Jquery AJAX and sabnzbd - OK 200 but still getting Firebug error

[iDVB]

Maybe I'm not doing something right, I can't seem to get a Jquery ajax request to hit my SABsite without a firebug error.
It seems to generate an error when using JQuery.ajax()

This is my code:

Code: Select all

	$.ajax({
		type: "GET",
		url: url,
		data: {
	                mode: callMode,
		        name: callName,
			apikey: api_key
		},
		success: function(result) {
		        console.log("SUCCESS");
		        console.log(result);
	        },
	        error: function(result) {
		       console.log("ERROR");
		       console.log(result);
	        }
       });

Empty Response:
http://screencast.com/t/oZJ2raff2z

Header info:
http://screencast.com/t/SzOHRF4IC5s

[iDVB]

What is the URL? It won't work if it's a different domain/host from the page that is calling that.
http://en.wikipedia.org/wiki/Cross-site_scripting

Ya its a different domain. But see now that's the interesting part. It DOES work, the server call makes it to SAB which starts DLing the NZB that it was given. BUT...the calling page still receives a JS error in firebug. As far as I can tell, this error is regarding the response... not the request.

[the_loneley]

Hello

Accidentally (?) the day before yesterday I forked sabnzbd on Github to 'fix' exactly this problem and today I got done wihth it.

What sabnzbd must do to permit the browser to give the request a wholehearted success state is described here.

I added a 'bless_cross_site'-option and a 'blessed_hosts'-option where you can enter the host names for the 'Access-Control-Allow-Origin'-header...

Of course I would like this feature to get part of the official sabnzbd but I'm not sure wich way best to go. Should I just issue a pull request and then talk about eventual changes (like adaptions to sabnzbs programming style, better names for the config options etc.) or should I first propose it here?

Is it maybe not wanted that sabnzbd is controlled by cross-site AJAX?

Regards, T.

P.S. To try out my adds git clone git://github.com/tnt/sabnzbd.git and then git checkout develop (you need to have Python and some additional packages installed and of course git).

[shypike]

I still don't understand what this is about.
Can you explain in layman's terms why this is useful?
I'm not SABnzbd's web designer (I do the Python code),
so I have to rely on the skin designers for advise.

[the_loneley]

I still don't understand what this is about.
Can you explain in layman's terms why this is useful?

I actually can't claim to fully understand the sense of these headers. As far as I understand it should a browser only do cross-site Ajax request when it has the explicit permission of the web server. Either a general permission that applies to all hosts (as the sources of the JS-code that do the requests) or only for certain hosts. And that applies to certan kinds of requests. For example:

Code: Select all

Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: POST, GET, OPTIONS

means: allow all hosts to do POST-, GET-, and OPTIONS-requests.

Current Firefox obviuosly does everything we want but says afterwards 'Oh Honey! This was not right!' (Or is it just jQuery that is a little prudish? - I don't know.) But we probably have to expect that future browsers will be more sensitive with these things...

Excuse me, in layman's terms for what this is useful: When we currently feed sabnzbd with nzbs from pertinent websites they have to be saved locally an then get uploaded to (or locally loaded from) sabnzbd. By Ajax-requests we can do this with one click from every site that offers nzb-files.

I will try to send you a pull request tomorrow. My git-, github- , and Python-skills are not really famous but maybe my code is not too terrible though. Sorry, I have to come to an end for today, regards, T.