iphone html app - cross site xmlhttprequest? - iphone

On an iphone, you can add a favourite when on a webpage and if that webpage has the correct meta tags for iphone, it gets an icon and can even 'hide' the browsers chrome and display just like an App. With html5 http headers you can even have the phone completely cache the 'app' so that it never has to contact the server again.
The problem I have is that I want to write apps that make xmlhttprequests to a server that is not the server they were originally from. I heard its possible to do this if you somehow export your favourites and HTML5 chache then manually edit the export file to change the URL for the favourite, then import them again, so that the phone doesn't think the javascript is trying a cross site xmlhttprequest.
However I have not found anything like that (maybe it was a jailbreak thing?). At the moment I have to have a proxy on the server where the 'app' originally came from, which is obviously very annoying.
I also heard that there was a special meta tag that allowed you to specify one other domain for xmlhttprequest, it had something to do with specifying that the page was actually a mirror and should be treated as if it came from another domain. Does anyone know what meta tag this is? I tried searching all over apple and found nothing.
I believe it might also be possible if you can get webkit to treat the cache as a file:// protocal, because then cross site security will not apply.

The answer is this is not possible and is not meant to be possible.

Related

Detecting what &gwt.codesvr should be set to in non-gwt pages in a GWT/servlet app?

We have an application that is built exclusively in dev mode using the embedded jetty server that comes with GWT. We also host on jetty.
There are a number of pages we use for development only to do things like simulate SSO requests, view emails that were sent through the system, and check what files are uploaded.
When we try to link from these pages into a GWT page the problem becomes that &gwt.codesvr=192.168.0.101:9997 is not included in the URL and we get the error message "GWT module 'YourApp' may need to be (re)compiled". Obviously I can paste in "&gwt.codesvr=192.168.0.101:9997" manually but is very annoying. Does anybody know of a way to detect you are in the embedded Jetty dev mode server and auto generate links to have the correct "&gwt.codesvr=192.168.0.101:9997" added on?
Try this solution: https://stackoverflow.com/a/9122167/970308
I've updated this bookmarklet. It isn't perfect, but makes it quick while developing.
I suggest you create a Filter which will simply redirect you to an address with &gwt.codesvr=192.168.0.101:9997 as soon as you navigate to the one of the "development pages". If codesvr parameter is specific for each developer, each developer will have to set it in some cookie and filter will simply take this value from cookie.

Browser plugin for cross-domain iframe communication

I would like to create a browser plugin/extension that would allow the browser to read contents of a cross-domain iframe. I understand that this isn't possible with javascript, but perhaps someone could point me in the right direction of how to create a plugin that users could install. A cross-browser solution would be ideal.
Specifically, I am creating helpful navigation utility, and I want to know the url of the iframe so that I can prevent the iframe from navigating to any questionable sites accidentally. I would also like to detect the size of the contents.
Thanks in advance.
Option 1: file_get_contents:
What you can try is to get the contents from the page by the PHP function file_get_contents, load the CSS files and get the contents and the size of the page.
Option 2: Headers:
You can start here: http://www.senocular.com/pub/adobe/crossdomain/policyfiles.html
See the "allow-access-from" section where you can allow domains to be accessed cross domain when they have specific headers.
Userscripts have cross-domain XMLHttpRequest, and they will even run on all browsers. They (or at least Kango's Content Scripts) have the ability to write and read stored values for cross-window communication.

