calendarplus
calendarplus copied to clipboard
libasys
1.1.0 - Allow Cross-Origin Resource Sharing
It would be nice to be able to request subscriptions of public calendars from within the client (by means of XMLHttpRequests).
The reason I want this is that I have a static web page, and I want to pull and parse events from a public OwnCloud Calendar+ calendar using JS.
This can be easily achieved by adding the @CORS annotation to the ExportController::exportEvents() method (as long as it doesn't have any security implicatons I'm not aware of yet). See also: https://doc.owncloud.org/server/8.1/developer_manual/app/tutorial.html#adding-a-restful-api-optional
Hi, with the restful api of OC this isn't possible without authentification! if you would like to work with restful api you nee a authentification a la http://user:password@{domain}/{pathtoapp}/api/1.0/{method}/{id} and this can be passed by curl (php side)! but a shared calendar by link not works! Here you only have the token but no user and password!
Hi, thanks for your reply!
I'm not sure if I want to use the RESTful API for this. How can I even subscribe to a calendar using the API, could you give me an example?
This is what I do: I'm opening a public calendar (Kalender freigeben > Link teilen) in the browser (https://{domain}/index.php/apps/calendarplus/s/{token}), it is rendered, and there is a "Subscribe" button that points to this URL: https://{domain}/index.php/apps/calendarplus/exporteventscalendar?t={token}
Of course, I can call this link using curl or similar, but calling it from the browser is not supported because of the Single Origin Policy. Is this a deprecated or the wrong way to subscribe to a calendar?
with this link https://{domain}/index.php/apps/calendarplus/exporteventscalendar?t={token} you get all events of your calendar int this format:
BEGIN:VCALENDAR
VERSION:2.0
PRODID:ownCloud Calendar 1.1.1
X-WR-CALNAME:test
BEGIN:VTIMEZONE
TZID:Europe/Berlin
BEGIN:DAYLIGHT
TZOFFSETFROM:+0100
RRULE:FREQ=YEARLY;BYMONTH=3;BYDAY=-1SU
DTSTART:19810329T020000
TZNAME:CEST
TZOFFSETTO:+0200
END:DAYLIGHT
BEGIN:STANDARD
TZOFFSETFROM:+0200
RRULE:FREQ=YEARLY;BYMONTH=10;BYDAY=-1SU
DTSTART:19961027T030000
TZNAME:CET
TZOFFSETTO:+0100
END:STANDARD
END:VTIMEZONE
BEGIN:VEVENT
CREATED:20150909T135034Z
UID:sabre-vobject-082e614d-74da-4388-ac95-699cd35cc30d
DTEND;TZID=Europe/Berlin:20150910T163000
TRANSP:OPAQUE
CLASS:PUBLIC
SUMMARY:Funny123
LAST-MODIFIED:20150910T105401Z
DTSTAMP:20150910T105514Z
DTSTART;TZID=Europe/Berlin:20150910T130000
SEQUENCE:0
BEGIN:VALARM
X-WR-ALARMUID:A9FA75FB-6143-4551-AA57-6CFC09114D28
UID:A9FA75FB-6143-4551-AA57-6CFC09114D28
TRIGGER;VALUE=DATE-TIME:19760401T005545Z
ACKNOWLEDGED:20150910T105514Z
X-APPLE-DEFAULT-ALARM:TRUE
ACTION:NONE
END:VALARM
BEGIN:VALARM
X-WR-ALARMUID:42244563-5CB4-4D44-9B45-4924A75F2A23
UID:42244563-5CB4-4D44-9B45-4924A75F2A23
DESCRIPTION:owncloud
ACKNOWLEDGED:20150910T105514Z
TRIGGER:-PT14M
ACTION:DISPLAY
END:VALARM
END:VEVENT
END:VCALENDAR
so this is then the part you need a js parser to parse all the calendar data!
Right, that's what I want to achieve. Sorry, I should have said it earlier that I want to subscribe to the calendar events in the iCalendar format.
I already set up the JS parser in my other application on a different domain. I would like to fetch the .ical file from that different domain. That's what the @CORS annotation that I mentioned above would be for.
So what do you think: Does this make sense?
But so you need nothing else, cause this should work without additional methods! use the link above with a js parser for icalendar like this http://keith-wood.name/icalendar.html and all should work! Sure make that sense ;)!
Ok, so far so good ;) However, if I try to request the .ics file via an AJAX call from one domain, for example, mywebsite.com, and the Owncloud instance is on another_domain owncloud.example.com - I get an error (in the JS console of the browser) because my browser sent an Origin header:
XMLHttpRequest cannot load https://{domain}/index.php/apps/calendarplus/exporteventscalendar?t={token}. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://{another_domain}' is therefore not allowed access.
That's because the cross-origin resource sharing header is missing from the response. The header will be set if the above mentioned annotation is added to the code. This will add a wildcard Access-Control-Allow-Origin header.
If it helps, I can mail you a live example :)
Sure, does Owncloud support this?
Anyway, the response doesn't contain a JSON object. At least Chrome and IE implemented sth. called strict MIME type checking, which results in the following error when
Refused to execute script from 'https://{domain}/index.php/apps/calendarplus/exporteventscalendar?t={token}&callback=jQuery111308980871138628572_1442343117707&_=1442343117708' because its MIME type ('text/calendar') is not executable, and strict MIME type checking is enabled.
Any more ideas? ;)
No i am not sure! I have coded a Script a long time ago for OC Version 6! for OC 6 it works, but for later Version i think it isn't any more possible, more restriction and csp is integrated! But this could be a possible solution: https://doc.owncloud.org/server/8.1/developer_manual/core/ocs-share-api.html You can write a class for calender+ for Public sharing and Open a pull request! https://github.com/libasys/calendarplus/blob/master/api/local.php as an example how ocs sharing works
Ok, I will look into it. Thanks for your patience and your feedback :)
(Still, I think that adding the @CORS annotation could be useful for getting the iCalendar data in other webapps: https://doc.owncloud.org/server/8.1/developer_manual/app/tutorial.html#adding-a-restful-api-optional ;))
But you always needs the User and the password! ;) provide a class, create a pull request and i will check and Test it! ;)
No, not if it's a public calendar, I tested it. I will test it again and send you a PR ;) Then you can decide what to do with it :)