4

I decided to develop an app that uses a public API which provides time schedules for buses and subways in a city.

I decided to develop this app using HTML5 so that through the use of something like phonegap I would be able to deploy for multiple platforms.

During the development I discovered that I couldn't access the JSON response from the API due to the xmlhttprequest-cannot-load No 'Access-Control-Allow-Origin' header is present on the requested resource

So i decided to use a normal provider webspace as a bridge with a php function to which i send the request and that is able to get the response from that API service and send back to my HTML page the JSON result.

I have two questions for which also a starting page or a clue would be appreciated: 1) This problem of the Access-Control-Allow-Origin is something that would appear also if I developed the app in native code (java and ObjC)?

2) If the HTML5 and the javascript is compiled by phonegap I will be still unable to access that API service and I will still have the same problem and I will still have to use the php bridge?

jgillich
  • 71,459
  • 6
  • 57
  • 85
Ivan_nn2
  • 469
  • 7
  • 20

3 Answers3

3

1) This problem of the Access-Control-Allow-Origin is something that would appear also if I developed the app in native code (java and ObjC)?

No, this is a security feature that only browsers implement.

2) If the HTML5 and the javascript is compiled by phonegap I will be still unable to access that API service and I will still have the same problem and I will still have to use the php bridge?

PhoneGap does set the correct headers that allow you to access all hosts. It is not able to overwrite or modify the headers that the responding server returns. Usually API endpoints DO set the correct headers, you should consider telling the API owners if they don't.

jgillich
  • 71,459
  • 6
  • 57
  • 85
  • Thank you for the clear answer. So this means that is useless develop something in html5 for a service like this one, unless you have directly access to the API!. I case I would like to stick with this project and I'd need a server to functioning as a bridge, can i ask you what should i do? Buy a normal domain on a normal server, buy a VPN or a dedicated server? Could you point me in the right direction? Thank you anyway for the answer. – Ivan_nn2 May 20 '14 at 12:09
0

Possible to whitelist URL-s, see: http://docs.phonegap.com/en/3.0.0/guide_appdev_whitelist_index.md.html

sibidiba
  • 6,270
  • 7
  • 40
  • 50
0

I had a similar issue trying to use an external API (supermarket api) and found when I actually uploaded my code to phonegap build and then downloaded it on the device, the http request was resolving.

Robert Rendell
  • 1,658
  • 15
  • 18
  • to debug on your browser without getting the Access-Control-Allow-Origin error, do the api calls manually from the browser and save the responses, then use these json files in place of any http gets in the code so you have some mock results. I used a flag to say whether the application was in debug mode or production mode and this flag is checked every time there is a http request to the api and uses the json response files instead of doing the http GET. – Robert Rendell Mar 03 '15 at 13:34