I built a GET REST webservice (Rest API) which has to return text/html.
Inside the sequence I have a Mediator where I invoke a webpage (like http://www.mypage.com or something), and get its contents into a String variable.
After that I need to do some string replacements in the content and send it back as text/html to the client.
The problem is that when I got it back in my page the esb has replaced all <html> and other tags to <html> tags. So the web browser does not render a html page, but just writes the tags in the page itself.
The main idea is that it works like a proxy to a servlet, where I call a servlet, get the response, do some string replacements inside de html and javascript that I got, and send it to client.
Here is the sequence xml:
<resource methods="GET" uri-template="/view">
<inSequence>
<log level="full"/>
<header name="To" action="remove"/>
<property name="URL" value="http://www.mypage.com"/>
<sequence key="MyMediator"/>
<property name="RESPONSE" value="true"/>
<property name="NO_ENTITY_BODY" scope="axis2" action="remove"/>
<property name="ContentType" value="text/html" scope="axis2"/>
<enrich>
<source type="property" clone="true" property="RESPONSE_MSG"/>
<target type="body"/>
</enrich>
<send/>
</inSequence>
So, I put the string variable with the html (got from the mediator MyMediator, which is a java class and invoke the webpage www.mypage.com) into a property 'RESPONSE_MSG' and then try to write it to the body (enrich).
In this case I get an error, because the property I set is a String and not a XML. If I use a payloadFactory instead of an enrich, then it will generate an XML and I will get the html tags with <html>.
I would like to know an effective way where I can send the string variable from the mediator and it does not get transformed into some xml where all the html tags into the string gets replaced by < and >. Or I can send it like in the above code without getting any error. Do I have to use another type for the variable that I put in the property RESPONSE_MSG?
Thanks in advance!
This is a problem of the used messageFormatter (text/html). Check your axis2.xml file in the conf directory to see which messageFormatter is configured for the keyword text/html. Otherwise may try with a normal XML builder (i.e. application/xml).
Related
I'm using an angular directive to pull an html file from my IIS7 classic mode server (classic required due to SSO). To satisfy CORS I need read the ORGIN from the request and add a header to the response of the html file. That bit doesn't really matter. My problem is hooking in my code to actually do this for a static HTML file.
So with classic mode my handlers/module are defined in system.web, not system.webSever. Therefore I can't use the runAllManagedModulesForAllRequests="true" flag which isn't part of the schema for system.web.
In system.web I have:
<httpHandlers>
<!--<add path="*.html" verb="GET,HEAD" type="System.Web.StaticFileHandler" />-->
<add path="*.html" verb="GET,HEAD" type="My.Namespace.CrossOriginHandler, My.DLL.Name" />
<add path="*" verb="*" type="System.Web.HttpNotFoundHandler" />
</httpHandlers>
<httpModules>
<add name="CrossOriginModule" type="My.Namespace.CrossOriginModule, My.Dll.name" />
</httpModules>
This executes fine for a MVC pages or webapi calls. It does not execute for my static HTML file.
I'm starting to fear I'm going to need to write a custom ISAPI filter. Is there any other way to hook in my code? A configuration I'm missing or hook inbetween ISAPI filter and HttpModule?
There are a couple of options you have and definitely you should not need to write an ISAPI for that.
One option if you can set it for everyone blindly is to just use the httpProtocol section to add the header:
<system.webServer>
<httpProtocol>
<customHeaders>
<add name="Access-Control-Allow-Origin" value="*" />
</customHeaders>
</httpProtocol>
</system.webServer>
however, a much better option is to use URL Rewrite to set the headers and still have all the control to check for origins, and rewrite them appropriately.
I wrote a quick article on how to do that here:
http://www.carlosag.net/articles/enable-cors-access-control-allow-origin.cshtml
At a high level it means adding a URL Rewrite inbound rule to capture the Origin header and set it in a server variable. Then you can use that server variable later in an outbound rule to set it in a header. Optionally I used a Rewrite Map to condition the origins that you wanted to allow that.
<outboundRules>
<rule name="Set-Access-Control-Allow-Origin for known origins">
<match serverVariable="RESPONSE_Access-Control-Allow-Origin" pattern=".+" negate="true" />
<conditions>
<add input="{AllowedOrigins:{CAPTURED_ORIGIN}}" pattern=".+" />
</conditions>
<action type="Rewrite" value="{C:0}" />
</rule>
</outboundRules>
see full explanation here: http://www.carlosag.net/articles/enable-cors-access-control-allow-origin.cshtml
I want to make indexable my ajax based website.
