Why are JSON requests to my external API being cancelled in my Spotify App?

Question

I'm building a Spotify App that pulls JSON data from a REST API, using URLs like

http://www.mydomain.com/api/command?option=value

In my Spotify app manifest I have set the required permissions for my API host:

"RequiredPermissions": [ "http://*.mydomain.com" ]

I have also configured Cross-Origin Resource Sharing in the response headers of my API. Here is a real example:

Server: nginx/0.7.65
Date: Thu, 08 Dec 2011 09:07:16 GMT
Content-Type: application/json
Connection: keep-alive
X-Powered-By: Mojolicious (Perl)
Set-Cookie: mojolicious=eyJwcmVmcyI6e30sImZpbHRlcnMiOnsicGllciI6eyJzb3VyY2VzIjpbMjBdfSwiZWxlYyI6eyJzb3VyY2VzIjpbMTMsMTddLCJ4dGFncyI6WyJzaG9lZ2F6ZSJdLCJ0YWdzIjpbImVsZWN0cm9uaWMiXX0sInB1bmtkdWIiOnsieHRhZ3MiOlsicmVnZ2FlIl0sInRhZ3MiOlsicHVuayIsImR1YiJdfX0sImV4cGlyZXMiOjEzMjMzMzg4MzZ9--c6d6214525b5d56785eebc99217394a1; Version=1; Path=/; expires=Thu, 08 Dec 2011 10:07:16 GMT
Content-Length: 23381
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET
Access-Control-Allow-Headers: *

200 OK

In Spotify, in the chrome inspector network tab, I see that the request is being cancelled:

Name: command www.mydomain.net/api 
Method: GET 
Status Text: (canceled) 
Type: undefined 
Initiator: jquery-1.js:7180 (Script) 
Size Content: 13B (0B) 
Time Latency: 21ms (0.0 days)

If I run my app in Chrome on my desktop (outside of Spotify) the request is not cancelled and all is good.

What am I doing wrong? Or maybe this is a bug (feature?) in Spotify preview release?

Answer 1

The one causing my problem was the Bom character.

In order to fix that I used Notepad++, Encode -> Encode in UTF-8 without BOM

Answer 2

Another thing to be wary of:

If you are doing local development. Do NOT try to issue your ajax/getJSON calls to "localhost" or "127.0.0.1", use your Eth/WiFI interface IP instead.

The spotify web engine either blocks these localhost identifiers in requests, or the loopback interface is ignored, or windows has interfered again.

This may be apparent to some, but took me a while to figure it out.

Answer 3

Spotify uses Chromium inside and therefore adheres to the Same Origin policy. To get around it, use JSONP. I'd recommend setting the origin policy on your webhost to only allow Spotify.

Answer 4

A couple of things can cause this, I'll put them in order from easiest to resolve to hardest.

1. Check that you have the correct RequiredPermissions in your manifest.json
2. Check that your manifest.json has a valid json strjcture, you can do this on websites like http://jsonlint.com/
3. Make sure you're not storing the file with a BOM character (invisible byte at the start of the file), this can cause parsing of the manifest to fail
4. Make sure that the server you are querying accepts your origin. All apps in Spotify have an origin like sp://appname, most servers only accept http and https protocols by default, so you can set the Acces-Control-Allow-Origin to * to make sure the request doesn't get cancelled.

Lastly, I'd like to note that even though a request sometimes shows up in the inspector as cancelled, it'll still have a correct response, so be sure to double-check that as well.

Hope this helps!

Edit: sometimes, for some weird reason, it also helps to set the url you're requesting in RequiredPermissions without the http:// or https:// prepended.

Answer 5

Have you tried restarting Spotify to reload changes to RequiredPermissions? I used to have a similar problem that was resolved upon a restart.