Apple seems to not be liking my ajax requests. I'm trying to verify the receipt in a PhoneGap app after an in-app purchase.
// prepare JSON object for Apple
/* Retrieve the receipt data from the transaction’s transactionReceipt property (on iOS) or from the receipt file inside the application bundle (on OS X) and encode it using base64 encoding.
Create a JSON object with a single key named receipt-data and the string you created in step 1. Your JSON code should look like this:
{
"receipt-data" : "(receipt bytes here)"
} */
var data = JSON.stringify({
'receipt-data' : btoa(transactionReceipt)
});
if(DEBUG) console.log('Data: ' + data);
var url = 'https://' + (DEBUG ? 'sandbox' : 'buy') + '.itunes.apple.com/verifyReceipt';
if(DEBUG) console.log('URL: ' + url);
// send the POST request
/* Post the JSON object to the App Store using an HTTP POST request. The URL for the store is https://buy.itunes.apple.com/verifyReceipt. */
$.ajax(url, {
type: 'POST',
data: data,
dataType: 'json',
success: function(data) {
console.log('Request returned successfully.');
// parse the response
/*
The response received from the App Store is a JSON object with two keys, status and receipt. It should look something like this:
{
"status" : 0,
"receipt" : { (receipt here) }
}
If the value of the status key is 0, this is a valid receipt. If the value is anything other than 0, this receipt is invalid.
*/
if(data.status === 0)
console.log("Receipt is valid.");
},
error : function(jqXHR, textStatus, errorThrown) {
console.error('Request failed with response code ' + errorThrown);
}
});
I am using jQuery and have:
$(document).bind("mobileinit", function () {
// xss
$.support.cors = true;
$.mobile.allowCrossDomainPages = true;
}
Has anyone tried verifying their receipt via ajax and had this problem?
Thanks.
Domain whitelisting in Apache Cordova is a security model that controls access to outside domains, such as http://google.com. The default security policy is to block all network access