In Ruby on Rails you can place the access control headers in the Application Controller. What about Padrino? where do you place them? I've tried placing them in the method of a Controller I need to use different headers and inside app.rb, but it doesn't workout... any ideas?
As Nikhil mentioned it, setting the response headers yourself is a great way of doing it and being in control of what's happening.
If you put them on a before block in app.rb they will apply to the every route in your app which I guess is what you're trying to achieve here.
Just be careful on which permissions you grant. I find this MDN guide a great resource for CORS headers.
Related
I followed the tutorial to generate and use access tokens. Now, i get it just fine and put it in the options argument of the Autodesk.Viewing.Initializer.
My issue is that, i got to call the route using jQuery and as such, the response is visible from the network tab in devtools.
Is there a way to completely hide it?
Thanks in advance.
you may try with the mechanism of token proxy which is described at:
https://forge.autodesk.com/blog/proxying-forge-viewer
or
https://forge.autodesk.com/blog/securing-your-forge-viewer-token-behind-proxy
I called attached code below in WinJS app and keep getting this error 405 Method Not Allowed. I have changed the method property to "POST" , still the same thing. Some of the guys saying it is to do with the permission so I am trying to set the credential in the uploader. This is an internal app so we assume this should carry the Windows Authentication. But at the moment, I could not find how. Can anybody help?
uploader.createUpload(endpoint, file)
.startAsync()
You haven't narrowed down the problem to the point where you should be worrying about how to express what you need with BackgroundTransfer APIs yet - you need to figure out what you need to express, first.
If you have access to good documentation or a knowledgeable owner of this internal service you're connecting to, your first step should be consulting that to figure out what exactly the HTTP request (and the associated credential headers) should look like.
If you don't have access to that, the second best starting point is to take an existing, working client of this service you're uploading to and use a networking capture software (Fiddler, for example) to take a look at what the request it's sending looks like.
Once you've figured out the specific HTTP method and server credentials you need to use, you can tell BackgroundTransfer to use them by setting the method and serverCredential properties of your uploader object before creating your uploads.
Hy,
I'm working on a jsFiddle with a openlayers example in it.
http://dev.openlayers.org/releases/OpenLayers-2.11/examples/snapping.html
At the moment it's not working because it's not getting a response for the http request to get data. How do I fix that?
The jsFiddle is here: http://jsfiddle.net/TcuxA/6/
Go to the line "// create three vector layers" in the script.
There are 3 requests for data. If you type the URLs in your browser you get the JSON, but my firebug gives 3 errors when I run the jsFiddle.
I tried fixing with jsFiddle echo ( http://doc.jsfiddle.net/use/echo.html ), but that didn't work. I don't know how to change the script to load the data otherwise.
Why can't I get the json by these URLs? What are good sollutions?
What you are experiencing is an exception being thrown by the XMLHttpRequest object, because you are using AJAX to call elements from different domain. This is better said, for example, in here:
"The XMLHttpRequest object is prevented from calling web services from outside its own domain. This is sensible given that if you called a script in one place and it, in turn, called a script on another server, it could leave an application open to all sorts of malicious scripts, hacks and exploits."
So the easiest way to do is to code it locally and call a local copy of the files (poly.json, line.json and point.json) that would reside on your local server. For testing if all displays on a map you could hard-code the files into your code. I am not sure how it could be achieved otherwise.
A good solution can be this : using github responses . You can store your example in github, along with the predefined XHR requests responses.
I have a simple RESTful web service and I wish to test the PUT method on a certain resource. I would like to do it in the most simple way using as few additional tools as possible.
For instance, testing the GET method of a resource is the peak of simplicity - just going to the resource URL in the browser. I understand that it is impossible to reach the same level of simplicity when testing a PUT method.
The following two assumptions should ease the task:
The request body is a json string prepared beforehand. Meaning, whatever is the solution to my problem it does not have to compose a json string from the user input - the user input is the final json string.
The REST engine I use (OpenRasta) understands certain URL decorators, which tell it what is the desired HTTP method. Hence I can issue a POST request, which would be treated as a PUT request inside the REST engine. This means, regular html form can be used to test the PUT action.
However, I wish the user to be able to enter the URL of the resource to be PUT to, which makes the task more complicated, but eases the testing.
Thanks to all the good samaritans out there in advance.
P.S.
I have neither PHP nor PERL installed, but I do have python. However, staying within the realm of javascript seems to be the simplest approach, if possible. My OS is Windows, if that matters.
I'd suggest using the Poster add-on for Firefox. You can find it over here.
As well as providing a means to inspect HTTP requests coming from desktop and web applications, Fiddler allows you to create arbitrary HTTP requests (as well as resend ones that were previously sent by an application).
It is browser-agnostic.
I use the RESTClient firefox plugin (you can not use an URL for the message body but at least you can save your request) but also would recommend curl on the command line.
Maybe you should also have a look at this SO question.
I'm no expert on web development, and need to find a way to let the browser call a PHP routine on the server with the current document ID as parameter, eg.
http://www.acme.com/index.php?id=1
I then need to call eg. /change.php with id=1 to do something about that document.
Unless I'm mistaken, there are three ways for the client to return this information:
if passed as argument in the URL (as above), it will be available as HTTP referrer
by including it as hidden field in
by sending it as cookie
I suppose using a hidden field is the most obvious choice. Are there other ways? Which solution would you recommend? Any security issues to be aware?
Thank you.
You can also POST the data so it won't be seen in the URL with ’form method = "post" ’
All of these methods are, to a point, insecure as they can be manipulated by a savvy user/hacker. You could https your site, limiting any man in then middle attacks. Be sure to check and validate incoming data
Ajax is another option as well, and it allows you to send that information without refreshing the page.
http://www.acme.com/index.php?id=1
The above url would be more "browser friendly" if you transform it into something similar to this:
http://www.acme.com/index/page/1
I am sure you can achieve this in Apache. Or Java Servlets.