HTTP-referer tokens fails with secure services when files are served from file://

772
1
05-28-2013 11:52 PM
Ole_-_AndréJohansen
New Contributor
Hi!

We are building a phonegap app that will include som mapping features using phonegap/Cordova. Cordova serves up HTML/JS files in a webview on the smartphone straight from "disk" using the file:// protocol. This seems to be confusing the JS APIs, and the referrer is not included when a request to a secure service is made, hence the token is considered invalid.

Is this a bug in the JS API, or is there a known workaround? We cannot have username/password stored on the devices, and the devices will change IPs frequently. Our current solution is to serve a token to the clients based on their IP that they can use, but this is not ideal.
1 Reply
BrianRassier
Occasional Contributor
Not sure if this will help, but when downloading the JS API to use locally, it includes instructions on how to update the local JS API to map back to your particular server.  We've manipulated this portion of the API to work locally, so the JS isn't truely hosted anywhere besides the file system.  Maybe you could do something similar for your phonegap app.

This updated area of the JS API also deals with the file: protocol, so you may be able to adjust this local copy of the API to suit your needs.

Download Link:
http://developers.arcgis.com/en/javascript/jshelp/intro_accessapi.html

Once downloaded, the install.htm file explains how to manipulate the local API.  I also have a different forum post somewhere explaining how I got it to work for local-only.
0 Kudos