Jquery mobile page not loading correctly on Netherlands 3G connections

I have a jquery-mobile application that is running inside a UIWebView in an iphone application. The webview shows the jquery-mobile page correctly, BUT only when the page is not loaded with a 3G connection. I know this sounds very weird and it is a very weird problem indeed, because if the page is loaded with a WIFI connection, it is display perfectly... here is a screenshot...
If instead my client uses a 3G connection to load the jquery mobile page, it seems that for some reason the javascripts and CSS that are needed to display the jquery mobile page are not loaded. Here is a second screenshot showing what the page looks like when it is loaded with 3G...
(Note: I know that this screenshot is not exactly the same page as the first one, but when it loads correctly it has the same styling as the first screenshot)
As you can see from the title of the page, the 3G connection that is giving this problem is in the Netherlands and my client has tried two different 3G providers in the Netherlands and encounters the same problem with both providers. If I test the application where I live, namely in South Africa, the page loads correctly with my 3G connection.
So, my question is, does anyone have any idea what could be causing the jquery mobile javascripts and CSS to fail to load on 3G connections in the Netherlands?
I have determined what was going wrong on the 3G connection in Holland. This problem arises because several mobile operators do content modification before delivering it to the phone and this modification breaks jQuery. From my experience and from what I have read on the internet, it seems that the following providers do content modification: O2 in UK, Vodafone in the Netherlands and T-Mobile in the Netherlands.
To see reports of other people who have been encountering issues with these 3G connections breaking javascripts look at the following links:
http://stuartroebuck.blogspot.com/2010/07/mobile-proxy-cache-content-modification.html
http://blog.gotfocussolutions.com/index.php/2011/10/jquery-mobile-doesnt-work-on-o2-3gedge-due-to-mobile-proxy-cache-content-modification/
http://bugs.jquery.com/ticket/8917
http://www.ladysign-apps.com/blog/code/javascript/jquery-does-not-load-3g-iphone-safari/
The last link listed above also gives the work around to this problem; the javascript file that is being being modified and broken by the 3G connection must be moved to an external server. So, for example, if jQuery is being broken by the 3G connection (as was the case for me), then don't serve the jquery file yourself, instead make use of a CDN like google:
http://ajax.googleapis.com/ajax/libs/jquery/1.6.2/jquery.min.js
Hope this information saves someone else the hours of frustration that this issue has cost me!
For anyone experiencing this problem on O2 (certainly here in the UK anyway) the reason is because O2 have an "optimisation platform" which takes external CSS and Javascript files and sets them inline on the document which can cause conflicts. (source)
This URL was certainly one of the better links I stumbled upon to regarding this particular problem:
http://stuartroebuck.blogspot.co.uk/2010/08/official-way-to-bypassing-data.html
One of the more reliable work arounds is to modify your website's headers to return the Cache-Control: no-transform header as O2 have indicated that if this response is provided then they will not modify the headers.
You can add the following to your .htaccess file:
<files ~ "\.(html|php|js)$">
Header add Cache-Control "no-transform"
</files>
I solve this by changing url in ajax, from ../folder/subfolder/test.php to http://mydomain/folder/subfolder/test.php

What's the shebang/hashbang (#!) in Facebook and new Twitter URLs for?

