Roll20 uses cookies to improve your experience on our site. Cookies enable you to enjoy certain features, social sharing functionality, and tailor message and display ads to your interests on our site and others. They also help us understand how our site is being used. By continuing to use our site, you consent to our use of cookies. Update your cookie preferences .
×
×

Cookie Preferences

We use Cookies to help personalize and improve Roll20. For more information on our use of non-essential Cookies, visit our Privacy Policy here.
Create a free account

AJAX, Not Ever?

  1. Community Forums
  2. Mods (API Scripts)
  3. AJAX, Not Ever?
1371833218
Brandon B.
Permalink for 208063 Quote
Posting on behalf of my friend who is a software developer: Alright, I recognize roll20 is sandboxed, and I can see the concern that if AJAX were available, it could use roll20 as some kind of AJAX spam box. However, there are some ways to prevent this scenario, such as requiring a "Yes, I accept roll20 AJAX call" web resource implemented at the target. (Actionscript VM uses a similar concept). I'm obviously not aware of all your technical or business concerns, but as a User/Developer, I would really like to use roll20 as the View and partly a Controller in my Model/View/Controller. A scenario I would be interested in:  Character Database Proxy Configure a rest API in a campaign for saving, loading, and modifying characters. In order to maintain the sandbox, the API could expose a method to send messages to configured hosts. Configured hosts would have an attribute that defined a path to a resource/file which validated it as an authorized target for roll20. On boot-up of a campaign or on the registering of a host, the API could handle the AJAX call in the background to validate the host using the described mechanism. Once the host is validated, its available through a global collection to be retrieved and could then be used to send Requests with event handlers to handle Responses. This can be accomplished without exposing the actual AJAX api. With this mechanism, its impossible for the sandbox to send messages to unapproved hosts which I think would address most security concerns. Having the ability to issue requests and receive responses opens up a lot of use cases: 1. Large Shared Object Databases    NPCs, Items, etc.  2. Localized Weather             It might sound silly, but National Weather Service is available through online web services. Its not huge development effort to build a simple server which retrieves NWS data and makes it available to Rest APIs in JSON format. So if I wanted my Zombie Campaign to model real life, I could take triggers off NWS and adjust things like visibility in my roll20 Campaign. 3. External Engines             Economies, Calendars, etc.              Its not really possible to list all the possibilities here. As previously stated, I'm not aware of all the inner workings and concerns of roll20, but when I saw 'No AJAX' my hopes sunk quite a bit.
1371952239
Riley D.
Roll20 Team
Permalink for 210077 Quote
In an old thread someplace (I'm in a hurry right now and can't look it up) I already answered this, but basically the short version is "no, you will never be able to do network requests from our server inside the sandbox". However, the plan is to eventually offer a REST API which gives you GET/POST access to all of the same properties you can access using the current Javascript API, so you could easily access/modify characters, send chat messages to a running game, etc. So basically instead of using the JS API to make a request to your server, you would use your server to make requests to the REST API.
You must Login to your Roll20 Account to post a reply.