I'm building a Spotify App that pulls JSON data from a REST API, using URLs like
http://www.mydomain.com/api/command?option=value
In my Spotify app manifest I have set the required permissions for my API host:
"RequiredPermissions": [ "http://*.mydomain.com" ]
I have also configured Cross-Origin Resource Sharing in the response headers of my API. Here is a real example:
Server: nginx/0.7.65
Date: Thu, 08 Dec 2011 09:07:16 GMT
Content-Type: application/json
Connection: keep-alive
X-Powered-By: Mojolicious (Perl)
Set-Cookie: mojolicious=eyJwcmVmcyI6e30sImZpbHRlcnMiOnsicGllciI6eyJzb3VyY2VzIjpbMjBdfSwiZWxlYyI6eyJzb3VyY2VzIjpbMTMsMTddLCJ4dGFncyI6WyJzaG9lZ2F6ZSJdLCJ0YWdzIjpbImVsZWN0cm9uaWMiXX0sInB1bmtkdWIiOnsieHRhZ3MiOlsicmVnZ2FlIl0sInRhZ3MiOlsicHVuayIsImR1YiJdfX0sImV4cGlyZXMiOjEzMjMzMzg4MzZ9--c6d6214525b5d56785eebc99217394a1; Version=1; Path=/; expires=Thu, 08 Dec 2011 10:07:16 GMT
Content-Length: 23381
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET
Access-Control-Allow-Headers: *
200 OK
In Spotify, in the chrome inspector network tab, I see that the request is being cancelled:
Name: command www.mydomain.net/api
Method: GET
Status Text: (canceled)
Type: undefined
Initiator: jquery-1.js:7180 (Script)
Size Content: 13B (0B)
Time Latency: 21ms (0.0 days)
If I run my app in Chrome on my desktop (outside of Spotify) the request is not cancelled and all is good.
What am I doing wrong? Or maybe this is a bug (feature?) in Spotify preview release?
A couple of things can cause this, I'll put them in order from easiest to resolve to hardest.
RequiredPermissions
in your manifest.jsonsp://appname
, most servers only accept http and https protocols by default, so you can set the Acces-Control-Allow-Origin
to *
to make sure the request doesn't get cancelled.Lastly, I'd like to note that even though a request sometimes shows up in the inspector as cancelled, it'll still have a correct response, so be sure to double-check that as well.
Hope this helps!
Edit: sometimes, for some weird reason, it also helps to set the url you're requesting in RequiredPermissions
without the http://
or https://
prepended.