window.rooturl, window.APP_KEY & Cross Site Scripting


Originally posted by Msterley on 2012-08-24 01:28:31


I am running into issues right from the start with the Javascript application, I am using Sencha Architect 2 with Ext JS 4.1 and have a js resource file loading after the cumulocity client library.

The following snippet from the document produces scripting errors, not familiar with this technique so at a bit of a loss:

var window.rooturl = '';
var window.APP_KEY = 'secretKeyForTheApplication';


window.rooturl = '';
window.APP_KEY = 'secretKeyForTheApplication';

does not set the vars if set in the js file when debugging the cumulocity client lib, the values are undefined at:

headers : {
'X-Cumulocity-Application-Key' : window.APP_KEY


URL = '';
if (window.rooturl) {
URL = window.rooturl;

This does however, work if I copy your example from Hello Work into in a single html page. using ….

Any suggestions?

I am not certain how you are resolving the Cross Site Scripting issue, in the documentation you state

"Cross-site scripting

To overcome the cross-site scripting limitation on the web browsers, Cumulocity SDK contains a proxy that can be used to proxy the requests going to the Cumulocity server so that the browser thinks that all request are actually going to the same server where the web application was loaded. More information about the proxy setup can be found on the hello-world documentation."

I cannot find reference to the proxy details in the hello-world documentation, hope this isn't related to the Java SDK, we don't use Java / Eclipse, our skill set is Microsoft based for non web based development.

Any other suggestions for overcoming the Cross Site scripting issue, both my application(after downloading the clientlib and hardcoding in rootUrl and APP_KEY) and the Hello World example are receving access denied.

Have more questions? Submit a request