从挑战API处理JSON [英] Processing a json from challonge api
问题描述
我正试图在Challonge Api的帮助下构建Power Ranks应用程序,但是当我检索json时,JS似乎总是向我发送错误消息.
i'm trying to build a Power Rankings app with the help of Challonge Api, but it seems the JS just keep sending me errors when i retrieve the json.
$(document).ready(function(){
$.ajax({
url: 'https://api.challonge.com/v1/tournaments/3j91s6g1/matches.json',
type: 'GET',
dataType: "jsonp",
success: function (data) {
// FOR TEST PURPOSE
$.each(data, function(index, element) {
$('body').append($('<div>', {
text: element.name
}));
});
},
error : function(error){
console.log(error)
}
});
});
有什么想法吗?
推荐答案
我正在四处寻找有关Challonge API的信息,偶然遇到了这个问题,以为我会给你答案.
I was searching around for stuff about the Challonge API and happened upon this question by accident, thought I'd give you an answer.
您遇到了使用JavaScript请求错误的原因,是因为Challonge的API未启用跨域请求.为了防止网页使用Ajax请求从任何其他网站提取用户的数据,Web浏览器会与其他网站进行检查,以查找跨域标头来确定是否可以发送请求.如果您想了解更多信息,可以查看 Wikipedia文章或其他网站CORS(跨域资源共享).
The reason you're hitting an error requesting using JavaScript is because Challonge's API doesn't have cross-origin requests enabled. To prevent a web page from pulling a user's data from any other website using Ajax requests, the web browser checks with the other website to see if it's OK to send the request by looking for cross-origin headers. If you want to learn more, you can check out the Wikipedia article or other sites talking about CORS (cross-origin resource sharing).
我应该补充的另一件事:您通常不希望与其他任何人共享您的API密钥,因为该密钥直接与您的帐户相关联.您问题中URL的第一部分是您的username(用户名),这意味着发生这种情况的任何人都可以使用它来修改您的方括号等.这实际上可能是Challonge不允许CORS的原因.人们无论如何都不应该从JavaScript发送这些请求,因为它需要共享其API密钥(具有网页的用户或具有用户的网站所有者).
Another thing I should add: you generally don't want to share your API key with anyone else, since that's tied directly to your account. The first part of the URL in your question is your username:key, which means that anyone who happens upon this can use it to modify your brackets, etc. This is actually likely a reason why Challonge doesn't allow CORS; people shouldn't be sending these requests from JavaScript anyway since it requires sharing their API key (user with web page, or site owner with users).
您还需要注意在网页上回显任意文本.我不知道Challonge的参与者姓名限制,但它可能导致跨站点脚本漏洞.
You also need to be careful echoing arbitrary text to a web page. I don't know about Challonge's participant name restrictions, but it could lead to a cross-site scripting vulnerability.
这篇关于从挑战API处理JSON的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
