher.buddycloud.org',
  //searchComponent: 'search.buddycloud.org',
  //homeMediaRoot: 'https://api.buddycloud.highfellow.org/media'
};

One issue I've had with the http api is knowing what the different config settings mean. E.g. I wasn't sure what 'channelDomain' and 'pusherComponent' actually refer to in the buddycloud architecture. It would be good to have some comments in config.js.example to make this clearer.

Another question is whether the problem is that I'm running the api under http. I could get a certificate and set this up as https (which I should do anyway in the long term), but it would be good to know if this is likely to be the cause.

I'm also wondering if the problem is related to cross-domain scripting restrictions? It looks a bit like that, because requests like http://api.buddycloud.highfellow.org:22024/dave@highfellow.org/metadata/posts succeed when I make them manually through the browser (having logged in as myself), but are rejected as 401 unauthorised when the webclient makes them.

[highfellow]

I've just checked using curl to see if the Access-Control-Allow-Origin header is set, and it is ('*'):

curl -v --basic -u andy@highfellow.org:xxx api.buddycloud.highfellow.org:22024/dave@highfellow.org/metadata/posts?max=1
* About to connect() to api.buddycloud.highfellow.org port 22024 (#0)
*   Trying 95.211.35.213... connected
* Server auth using Basic with user 'andy@highfellow.org'
> GET /dave@highfellow.org/metadata/posts?max=1 HTTP/1.1
> Authorization: Basic xxx
> User-Agent: curl/7.22.0 (i686-pc-linux-gnu) libcurl/7.22.0 OpenSSL/1.0.1 zlib/1.2.3.4 libidn/1.23 librtmp/2.3
> Host: api.buddycloud.highfellow.org:22024
> Accept: */*
> 
< HTTP/1.1 200 OK
< X-Powered-By: Express
< Access-Control-Allow-Origin: *
< Access-Control-Allow-Credentials: true
< Access-Control-Allow-Methods: GET, POST, PUT, DELETE
< Access-Control-Allow-Headers: Authorization, Content-Type, X-Requested-With, X-Session-Id
< Access-Control-Expose-Headers: Location, X-Session-Id
< X-Session-Id: d6f3cae5106a55a6ba9c6d0bcbd34fe7
< Content-Type: application/json; charset=utf-8
< Content-Length: 204
< Date: Thu, 08 Nov 2012 22:58:17 GMT
< Connection: keep-alive
< 
* Connection #0 to host api.buddycloud.highfellow.org left intact
* Closing connection #0
{"title":"dave@highfellow.org Channel Posts","description":"A buddycloud channel","access_model":"open","creation_date":"2011-11-16T18:33:11.210Z","channel_type":"personal","default_affiliation":"member"}

I could really do with some help with this issue if anyone has the time to look into it. I'd like to have the new client running for my own use, but also so that I can get on with integrating the localisation code I've been working on.

[imaginator]

@highfellow I can try and help you tomorrow afternoon if that works for you? About 1pm your time?

[highfellow]

On 09/11/12 00:06, Simon Tennant wrote:

@highfellow https://github.com/highfellow I can try and help you tomorrow afternoon if that works for you? About 1pm your time?

— Reply to this email directly or view it on GitHub https://github.com/buddycloud/webclient/issues/66#issuecomment-10210688.

Thanks. I'm meeting a friend at 1. 11 or 3 would be better.

[highfellow]

This is the start of a capture of the http conversation between the web client and my api server:

GET /satori@highfellow.org/metadata/posts HTTP/1.1
Host: api.buddycloud.highfellow.org:22024
Connection: keep-alive
Origin: http://localhost
User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/536.11 (KHTML, like Gecko) Ubuntu/12.04 Chromium/20.0.1132.47 Chrome/20.0.1132.47 Safari/536.11
Accept: application/json, text/javascript, */*; q=0.01
Referer: http://localhost/webclient/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-GB,en;q=0.8,de-DE;q=0.6,de;q=0.4,en-US;q=0.2
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

HTTP/1.1 401 Unauthorized
X-Powered-By: Express
Access-Control-Allow-Origin: http://localhost
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, PUT, DELETE
Access-Control-Allow-Headers: Authorization, Content-Type, X-Requested-With, X-Session-Id
Access-Control-Expose-Headers: Location, X-Session-Id
WWW-Authenticate: Basic realm="highfellow.org"
Content-Type: text/plain
Content-Length: 12
Date: Fri, 09 Nov 2012 09:37:38 GMT
Connection: keep-alive

Unauthorized

It looks like the client isn't including any authorisation credentials in its request, which could be the problem?

In this snippet, where it requests the /subscribed node, http basic auth credentials are included.

OPTIONS /subscribed HTTP/1.1
Host: api.buddycloud.highfellow.org:22024
Connection: keep-alive
Access-Control-Request-Method: GET
Origin: http://localhost
User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/536.11 (KHTML, like Gecko) Ubuntu/12.04 Chromium/20.0.1132.47 Chrome/20.0.1132.47 Safari/536.11
Access-Control-Request-Headers: origin, authorization, accept
Accept: */*
Referer: http://localhost/webclient/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-GB,en;q=0.8,de-DE;q=0.6,de;q=0.4,en-US;q=0.2
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

HTTP/1.1 200 OK
X-Powered-By: Express
Access-Control-Allow-Origin: http://localhost
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, PUT, DELETE
Access-Control-Allow-Headers: Authorization, Content-Type, X-Requested-With, X-Session-Id
Access-Control-Expose-Headers: Location, X-Session-Id
Access-Control-Max-Age: 86400
Content-Type: text/plain
Content-Length: 2
Date: Fri, 09 Nov 2012 09:37:37 GMT
Connection: keep-alive

OKGET /subscribed HTTP/1.1
Host: api.buddycloud.highfellow.org:22024
Connection: keep-alive
Origin: http://localhost
Authorization: Basic xxx
User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/536.11 (KHTML, like Gecko) Ubuntu/12.04 Chromium/20.0.1132.47 Chrome/20.0.1132.47 Safari/536.11
Accept: application/json, text/javascript, */*; q=0.01
Referer: http://localhost/webclient/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-GB,en;q=0.8,de-DE;q=0.6,de;q=0.4,en-US;q=0.2
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

HTTP/1.1 200 OK
X-Powered-By: Express
Access-Control-Allow-Origin: http://localhost
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, PUT, DELETE
Access-Control-Allow-Headers: Authorization, Content-Type, X-Requested-With, X-Session-Id
Access-Control-Expose-Headers: Location, X-Session-Id
X-Session-Id: b23408b6d8b4ee28f2ec1241f2ce6297
Content-Type: application/json; charset=utf-8
Content-Length: 4344
Date: Fri, 09 Nov 2012 09:37:38 GMT
Connection: keep-alive

{"suw@highfellow.org/geo/previous":"member", [...]

Later on as part of the same conversation, it requests GET /andy@highfellow.org/metadata/posts HTTP/1.1 without any credentials, and is refused as 401 unauthorised, the same as in the first snippet.

[imaginator]

Happy to close this one.

I'll improve the API server's config.js file.

[Schnouki]

Some additional details in case anyone is interested: the problem was that anonymous login was disabled in Prosody. Hence all anonymous connections failed, which caused the http api server to send a 401 code.

[highfellow]

Solved - thanks simon and schnouki for your help on seehaus.

The problem was that my http api didn't have prosody's anon domain set right in config.js.

[highfellow]

@schnouki - just to make clear - my prosody config was OK (anonymous domain set), but the http api config wasn't referring to the right domain.