Reputation: 7621
I am building an application with Django. The application uses Azure Table storage for storing raw data. I want the users to have access to that data. Actually the user's end side will continuously request data from the table so I cannot afford having the server make all those calls and then send the data to the users. Instead I want to have the users request the data directly from Azure.
Is it possible to do that through javascript? Do you think something like that is a viable solution? Also, can you describe the security implications involved in this procedure?
update
I found this answer which was asked 2 years ago and states that you cannot make calls from javascript. Is this still relevant?
Upvotes: 0
Views: 1291
Reputation: 136334
Is it possible to do that through javascript?
Absolutely yes. In fact, this is the foundation of the product I have built. Though there are certain things you would need to do first.
Enable CORS
Since the JavaScript served from your domain will access resources from your storage account, by default this will be disabled by the browser as it is a cross-domain request. What you would need to do is enable CORS on the Table Service on your storage account to allow cross-domain requests. Please note that this is a one time operation that you would need to do per domain/storage account combination. To learn more about Azure Storage and CORS, please see this link: https://msdn.microsoft.com/en-us/library/azure/dn535601.aspx.
Use Shared Access Signature
Once the CORS is enabled, next thing you would need to do in your application is to make use of Shared Access Signature (SAS). A SAS will ensure that you're not sharing your storage account key in JavaScript (visible to all users) + it will give time-bound permissions (read/write/delete based on your requirements) to the users using your application. To learn more about SAS, please see these links: https://azure.microsoft.com/en-in/documentation/articles/storage-dotnet-shared-access-signature-part-1/ & http://blogs.msdn.com/b/windowsazurestorage/archive/2012/06/12/introducing-table-sas-shared-access-signature-queue-sas-and-update-to-blob-sas.aspx.
Consume Table Service REST API
Once these things are done, all you have to do is consume Table Service REST API. You would use AJAX for that purpose. For Table Service REST API operations, please see this link: https://msdn.microsoft.com/en-us/library/azure/dd179423.aspx.
Also, can you describe the security implications involved in this procedure?
As far as security implications are concerned, please ensure that:
HTTPS
to avoid man-in-the-middle attacks.Upvotes: 2