Backbone.js and cross domain issues

[marbetschar]

As I'm currently developing a backbone.js application based on a Taffy REST API, I'm facing again some "cross domain policy" issues.

The folowing changes in the taffy.core.api have solved my problems:

<cfset local.allowVerbs = uCase(structKeyList(_taffyRequest.matchDetails.methods)) />
<cfif application._taffy.settings.allowCrossDomain AND NOT listFind(local.allowVerbs,'OPTIONS')>
    <cfset local.allowVerbs = listAppend(local.allowVerbs,'OPTIONS') />
</cfif>

and

<cfif application._taffy.settings.allowCrossDomain>
    <cfheader name="Access-Control-Allow-Origin" value="*" />
    <cfheader name="Access-Control-Allow-Methods" value="#local.allowVerbs#" />
    <cfheader name="Access-Control-Allow-Headers" value="Content-Type" />
</cfif>

Additionally I would suggest to use local.allowVerbs anywhere where the allowed verbs are transmitted as a header field. I've changed the ALLOW header to use this variable too.

[atuttle]

Updated in develop branch. Will be included in the next release. Thanks for the report. Should anything be added to the docs around this?

[marbetschar]

It may make sense to point out all the headers which are added in the docs. I think about adding a section which points out which headers are added on every request, and which headers are only added if allowCrossDomain is set to true.

As I'm fairly new to the crossDomain-mobileDevice world i expect there may be additional headers which should be included on this. Maybe we should open up a topic on this in the Google Group?

[atuttle]

I've used Taffy to back (phonegap-based) mobile apps and didn't need
anything outside of the cross-domain setting.

marbetschar wrote:

It may make sense to point out all the headers which are added in the
docs. I think about adding a section which points out which headers
are added on every request, and which headers are only added if
allowCrossDomain is set to true.

As I'm fairly new to the crossDomain-mobileDevice world i expect there
may be additional headers which should be included on this. Maybe we
should open up a topic on this in the Google Group?

—
Reply to this email directly or view it on GitHub
#106 (comment).

[atuttle]

Documentation completed; closing.