I've just noticed that the long, convoluted Facebook URLs that we're used to now look like this:
http://www.facebook.com/example.profile#!/pages/Another-Page/123456789012345
As far as I can recall, earlier this year it was just a normal URL-fragment-like string (starting with #), without the exclamation mark. But now it's a shebang or hashbang (#!), which I've previously only seen in shell scripts and Perl scripts.
The new Twitter URLs now also feature the #! symbols. A Twitter profile URL, for example, now looks like this:
http://twitter.com/#!/BoltClock
Does #! now play some special role in URLs, like for a certain Ajax framework or something since the new Facebook and Twitter interfaces are now largely Ajaxified?
Would using this in my URLs benefit my Web application in any way?
This technique is now deprecated.
This used to tell Google how to index the page.
https://developers.google.com/webmasters/ajax-crawling/
This technique has mostly been supplanted by the ability to use the JavaScript History API that was introduced alongside HTML5. For a URL like www.example.com/ajax.html#!key=value, Google will check the URL www.example.com/ajax.html?_escaped_fragment_=key=value to fetch a non-AJAX version of the contents.
The octothorpe/number-sign/hashmark has a special significance in an URL, it normally identifies the name of a section of a document. The precise term is that the text following the hash is the anchor portion of an URL. If you use Wikipedia, you will see that most pages have a table of contents and you can jump to sections within the document with an anchor, such as:
https://en.wikipedia.org/wiki/Alan_Turing#Early_computers_and_the_Turing_test
https://en.wikipedia.org/wiki/Alan_Turing identifies the page and Early_computers_and_the_Turing_test is the anchor. The reason that Facebook and other Javascript-driven applications (like my own Wood & Stones) use anchors is that they want to make pages bookmarkable (as suggested by a comment on that answer) or support the back button without reloading the entire page from the server.
In order to support bookmarking and the back button, you need to change the URL. However, if you change the page portion (with something like window.location = 'http://raganwald.com';) to a different URL or without specifying an anchor, the browser will load the entire page from the URL. Try this in Firebug or Safari's Javascript console. Load http://minimal-github.gilesb.com/raganwald. Now in the Javascript console, type:
window.location = 'http://minimal-github.gilesb.com/raganwald';
You will see the page refresh from the server. Now type:
window.location = 'http://minimal-github.gilesb.com/raganwald#try_this';
Aha! No page refresh! Type:
window.location = 'http://minimal-github.gilesb.com/raganwald#and_this';
Still no refresh. Use the back button to see that these URLs are in the browser history. The browser notices that we are on the same page but just changing the anchor, so it doesn't reload. Thanks to this behaviour, we can have a single Javascript application that appears to the browser to be on one 'page' but to have many bookmarkable sections that respect the back button. The application must change the anchor when a user enters different 'states', and likewise if a user uses the back button or a bookmark or a link to load the application with an anchor included, the application must restore the appropriate state.
So there you have it: Anchors provide Javascript programmers with a mechanism for making bookmarkable, indexable, and back-button-friendly applications. This technique has a name: It is a Single Page Interface.
p.s. There is a fourth benefit to this technique: Loading page content through AJAX and then injecting it into the current DOM can be much faster than loading a new page. In addition to the speed increase, further tricks like loading certain portions in the background can be performed under the programmer's control.
p.p.s. Given all of that, the 'bang' or exclamation mark is a further hint to Google's web crawler that the exact same page can be loaded from the server at a slightly different URL. See Ajax Crawling. Another technique is to make each link point to a server-accessible URL and then use unobtrusive Javascript to change it into an SPI with an anchor.
Here's the key link again: The Single Page Interface Manifesto
First of all: I'm the author of the The Single Page Interface Manifesto cited by raganwald
As raganwald has explained very well, the most important aspect of the Single Page Interface (SPI) approach used in FaceBook and Twitter is the use of hash # in URLs
The character ! is added only for Google purposes, this notation is a Google "standard" for crawling web sites intensive on AJAX (in the extreme Single Page Interface web sites). When Google's crawler finds an URL with #! it knows that an alternative conventional URL exists providing the same page "state" but in this case on load time.
In spite of #! combination is very interesting for SEO, is only supported by Google (as far I know), with some JavaScript tricks you can build SPI web sites SEO compatible for any web crawler (Yahoo, Bing...).
The SPI Manifesto and demos do not use Google's format of ! in hashes, this notation could be easily added and SPI crawling could be even easier (UPDATE: now ! notation is used and remains compatible with other search engines).
Take a look to this tutorial, is an example of a simple ItsNat SPI site but you can pick some ideas for other frameworks, this example is SEO compatible for any web crawler.
The hard problem is to generate any (or selected) "AJAX page state" as plain HTML for SEO, in ItsNat is very easy and automatic, the same site is in the same time SPI or page based for SEO (or when JavaScript is disabled for accessibility). With other web frameworks you can ever follow the double site approach, one site is SPI based and another page based for SEO, for instance Twitter uses this "double site" technique.
I would be very careful if you are considering adopting this hashbang convention.
Once you hashbang, you can’t go back. This is probably the stickiest issue. Ben’s post put forward the point that when pushState is more widely adopted then we can leave hashbangs behind and return to traditional URLs. Well, fact is, you can’t. Earlier I stated that URLs are forever, they get indexed and archived and generally kept around. To add to that, cool URLs don’t change. We don’t want to disconnect ourselves from all the valuable links to our content. If you’ve implemented hashbang URLs at any point then want to change them without breaking links the only way you can do it is by running some JavaScript on the root document of your domain. Forever. It’s in no way temporary, you are stuck with it.
You really want to use pushState instead of hashbangs, because making your URLs ugly and possibly broken -- forever -- is a colossal and permanent downside to hashbangs.
To have a good follow-up about all this, Twitter - one of the pioneers of hashbang URL's and single-page-interface - admitted that the hashbang system was slow in the long run and that they have actually started reversing the decision and returning to old-school links.
Article about this is here.
I always assumed the ! just indicated that the hash fragment that followed corresponded to a URL, with ! taking the place of the site root or domain. It could be anything, in theory, but it seems the Google AJAX Crawling API likes it this way.
The hash, of course, just indicates that no real page reload is occurring, so yes, it’s for AJAX purposes. Edit: Raganwald does a lovely job explaining this in more detail.

How do I implement a Floodlight tag into an iPhone app?

A client is asking me to insert a Floodlight tag into an Objective-C programmed iPhone app that is ready for submission to the App Store.
I did some Googling, and couldn't find anything about how to do this (it seems like you can you only add Floodlight tags via Javascript, but I'm not too sure). Can you do this, and, if so, how?
If nothing else, you can create an offscreen UIWebView and invoke the appropriate javascript with stringByEvaluatingJavaScriptFromString. Not a good solution, but if javascript is required it may be your only choice.
Instead of embedding a UIWebView right off the bat for this, you could try using NSURLConnection to request the URL normally inserted with the Floodlight iframe. It seems that unless the contents of the iframe (which should just be a transparent GIF) need to interact with the host page, simply performing and receiving the request should fulfill the purposes of tracking. Check the ToS, though, to see if they have any stipulations about this.