bytespider
commented
12 years ago Is your browser set up to allow cross domain requests? Most browsers by default will prevent this.
Closed ghost closed 12 years ago
bytespider
commented
12 years ago Is your browser set up to allow cross domain requests? Most browsers by default will prevent this.
ghost
commented
12 years ago That is an interesting thought. An example that requests a PIN works on Safari but not Firefox, although I did test other HTTP request on Firefox, like to the bitly API so I would assume the cross domain permissions are not an issue. As far as you are concerned, has this been tested on all common browsers?
bytespider
commented
12 years ago Absolutely not. jsOAuth in the browser is completely untested. This is down to the security imposed on browsers. The test suite was writen to work in chrome with all security turned off purely out of convenience.
I'm very surprised that Safari worked and Firefox didn't.
You mention that you are attempting to use bitly which uses OAuth 2.0 which isn't supported in jsOAuth at the moment.
ghost
commented
12 years ago I see. So basically are you saying it is not a good idea to use oauth with javascript and that you should really do this server side? I'm just wondering how Facebook javascript client does this, I mean it's definitely JavaScript yet it works fine.
Regarding bitly, I was only trying REST requests without oauth.
bytespider
commented
12 years ago No I'm saying in the browser it's not advised. Facebook uses OAuth 2.0 and probably has CORS support.
ghost
commented
12 years ago Ok, well thanks for your help. I need to have this implemented by Tuesday so will try the JavaScript way for now.
lukaszkorecki
commented
12 years ago It worked in Safari because if you open a local .html file the browser switches to a kind of "dashboard widgets dev mode" and disables Same Origin Policy
I cannot get the authentication work because there is only empty text coming back from the request token URL. Then when user is redirected to https://api.twitter.com/oauth/authorize?, twitter says that there is no request token. I am using the example on your wiki page for PIN-based authentication and trying it from a page on my hard drive and from a virtual domain linked to my localhost. Do I need to do anything else other than just copy your example code over?