I’ve now got my DSC security panel working with a VeraLite thanks to the 2DS plugin. What I’m trying to do is build a separate web interface that will show my security system and the state of all the different zones?this will be AJAX-based to be “real-time”.
In the past, I’ve used JQuery’s $.getJSON function. The webserver is on a separate box, so the Same Origin Policy restriction applies. When I tried the following JQuery call:
Am I correct in understanding the simplified lu_sdata does not support JSONP? and that I will instead have to build some sort of poller/cacher that I would call from my JavaScript instead?
What would it take from the developers to add CORS (cross-origin resource sharing [url=http://enable-cors.org/server.html]http://enable-cors.org/server.html[/url]) to the built-in webserver? It would be as simple as adding the following header:
I posted some code for a Perl program that is both a Vera client and a Webserver with Websockets / Long-polling Ajax. You could use that to build your custom pages with Jquery.
Why couldn’t they just add support for an optional “callback” parameter on the querystring of the “data_request?id=sdata&output_format=json” and similar calls? This doesn’t add any security risk, it just would allow the current JSON to be consumed as a script in a page on a different domain. It would not in anyway allow any other API calls from other domains.
Then the data returned would be the original json wrapped in a function call like this …
myfunction({…original data…})
I cannot for the life of me understand why someone would expose a json data feed without a callback so it could be used as a client side JSONP call instead having to massage it through some server code on another server. There is zero additional security added by leaving this out. On the flipside, not having it makes doing any sort of integration vastly more difficult.
Could someone from the company answer this for me?
I agree with @davidtmills. Without a solution to this, we’re 100% prevented from writing webapps that use the API. This means no Chrome apps/extensions, no Windows 10 apps, no Cordova apps, etc. It may not have been big 4 years ago, but it certainly is now!
I ran into the same problem, and ended using a PHP engine on a local webserver. I didn’t need to provide the access-control-allow-origin header in order to do so though.[/quote]
I believe I was looking on the Vera 3 system … If you want to build the OpenWRT system that is compatible with your Vera … you can build your modules … I think it took me a couple of nights to find, downbload, and build these. You need a linux distribution to build the code on … I think I even had to find OLD compilers to match the required development environment, to build the code for a Vera 3 … it’s a pretty old version of OpenWRT. You can find the OpenWRT Version info in a file in the /etc area on your Vera.
While I have a sense of adventure…Sounds like a head ache. lol…I’ll stick to hosting the local web server with php engine to handle the cross origin requests. Its on a inexpensive Raspberry Pi in which is being used as a central control kiosk.
You can easily let your Raspberry do a port direct to Vera … (i.e. port 3480 on Raspberry forwards to your Vera) then everything comes from your Raspberry and then you will not have any CORS issue.
