how to correctly format the ajax POST for basecamp

Question

I can easily create a message from bash shell utilizing the curl method described in the basecamp api docs. However, my app is not written in php so I'd like to be able to access the basecamp sever via a basic ajax post. Unfortunately, I don't seem to be able to translate the curl statement into the ajax post. I though this would suffice:

function callBasecamp() {
    var parameters = {  
              user:"[my_basecamp_username]",
              pass:"[my_basecamp_password]",
              userAgent: '[my_app] (my_email)',
              contentType: 'application/json; charset=utf-8',
      data: ({ "subject": "This is a Test Message", "content": "This is test content. Please disregard if notified." }),
             };
    var data = JSON.stringify(parameters);
    $.ajax({
        type: "POST",
        data: data,
        dataType: 'json',
    url: "../../../../site_media/proxy.php?url=https://basecamp.com/[account_id#]/api/v1/projects/[project#]/messages.json?" + data,
        traditional: true,
        success: function(data){
            console.log(data);
        }
    });
}

but though my dev server returns an HTTP 200 216 response, basecamp doesn't create the message and I don't see any returned data. I am using a php proxy to circumvent django csrf issues:

proxy.php

<?php
// File Name: proxy.php
if (!isset($_POST['url'])) die();
$url = urldecode($_POST['url']);
$url = 'https://' . str_replace('https://', '', $url); // Avoid accessing the file system
echo file_get_contents($url); 

any ideas on where my difficulty might be?

Answer 1

The proxy doesn't forward correctly. Try with added headers on your proxy.php:

header('Access-Control-Allow-Origin: *');
header('Cache-Control: no-cache, must-revalidate');
header('Expires: Mon, 26 Jul 1997 05:00:00 GMT');
header('Content-type: application/json');

For JSON-P: header('Content-Type: application/javascript');

Debugging Helper for file_get_contents()

$url1 = 'https://basecamp.com/999999999/api/v1/projects.json';
$url2 = 'https://basecamp.com/2052106/api/v1/projects/1450272/messages.json';

function send($url, $payload) {
  $ctx = stream_context_create(
    array(
      'http'=>array(
        'header'=> "Content-type: application/json\r\n"
                 . "Access-Control-Allow-Origin: *\r\n"
                 . "User-Agent: myApp (app@app.com)\r\n"
                 . "Accept: xml/*, text/*, */*\r\n",
        'method'=> 'GET',
        //'content'=> $payload,
        'ignore_errors' => true
      )
    )
  );

  $result = file_get_contents($url, 0, $ctx);

  var_dump($http_response_header);

  return $result;

}

// The expected return is:
// There's no Basecamp account at this address. ....
echo send($url1, '');

// expected return: {"status":"404","error":"Not Found"}
echo send($url2, '');

Usage for a test-request with payload:

Notice: you might switch GET to POST inside stream_content options:

$url = 'https://basecamp.com/2052106/api/v1/projects/1450272/messages.json';

$payload = '{"user":"123",
             "pass":"123",
             "userAgent":"test test@test.com",
             "contentType":"application/json; charset=utf-8",
             "data": {
                "subject":"This is a Test Message",
                "content":"This is test content. Please disregard if notified."}
             }';

echo send($url, $payload);

An alternative is to use cURL from within PHP: https://stackoverflow.com/a/15395769/1163786