Forcing API calls to use a guest session?
Hi all,
I am implementing an ambitious community oriented browser plugin for our new vanilla forums. Here's my repo https://github.com/asterpw/pwevanillaenhance
One of the features I've implemented is the ability to preview the last or opening post by doing a mouse hover on the comment link from the discussions / category page (we had this feature in our old forums).
To do this I am making an api call on mouseover
https://github.com/asterpw/pwevanillaenhance/blob/f938b8992b42ce2eff05e47ecfd97a8cd75a2c91/pwevanillaenhance.user.js#L451
It works great but the issue is that the API request is being made in the user's logged in credentials and it is marking the thread as read without the user actually entering it.
Is there any way to force the API call to make the request in the guest context?
The endpoint I am using is http://perfectworld.vanillaforums.com./api/v1/discussion.json but I have found the documentation to be a little too light on this matter. Is there any way to tell the server to ignore the session ID maybe? I don't think it's possible to make the API request without sending the cookie that contains the session id.
Comments
@aster this site is for the open source version you are a customer of vanillaforums.com, the api is different in these versions and they support that.
Nevertheless it should be similar to http://vanillaforums.org/discussion.json basic api.
With client side scripting it is no different than html request it the same controller, and naturally is using the browser session.
The way you would get a guest session with js request, is to proxy the request server to server. You would need to upload a script to a server that would do a curl request to that endpoint, to return the result.
You would then request the proxy script.
grep is your friend.