Welcome!

Welcome to the official BlackBerry Support Community Forums.

This is your resource to discuss support topics with your peers, and learn from each other.

inside custom component

Web and WebWorks Development

Reply
Developer
lgingell
Posts: 34
Registered: ‎01-07-2009
My Device: Not Specified

Call Web Service on ANY host from WebWorks app?

I have a few apps in BlackBerry world. One in Java, one Air, one Android.

 

I'm working on a WebWorks/BBUI app for BB10 that will also go on BlackBerry World for sale.

This particular app talks to a users' own server via xmlHttp.open, xmlHttp.send etc.

When the user starts the application, it asks them to enter the name of THEIR server, where another system is running (and expecting connections from the mobile device running this applicatoin)

 

I have the application communicating with my web service from the app on a BB10 device but ONLY if I specify

 <access uri="http://mydomain.com" subdomains="true" />

 in the config.xml

 

If I use 

 <access uri="*" subdomains="true" />

 I receive a JavaScript alert on the device  "http://otherdomain.com..." not allowed.

 

From the Ripple emulator, this will work with "cross domain proxy" disabled. 

 

I have enabled cross origin resourse sharing on my test servers enable-cors.org and this appears to work in Ripple.

 

Doing some research, I notice that this page:

Securing WebWorks

Says that "The wildcard character (*) cannot be used for data accessed by XMLHttpRequest, in this case, you must explicitly specify each domain"

 

So, if that is that case, how the heck can I write a WebWorks application for the BlackBerry World store, with a web service that can connect to the customers OWN server ?  Obviously, I can't add an access uri for their server to my config.xml, since it could be anything.

 

Please use plain text.
New Developer
dSolver
Posts: 10
Registered: ‎02-08-2012
My Device: Blackberry Playbook 2.0
My Carrier: WIND

Re: Call Web Service on ANY host from WebWorks app?

Would it be possible for you to set your own server up as a proxy for the multitude of other servers?

 

Also, not sure if you know about JSONP already (wiki link)

 

And a similar problem but associated with JSONP (forum link)

 

Hope this helps!

Building amazing things with limited tools is my job.
Please use plain text.
Developer
lgingell
Posts: 34
Registered: ‎01-07-2009
My Device: Not Specified

Re: Call Web Service on ANY host from WebWorks app?

Thanks for the reply, but having my server be a proxy is a definite no-no in this case.

 

I'd looked at JSONP, but it would require major server changes, and I'm not even sure it would fix this issue.

 

My head hurts!

Please use plain text.
Developer
peardox
Posts: 1,229
Registered: ‎03-20-2011
My Device: Playbook, Z10 LE, Dev Alpha B, 2x Dev Alpha C
My Carrier: 3, Orange, Vodafone

Re: Call Web Service on ANY host from WebWorks app?

There is this...

 

<feature id="blackberry.app">
    <param name="websecurity" value="disable" />
</feature>

 

BUT...

 

Disables web security. Disabling web security allows you to access remote content from unknown sources during development. Before packaging your app for distribution, you should remove this setting.

This feature is intended as a development convenience only. In production, all URIs should be known and should be whitelisted using the <access> element.

 

I'm not sure if it'd pass BBW with that param enabled

 

Your inability to proxy makes it sound like you're talking to the public interface of a service that provides sensitive information - e.g. a financial package

 

There is one solution that springs to mind although it's far from trivial to automate

 

Buy a domain with full DNS capability. Ideally one with remote DNS setup (you could do it manually but that's a bad option)

 

Now - having secured mymegasafefinancialapp.com whitelist the domain for XHR on subdomains

 

User signs up - selects a username - user name is added to DNS as a CNAME record

 

So I sign up telling the app I want to go to peardox.com and a new DNS record is created with

 

peardox.mymegasafefinancialapp.com CNAME peardox.com

 

That will get you around the situation without using a proxy

 

It's messy but will work

 




Click the like button if you find my posts useful!
Please use plain text.
BlackBerry Development Advisor (Retired)
erikjohnzon
Posts: 245
Registered: ‎09-21-2012
My Device: Q10
My Carrier: Virgin

Re: Call Web Service on ANY host from WebWorks app?

peardox is correct, we don't have an api to add a domain dynamically. You can disable it though. You can see the conversation that originally took place here:

 

https://github.com/blackberry/BB10-WebWorks-Framework/issues/392

 

@erikjohnzon
erjohnson@blackberry.com
Please use plain text.
Developer
lgingell
Posts: 34
Registered: ‎01-07-2009
My Device: Not Specified

Re: Call Web Service on ANY host from WebWorks app?

I did see the websecurity option just after I posted (thanks for making me aware though). Which brings up these questions:

 

1. What ELSE will turning off websecurity do?

2. Will it pass review on BlackBerry World?

 

However, I fail to see how WebWorks can be angled as the technology to port over BB OS java apps if it can't be pointed to any back end service at runtime!

 

This IS possible from BBOS Java, Air, Android player, and on iOS, Android and Windows Phone/RT. 

 

Could you imagine if Microsoft could sell Outlook, but it wouldn't connect to your own Exchange server, only their proxy?! :smileywink:

 

I have to think there's something amiss here in the API.

 

Perhaps if "websecurity" just does an allow all, then the name of the feature is the issue, not the functionality?

Please use plain text.
Developer
peardox
Posts: 1,229
Registered: ‎03-20-2011
My Device: Playbook, Z10 LE, Dev Alpha B, 2x Dev Alpha C
My Carrier: 3, Orange, Vodafone

Re: Call Web Service on ANY host from WebWorks app?

If you read the discussion pointed to above you'll see the thoughts of those who decided on this

 

We had a similar thread a few days ago over private networks

 

I reckon bb are trying to push devices as the only safe biz platform which sorta explains the restriction

 

I guess websecurity was added pretty recently, possibly in gold

 

Personally i'd put in a test app with websecurity just to see what happens

 

Yeah, it is a bit dumb




Click the like button if you find my posts useful!
Please use plain text.