I'm trying to build an html file to monitor some things on a remote site- specifically, github.com. I'd like to be able to keep it to just that flat file, making the requests straight from the JS to github's API. My thought process went like this:
- Let's use jsonp, since I only need read access, so sticking with GETs should be fine.
- That fails because you can't do basic authentication with jsonp.
- Ok, I'll use Github's OAuth instead of basic authentication!
- That fails because the browser doesn't like me redirecting to a local resource:
Not allowed to load local resource: file:///Users/...for understandable security reasons.
- That fails because the browser doesn't like me redirecting to a local resource:
- Ok, I'll load Github's oauth in an iFrame, then get the resulting url (which should contain the oauth code I need).
- That fails because you apparently can't access anything about a child iframe if it's on another domain, so unless I redirect back to file:///whatever, I can't get the final url. And, of course, I can't redirect to file:///whatever because of the ``Not allowed to load local resource` again.
- Ok, I'll use Cross-Origin Resource Sharing (going back to basic auth again)!
- That fails because CORS from a file:/// url send the origin header as null, which servers won't accept
So, any suggestions as to how to successfully authenticate to this api from a single, local html file- either as a way around the above tacts, or another idea entirely?
