Loading an external widget in widgets-config.xml - widget

I am unable to load an iWidget externally on the communities page
This is my widget def:
<widgetDef defId="qmiWidget" primaryWidget="false" modes="view fullpage edit search"
url="http://questionmine.com/app1/widgets/index/publishProject_iWidget"/>
But it replaces the http and tries to load it internally
"NetworkError: 403 Forbidden - https://connectionsww.demos.ibm.com/communities/ajaxProxy/http/questionmine.com/app1/widgets/index/publishProject_iWidget"
Any idea how can I do this ?

Since your widget resides on another domain, you have to configure the "Ajax Proxy" to allow this.
Take a look at this here:
http://www-10.lotus.com/ldd/lcwiki.nsf/xpDocViewer.xsp?lookupName=IBM+Connections+4.5+Documentation#action=openDocument&res_title=Configuring_the_AJAX_proxy_ic45&content=pdcontent
For testing purposes (ONLY testing) it would be safe to allow "*" but for a production environment it is strongly advised to be more specific, in your case something like "questionmine.com/app1/*"
You can even configure specific proxy rules per application (Communities, Profiles, Homepage,...)
http://www-10.lotus.com/ldd/lcwiki.nsf/xpDocViewer.xsp?lookupName=IBM+Connections+4.5+Documentation#action=openDocument&res_title=Configuring_the_AJAX_proxy_for_a_specific_application_ic45&content=pdcontent
BTW: If you ever tried to enable feeds in a community, the same applies. Without further configuration, only same-domain feeds would be allowed.

Related

Accessing an External API from a Web Accessible Chrome Extension

I'm building a Chrome extension that will let you add a bunch of new reactions to Facebook posts. You can see the first version of it here: http://reactions.us/
The way I'm handling it now is a bit inelegant. When a user adds a "reaction", I'm adding a custom emoticon as a comment and then parsing it, removing the original comment from the dom, and adding the corresponding "reaction" to the post.
Here's what I would like to do
I would like to reach out to an external api, say at http://api.reactions.us, in order to set and get the reactions for a certain story. In order to do this I (think) I need to add an ajax call to the page. But when I add the ajax call to a "web_accessible_resources" script that's loaded onto the page via an init script in "content_scripts" I get this error:
Refused to connect to 'http://reactions.us/getReactions?id=111' because it violates the following Content Security Policy directive: "connect-src https://*.facebook.com http://*.facebook.com https://*.fbcdn.net http://*.fbcdn.net *.facebook.net *.spotilocal.com:* https://*.akamaihd.net ws://*.facebook.com:* http://*.akamaihd.net https://fb.scanandcleanlocal.com:* *.atlassolutions.com http://attachment.fbsbx.com https://attachment.fbsbx.com".
Here's the relevant code in the plugin: https://github.com/ollerac/New-Facebook-Reactions/blob/master/reactions.js#L161
Any help would be greatly appreciated. Perhaps there's a way to pass messages between the content scripts and the web accessible resources?
I found the answer. I had followed the advice of this post when I first started: Insert code into the page context using a content script
It suggests injecting your scripts directly into the page if you don't need access to any of the chrome API functions and that's exactly what I did because I didn't need them before.
But you can do pretty much the same thing (access and modify the dom -- and now even make ajax requests) merely with content scripts.
This post is helpful when talking about Cross-domain XMLHttpRequest using content scripts: Cross-domain XMLHttpRequest using background pages

PhoneGap/Cordova hidden option to configure endpoints in test environments

How do you test a hybrid application when your requirement is to sign off and ship the very same package? You have a single hardcoded URL your AJAX calls are going to go to, but actually this endpoint needs to be different in test and production environments.
Override the hosts file is not an options because it would require to root all test devices.
Serve and host custom DNS server or HTTP proxy is an overkill.
Have an application option is against the requirements, the end users can not be exposed to such a setting.
Have a cookie to optionally override the URL would work but how to I add a cookie manually to a hybrid app running on a tablet?
Have a local storage setting to optionally override the URL would work but how to change local storage manually?
Is there a way to have but hide an application configuration option, setting from the end user?
Testing is performed on iOS tablet running a native app package.
If you really really want to ship the exact same code all the time, you could easily use local storage. In your app:
if(!localStorage.getItem('env')) localStorage.setItem('env', 'production');
switch(localStorage.getItem('env') {
case 'testing': endpoint = 'http://testserver'; break;
case 'production': endpoint = 'http://productionserver'; break;
}
Then just open your browser console and type:
localStorage.setItem('env', 'testing');
You might not be able to open a console on mobile browsers or inside Cordova, but if you really need that: rethink the "same package" thing. I can't think of any valid reason why you would not want to do different testing and production builds.

Using your own AMS, how can you use BitmapData.draw() on an RTMP stream with no security exception?

