I’ve recently updated code for Cobblestyle Pebble Watchface to take advantage of very cool geocoding service called Nominatim by Open Street Maps.
Nominatim is used in two places: Direct lookup is used in watchface’s config page to lookup coordinates of a place by its name for custom location setting; reverse lookup is used to lookup location name by its coordinates to display name on actual watchface.
It was working fine – on Pebble watches connected to Android phones. It was failing miserably on iOS, so iPhone Pebble users were getting neither location nor weather updates. And it was pretty puzzling for a while until I obtained logs from running watchface thanks to invaluable help from Robin.
Turned out iPhone Pebble app was plain simple blocked by Nominatim service, every attempt to retreive location resulted in message being sent back “You have violated acceptable policy”. Which was kinda surprising since I just started using the service. When I contacted Nominatim support, they told me that apparently some Pebble app running from iPhone abused the service pretty badly, running hundreds of requests per second. And since the only way they can detect requesting app is by it’s User Agent string – all apps spotting iPhone Pebble UA were blocked.
Support suggested to set UA string specific to the app so it could be easily identifiable. Standard approach to set headers on xmlHttpRequest
object is .setRequestHeader(..)
. Unfortunately by many browsers and clients it is considered unsafe to spoof UA via request headers. Fortunately iOS allows that, so all I have to do is catch and ignore erros in other clients. Basically this line of code solved the issue:
try {xhr.setRequestHeader("User-Agent", "Cobblestyle Pebble Watchface");} catch(e){}
Thanks to this as of version 2.19 Cobblestyle watchface correctly displays weather and location information. Yay.
i would have thought they could have at least contacted pebble to help identify offending apps so that the situation can be rectified, one way or another.
@Mark Reed: Guess their usage rage is huge to deal with individual ones. They have means of contacting potential abuser (abuse could be accidental) but for that email has to be included as a part of http request