MapChat
New Year's holidays have passed, many of us have come the long-awaited New Year's holidays. Using your free time, I want to tell you about the project I was engaged in last month.
MapChat is a service for communicating people, in which rooms with messages are displayed as points on a map. You can create new points, add messages to already created ones, share video / audio / photos with friends anywhere!
discussion of past events, meetings, concerts;
')
MapChat is made using CouchApp (J Chris Anderson, thank you!) And GeoCouch (thanks to CouchOne for providing free hosting and Volker Mische for the implementation) and lives completely in CouchDB without using any other back-end'ov. This structure of the application allows you to run it locally, to use it without any delay, and regardless of the Internet connection. Currently an Android application is being developed (using CouchDB for Android from CouchOne and PhoneGap). The third-party service embed.ly is also used to automatically enable interactive elements in user communication (youtube, twitpic, soundcloud, etc.). Embed.ly provides the JSONP API, but since during the creation of the site, I tried to follow the most stringent security policy - the use of this service required the development of JSONP and Embed Sandboxing techniques.
As a rule, when using third-party content (pages / scripts / embed elements), site developers resort to the cookie-less domains technique, inserting into the iframe page pointing to another domain (of course, belonging to this site). Thus, the content of the iframe will be denied access to the main window and the site’s cookie.
Unfortunately, since I was developing a distributed application, the implementation of a cookie-less domain was impossible. (Each user can run the site locally, and the cookie-less domain is a binding to some specific domain name). Therefore it was necessary to develop the following simple technique:
The resulting iframe will not have access to the parent window and will not be able to read / write cookies for the main domain.
JSONP Sandboxing is implemented almost as well, except that the postMessage method is used (which is again available in most browsers). A javascript callback function is inserted into the Iframe, which will call postMessage, and a script tag pointing to the jsonp url with a callback equal to the name of this function. And then everything is simple, the parent window adds this iframe and sets the listener to the message event. The received message is the result of the JSONP request.
At the end of the article I want to remind the link site . (I recommend Google Chrome users to install the application from Webstore).
PS
Those who want to participate in the development or help the project can write to me in a personal or send a letter to fedor@indutny.com
MapChat is a service for communicating people, in which rooms with messages are displayed as points on a map. You can create new points, add messages to already created ones, share video / audio / photos with friends anywhere!
Opportunities:
discussion of past events, meetings, concerts;
- learning foreign languages through conversation with indigenous people;
- geo-targeted games, puzzles and quests;
- dating, searching for friends.
')
Technology:
MapChat is made using CouchApp (J Chris Anderson, thank you!) And GeoCouch (thanks to CouchOne for providing free hosting and Volker Mische for the implementation) and lives completely in CouchDB without using any other back-end'ov. This structure of the application allows you to run it locally, to use it without any delay, and regardless of the Internet connection. Currently an Android application is being developed (using CouchDB for Android from CouchOne and PhoneGap). The third-party service embed.ly is also used to automatically enable interactive elements in user communication (youtube, twitpic, soundcloud, etc.). Embed.ly provides the JSONP API, but since during the creation of the site, I tried to follow the most stringent security policy - the use of this service required the development of JSONP and Embed Sandboxing techniques.
JSONP and EMBED Sandboxing.
As a rule, when using third-party content (pages / scripts / embed elements), site developers resort to the cookie-less domains technique, inserting into the iframe page pointing to another domain (of course, belonging to this site). Thus, the content of the iframe will be denied access to the main window and the site’s cookie.
Unfortunately, since I was developing a distributed application, the implementation of a cookie-less domain was impossible. (Each user can run the site locally, and the cookie-less domain is a binding to some specific domain name). Therefore it was necessary to develop the following simple technique:
- Take the html content (foreign_html_content) from the third-party site that we want to display.
- Generate a url of the following form
"data:text/html;charset=utf-8;plain," + foreign_html_content. As you can see, this url is nothing more than a data url implemented in all modern browsers. - Paste into the iframe page with src equal to this url.
- All is ready!
The resulting iframe will not have access to the parent window and will not be able to read / write cookies for the main domain.
JSONP Sandboxing is implemented almost as well, except that the postMessage method is used (which is again available in most browsers). A javascript callback function is inserted into the Iframe, which will call postMessage, and a script tag pointing to the jsonp url with a callback equal to the name of this function. And then everything is simple, the parent window adds this iframe and sets the listener to the message event. The received message is the result of the JSONP request.
At the end of the article I want to remind the link site . (I recommend Google Chrome users to install the application from Webstore).
PS
Those who want to participate in the development or help the project can write to me in a personal or send a letter to fedor@indutny.com
Source: https://habr.com/ru/post/111441/
All Articles