Why are JSON requests to my external API being cancelled in my Spotify App?

nick picture nick · Dec 8, 2011 · Viewed 8.9k times · Source

I'm building a Spotify App that pulls JSON data from a REST API, using URLs like

http://www.mydomain.com/api/command?option=value

In my Spotify app manifest I have set the required permissions for my API host:

"RequiredPermissions": [ "http://*.mydomain.com" ]

I have also configured Cross-Origin Resource Sharing in the response headers of my API. Here is a real example:

Server: nginx/0.7.65
Date: Thu, 08 Dec 2011 09:07:16 GMT
Content-Type: application/json
Connection: keep-alive
X-Powered-By: Mojolicious (Perl)
Set-Cookie: mojolicious=eyJwcmVmcyI6e30sImZpbHRlcnMiOnsicGllciI6eyJzb3VyY2VzIjpbMjBdfSwiZWxlYyI6eyJzb3VyY2VzIjpbMTMsMTddLCJ4dGFncyI6WyJzaG9lZ2F6ZSJdLCJ0YWdzIjpbImVsZWN0cm9uaWMiXX0sInB1bmtkdWIiOnsieHRhZ3MiOlsicmVnZ2FlIl0sInRhZ3MiOlsicHVuayIsImR1YiJdfX0sImV4cGlyZXMiOjEzMjMzMzg4MzZ9--c6d6214525b5d56785eebc99217394a1; Version=1; Path=/; expires=Thu, 08 Dec 2011 10:07:16 GMT
Content-Length: 23381
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET
Access-Control-Allow-Headers: *

200 OK

In Spotify, in the chrome inspector network tab, I see that the request is being cancelled:

Name: command www.mydomain.net/api 
Method: GET 
Status Text: (canceled) 
Type: undefined 
Initiator: jquery-1.js:7180 (Script) 
Size Content: 13B (0B) 
Time Latency: 21ms (0.0 days)

Chrome inspector snapshot

If I run my app in Chrome on my desktop (outside of Spotify) the request is not cancelled and all is good.

What am I doing wrong? Or maybe this is a bug (feature?) in Spotify preview release?

Answer

Chiel Kunkels picture Chiel Kunkels · Dec 14, 2011

A couple of things can cause this, I'll put them in order from easiest to resolve to hardest.

  1. Check that you have the correct RequiredPermissions in your manifest.json
  2. Check that your manifest.json has a valid json strjcture, you can do this on websites like http://jsonlint.com/
  3. Make sure you're not storing the file with a BOM character (invisible byte at the start of the file), this can cause parsing of the manifest to fail
  4. Make sure that the server you are querying accepts your origin. All apps in Spotify have an origin like sp://appname, most servers only accept http and https protocols by default, so you can set the Acces-Control-Allow-Origin to * to make sure the request doesn't get cancelled.

Lastly, I'd like to note that even though a request sometimes shows up in the inspector as cancelled, it'll still have a correct response, so be sure to double-check that as well.

Hope this helps!

Edit: sometimes, for some weird reason, it also helps to set the url you're requesting in RequiredPermissions without the http:// or https:// prepended.