can't use backendless API in javascript BL with domain control

yuriy · May 29, 2016, 5:12pm

I have set simple custom event in javascript BL:

Backendless.enablePromises();
Backendless.ServerCode.customEvent('myCustomEvent', function(req) {
    
    var tStore = Backendless.Data.of('myTable');
 
    return tStore.findById('XXXXXXXXX');
});

it worked fine with default * Domain Control, but when I changed it to my domain I received error
“Wrong domain”,“statusCode”:400
As I understand, this call actually goes not from my domain, but isn’t it obvious that backendless server should be allowed by default? I tried add api.backendless.com, backendless.com, develop.backendless.com but still got this error

sergey-chupov · May 30, 2016, 12:09pm

Hi Yuriy,

Could you please check what’s the value of the “Origin” header of your request?

yuriy · May 30, 2016, 12:12pm

Sorry, can’t quite get what you mean, I’m calling backendless API with standard backendless sdk, should I debug/modify it?

sergey-chupov · May 30, 2016, 12:17pm

You’re using Javascript SDK, right?

yuriy · May 30, 2016, 12:21pm

Yup

oleg-vyalyh · June 2, 2016, 11:01am

Now we are testing this functional. We write here about results.

kate-maksimenko · June 2, 2016, 12:47pm

hi!

Could you provide more information how you invoke this custom event (where this code located)?

yuriy · June 2, 2016, 1:02pm

Sure. After your question I realized that I only tried with debugged BL, not deployed. Now I tried to deploy BL and it works. So, was it because of debug?

yuriy · June 2, 2016, 1:33pm

Update: Nope, that’s not that easy. I tried a few minutes later and it gave same error. Now I’m not even sure that it worked first time - maybe when I changed domain control from * to my site I tested too soon for changes to take effect?
As to invoking custom event, it’s like this:

var eventArgs = {param:"test"};
        var successHandler = function( response ) {
            console.log('successHandler ' + JSON.stringify(response));
        };
        var errorHandler = function( response ) {
            console.log('errorHandler ' + JSON.stringify(response));
        };
        Backendless.Events.dispatch( "myCustomEvent", eventArgs, new Backendless.Async( successHandler, errorHandler ) );

yuriy · June 3, 2016, 4:42pm

So, isn’t it the same problem as discussed here?

yuriy · June 6, 2016, 8:27am

forgot to include link:
http://support.backendless.com/t/domain-control-not-working-at-all

arthur-dzidzoiev · June 8, 2016, 8:13am

Hello Yuriy,
Please re-check whether your code sends request “Origin” header correctly.
Artur

yuriy · June 8, 2016, 8:17am

since I’m using javascript backendless SDK what’s your advice on how to inspect resulting call requests?

arthur-dzidzoiev · June 8, 2016, 10:22am

Using network tab in browser console

yuriy · June 8, 2016, 10:38am

I’m receiving error for javascript running in Business Logic, in your servers. You want me to check origin in client browser requests that goes to backendless and starts BL procedure?

arthur-dzidzoiev · June 8, 2016, 6:04pm

You can inspect headers in Browser Console on Network tab
http://storage9.static.itmages.com/i/16/0608/h_1465408937_9938034_aa0a596765.png</img>

yuriy · June 8, 2016, 6:46pm

Oh boy, it’s going round and round.
I still have the feeling that you think that it’s requests in my client browser got errors when using backendless sdk. Whereas my client js calling backendless sdk just fine, with or without domain control. And yes, I checked headers - origin is here. But, why should I check headers on my client browser requests? The error generates in Business Logic javascript code, when BL code uses standard backendless SDK.
My browser javascript calls custom event in my BL.
If my custom event don’t have calls to backendless sdk, like if it only consist of “return Promise.resolve(“okee”);” It runs just fine with or without domain control.
If, in Business Logic Custom Event I use call to backendless sdk (like find or save) and I don’t set domain control - it runs fine. But if I set domain control - I’ve got error about wrong domain.
From within Business Logic Javascript code.
Please, pretty please with sugar on top, tell me that you did from the very beginning understand that it’s about BL javascript and not browser client js

mark-piller · June 9, 2016, 12:58pm

Hi Yuriy,

I am pretty clear about the problem. The domain control feature should ignore any request which has not originated from a browser (which it obviously doesn’t do right now). One way I can think of we could do it is by checking the API key (secret key) provided in the request. If it is the JS Secret Key, then we enforce the domain control policy for the provided domains, otherwise, the calls go through. Does it sound reasonable?

yuriy · June 9, 2016, 1:10pm

I guess it’s sounds reasonable, yes. Although I thought you just would “white list” your own backendless servers, so Business Logic would be always in list of allowed.