jshawl
commented
9 years ago This is such a cool idea!!
re: the jsonp - check out this SO question and answer - http://stackoverflow.com/questions/2067472/what-is-jsonp-all-about
Unfortunately, there is no way to obscure JS variables in the way we have done with ruby. This is by virtue of JS being a client-side language.
One solution is to have a back-end application act as a proxy to obscure tokens.
e.g.
- ajax get request to /temps
- controller in backend app responds to /temps
- fetch temps from api with api token on backend
- respond to ajax request with temps
- update the view
Comfort: 4 Completeness: 4 https://github.com/mattficke/temp_map http://www.mattficke.com/temp_map/
I ended up going down a different path eventually, but on my first attempt at a different version of this I ran into a cross-domain error. I was sort of able to start getting past it by changing the dataType to 'jsonp', but I don't entirely understand what was going on there. It looks like it's sending the response to your provided callback function, but I'm not sure how it's parsed differently than regular json.
Also: is there any javascript equivalent of an environment variable, or some other way of securing your API keys? Everything's visible in the code now.