I've posted a similar question about the more general case, but this question deals specifically with RTMP.
We have an Adobe AIR app written in AS3 that can view live video streams from other parties. That being said, when trying to call BitmapData.draw() on one of those remote video streams (technically we're calling ImageSnapshot.captureImage()), we're getting a 2123 error - a security sandbox exception. I've seen a lot of people refer to a real simple configuration in the AMS that will allow this to work for RTMP streams, but they keep posting broken links, links to posts that only vaguely mention this configuration, etc. The one thing I did find is something that I'm having trouble applying:
http://help.adobe.com/en_US/FlashMediaServer/3.5_SS_ASD/WS5b3ccc516d4fbf351e63e3d11a11afc95e-7ec3.html#WS5b3ccc516d4fbf351e63e3d11a11afc95e-7fcb
To make the above work, I've tried setting audioSampleAccess and videoSampleAccess both to "/", but to no avail. On the AMS, in Application.xml, I've set these configurations:
<FolderAccess>true</FolderAccess>
<AudioSampleAccess enabled="true">*</AudioSampleAccess>
<VideoSampleAccess enabled="true">*</VideoSampleAccess>
I've also seen references to setting up a wide-open cross-domain policy file, but I've seen people emphasize that it's not necessary, and I don't see any clear mention of where on the server that policy file needs to be. I have, however, started setting NetStream.checkPolicyFile to true, and I have placed a cross-domain policy file in the root directory of the website itself (as opposed to the AMS).
Please don't just give me another link, unless it's to a quick, clear explanation. How do you configure the AMS to allow people to capture screenshots from RTMP video streams? For the above article, I've tried setting videoStreamAccess and audioStreamAccess both to "/", and even it didn't work. We also need to be able to do this for P2P RTMFP streams, but that's really a different question. Thanks.
I have following FMS code to fix that error in application.onConnect method:
client.videoSampleAccess = "/";
client.audioSampleAccess = "/";

serve http content under ssl

i want to serve world clock into my SSL enabled website. when i use http chrome browser shows mixed content "this page include other resources which are not secure"
the clock url is: http://www.worldtimeserver.com/clocks/wtsclock001.swf?color=FF6633&wtsid=MY&
already try SSL proxy to display clock but no luck:
https://ssl-proxy.my-addr.net/myaddrproxy.php/http/www.worldtimeserver.com/clocks/wtsclock001.swf?color=FF6633&wtsid=MY&
this shows Clock fault. Undefined! Undefined.
also uploading that flash clock into web server and undefined error also occur.
is there anything should i try or any recommendation ssl enabled clock similiar to worldtimeserver to use?
updates:
javascript looks nicer http://randomibis.com/coolclock/
thanks to Graham
I don't know what proxy you're using, but it's entirely possible that you need to escape the "?" and "&" characters so they won't be interpreted by myaddrproxy.php and will instead be passed to the proxied URL.
https://ssl-proxy.my-addr.net/myaddrproxy.php/http/www.worldtimeserver.com/clocks/wtsclock001.swf%3fcolor=FF6633%26wtsid=MY
Buy as I say, I don't know your proxy script; you may have to experiment with how to escape special characters.
Or read the instructions from the proxy script. :-)

Switch to SSL using a relative URL

I would like to create a relative link that switches the current protocol from http to https. The last place I worked had something set up on the server so that you could make that happen, but I don't remember much about it and I never knew how it worked.
The rationale for this is that I wouldn't need to hardcode server names in files that need to move in between production and development environments.
Is there a way for this to work in IIS 6.0?
Edit:
I am using .NET, but the "link" I'm creating will not be dynamically generated. If you really want the nitty gritty details, I am using a redirect macro in Umbraco that requires a URL to be passed in.
Here's a simple solution in VB.NET:
Imports System.Web.HttpContext
Public Shared Sub SetSSL(Optional ByVal bEnable As Boolean = False)
If bEnable Then
If Not Current.Request.IsSecureConnection Then
Dim strHTTPS As String = "https://www.mysite.com"
Current.Response.Clear()
Current.Response.Status = "301 Moved Permanently"
Current.Response.AddHeader("Location", strHTTPS & Current.Request.RawUrl)
Current.Response.End()
End If
Else
If Current.Request.IsSecureConnection Then
Dim strHTTP As String = "http://www.mysite.com"
Current.Response.Clear()
Current.Response.Status = "301 Moved Permanently"
Current.Response.AddHeader("Location", strHTTP & Current.Request.RawUrl)
Current.Response.End()
End If
End If
End Sub
Usage:
'Enable SSL
SetSSL(True)
'Disable SSL
SetSSL(False)
You could add this to the Page_Load of each of your pages. Or you could do something like I did and create a list of folders or pages that you want secured in your global.asax and set the SSL accordingly in the Application_BeginRequest method. And this will work with relative links and the HTTP or HTTPS status of a page will always be what you tell it to be in the code.
I have this code in place on several websites. But as an example, if you go to https://www.techinsurance.com you'll notice it automatically redirects to http because the home page doesn't need to be secured. And the reverse will happen if you try to hit a page that needs to be secured such as http://www.techinsurance.com/quote/login.aspx
You may notice that I'm using 301 (permanent) redirects. The side benefit here is that search engines will update their index based on a 301 redirect code.
Which language/framework are you using?
You should be able to create your own function in which you pass in the relative page and you deduce from the HttpRequest object and the Server object (again depending on the language or framework) what the host and URL are and then just simply redirect to that URL but with https as a prefix.
Here is a good CodeProject article on doing this by specifying certain directories and files that you want to use SSL. It will automatically switch these to and from https based on your needs.
I've use this for a project, and it works really well.
This is the same answer I gave here:
Yes you can. I recommend this free open source DLL that lets you designate which pages and folders need SSL and which don't:
http://www.codeproject.com/KB/web-security/WebPageSecurity_v2.aspx
So you can setup a page to be secure in your web.config like this:
<secureWebPages encryptedUri="www.example.com" unencryptedUri="www.example.com" mode="RemoteOnly" >
<files>
<add path="/MustBeSecure.aspx" secure="Secure" />
</files>
</secureWebPages>
We ended up buying ISAPI Rewrite to perform redirects at the web server level for certain URLs. That's not quite the answer I was looking for when I asked the question, but it's what works for us.