7 May 2012 12:40 AM #1
Unanswered: JSONP & How to handle authentication
I have a Sencha application running on one server and a back-end web service running on a separate server which provides the Sencha application with it's data as well as authentication. Both servers are secured with HTTPS.
I originally had my Sencha app using just JSON to communicate with the back-end, but it meant having to keep both servers on the same domain. Ajax calls do not allow cross-domain communications.
As an aside, you can actually allow cross-domain communications, but it seems mobile browsers do not support it. See here.
When using JSON, I did a HTTP POST to the back-end server to handle authentication with the username and password in the HTTP header. However, it's not possible to do POST requests using JSONP, so how does one go about sending the username and password to the back-end?
I could of course just do a GET request and have the username and password in the URL but this is surely a big no no since the URL is still sent as plain text even on a HTTPS connection.
So I am looking for a bit of direction on how to go about this. I am sure this is something that has cropped up previously. Perhaps I have no choice but to have both applications running on the same server?
Any advise would be great.
9 May 2012 9:15 AM #2
- Join Date
- Mar 2007
- Gainesville, FL
- Vote Rating
You will need to enable CORS to do POSTS, there is no way to do JSONP as GET as it's just a <script> tag.Mitchell Simoens @SenchaMitch
Sencha Inc, Senior Software Engineer
Check out my GitHub, lots of nice things for Ext JS 4 and Sencha Touch 2
Think my support is good? Get more personalized support via a support subscription. https://www.sencha.com/store/
Need more help with your app? Hire Sencha Services firstname.lastname@example.org
Want to learn Sencha Touch 2? Check out Sencha Touch in Action that is in print!
When posting code, please use BBCode's CODE tags.