Click for Sun
Back to Board Index

Online pilots/ATC counter
Daniel Gelling
Netherlands

3rd Jul 2014
13:35:27
Hello Dave,

Could you make a simple page we can call in PHP (via file_get_contents(); that displays the users online at our server?

Yours sincerely,

Daniel Gelling
Dave Wave
United Kingdom

4th Jul 2014
08:48:47
I'd rather provide you with a json file that you can pick up all variables for your server. You would really be better doing this as an asynchronous request with javascript rather than trying to make an inline call to fsopen which will add latency to your website loading.

David Figge
United States

7th Jul 2014
14:10:12
Dave,

That sounds good. RealFsx is interested as well.

Thanks
Dakoda Neilson
United States

10th Jul 2014
18:52:38
Flyrz is interested too.
Karl Hendry
United States

11th Jul 2014
07:38:07
Count msFlights in as well.
Dave Wave
United Kingdom

11th Jul 2014
18:13:21
I've been trying to make a nice bit of code for you to make things easy for you but I'm struggling with the best way to get around the same origin policy, that stops you from loading json from a different server than the calling html page.

I know there are workarounds to the problem but anyone think they have the best(simplest) solution?

Tim Walters
United Kingdom

12th Jul 2014
16:41:08
Not quite following you there Dave...

http://en.wikipedia.org/wiki/JSONP

Any good?

T.
Joe Clifford
United Kingdom

12th Jul 2014
21:33:42
Dave,

I think I understand where you are coming from.

For those reading the thread that are not familiar with the same/single origin policy, then basically its a HTTP policy that restricts how a script loaded from one origin can interact with another origin. Its proven to be a very useful security feature and when you think at how many devices around the world servers are shipping executable code to every day its proven to be good when it comes to preventing exploits.

It is however, sometimes a real pain.

Ways around it. One, as Tim has suggested you use Padded JSON (JSONP). Take JSON, make it a function call, then eval it within the browser. It skips the SOP because your loading a resource, which is dynamic data but the browser has no clue. All you would need to do is take your JSON and wrap it in a callback, so: callback({"Session_ID" : 12}) for example.

The problem is JSONP is that you're now opening up your data to any other script that is brought in. Eval is, as i'm sure you know, discouraged because you could be executing bad code. Everything would need to be thoroughly validated first.

Another option is Cross Origin Resource Sharing (CORS). This will allow you, server side, to specify who and what has access to the data and under what conditions. Plain JSON can still be used and you would still have access to all the HTTP verbs if you wanted to use them.

With this feature in mind, you would have the "pre flight checks" handshake. The browser, client side, passes the origin header to the server. The server then responds using "Access-Control-Allow-Origin: [site address]" then allowing that site access. Now, you could just use "Access-Control-Allow-Origin: *", where you are allowing access to everyone under the sun. Alternatively you could build yourself a white list (You could create an API access form where the client would need to specify the HOST that would require access). They pass through the header the origin, you compare that to your white list, if its there, echo it it back out and they have access. Otherwise don't

You would need to install some stuff onto your server in order to handle CORS I believe.

Regards,
Joe



You need to Log on to post a reply.
Back to Board Index



Forum help

No politics, just flying
FSopen © 2009 - 2017
Page views: 2058666612