I have read this doc: https://developers.google.com/webmasters/ajax-crawling/docs/getting-started But I don't understand it at all.
I think I need to do it:
Write this tag in a webpage, for example: www.myweb.com/mypage
<meta name="fragment" content="!">
I'm using UrlRewriteFilter for my Tomcat Server (http://tuckey.org/urlrewrite/), so I think I could redirect the urls with the substring: "?_escaped_fragment_=" to a html snapshot (which I can build manually, writing my custom meta-description, title and content???)
<rule>
<from>^/mypage\?_escaped_fragment_=</from>
<to type="forward">/snapshots/mypage.html</to>
</rule>
Write the URLs (without the escaped fragment) into the sitemap.xml
...
<url>
<loc>www.myweb.com/mypage</loc>
...
</url>
...
Is it right? I need to do something more?
Ok, it is right, but the UrlRewriteFilter syntax is a bit different:
<rule>
<condition name="_escaped_fragment_" type="parameter" operator="equal"></condition>
<from>^/mypage/</from>
<to last="true">/snapshots/mypage.html</to>
</rule>
I am using struts2 jquery grid in my current project.The dataType used in jquery grid is json. Everything works like charm. There was a security audit of my application and they pinpointed the JSON Hijacking vulnerability. I searched the internet for mitigating the json hijacking in general & solution in struts2. I quite fing good documentation.
Json Hijacking
Prevent Struts2 from JSON Hijacking
I used the prefix param set to true in json result type in struts.xml. All is working fine , i got the json data prefixed with {}&&. As described in Link 2 this is used to mitigate the json hijacking.
The problem i faced is that jQuery Grid is not able to load Data.
My struts.xml
<action name="myjson" class="action.JsonTable">
<result type="json">
<param name="prefix">true</param>
</result>
The grid is not able to populate.Wen i remove <param name="prefix">true</param> from the action defnition, everything works fine. But it is vulnerable :(
A bit basic, but I have tried some of the methods to tackle the following error but could not get the right solution.
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<title></title>
</head>
<body>
<form method="post">
<input type="text" name="query1"></input>
<input type="text" name="query2"></input>
<input type="submit"></input>
</form>
</body>
</html>
Error on running :
HTTP Error 405.0 - Method Not Allowed
The page you are looking for cannot be displayed because an invalid method (HTTP verb) is being used.
In the mappings of IIS, I have added the POST method but that did not work!
Suggestions please!
The following code has solved the problem for me(it's for php on iis).
web.config:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<handlers accessPolicy="Read, Execute, Script">
<remove name="PHP55_via_FastCGI" />
<add name="PHP55_via_FastCGI" path="*.php" verb="*" modules="FastCgiModule" scriptProcessor="C:\Program Files (x86)\PHP\v5.5\php-cgi.exe" resourceType="Either" requireAccess="Script" />
<add name="HTML_via_FastCGI" path="*.html" verb="*" modules="FastCgiModule" scriptProcessor="C:\Program Files (x86)\PHP\v5.5\php-cgi.exe" resourceType="Either" requireAccess="Script" />
<add name="HTM_via_FastCGI" path="*.htm" verb="*" modules="FastCgiModule" scriptProcessor="C:\Program Files (x86)\PHP\v5.5\php-cgi.exe" resourceType="Either" requireAccess="Script" />
</handlers>
<security>
<requestFiltering>
<fileExtensions>
<add fileExtension=".php" allowed="true" />
</fileExtensions>
<verbs>
<add verb="POST" allowed="true" />
<add verb="GET" allowed="true" />
<add verb="HEAD" allowed="true" />
<add verb="DELETE" allowed="true" />
<add verb="PUT" allowed="true" />
</verbs>
</requestFiltering>
</security>
</system.webServer>
Without seeing more, this could be a variety of problems. With that in mind, here is a list of possible fixes for your issue:
Cause 1
This problem occurs because the client makes an HTTP request by using
an HTTP method that does not comply with the HTTP specifications.
To resolve this problem, see resolution 1.
Cause 2
This problem occurs because a client makes an HTTP request by sending
the POST method to a page that is configured to be handled by the
StaticFile handler. For example, a client sends the POST method to a
static HTML page. However, pages that are configured for the
StaticFile handler do not support the POST method.
To resolve this problem, see resolution 2.
Resolution 1
Make sure that the client sends a request that contains a valid HTTP
method. To do this, follow these steps:
Click Start, type Notepad in
the Start Search box, right-click Notepad, and then click Run as
administrator.
Note If you are prompted for an administrator password or for a
confirmation, type the password, or provide confirmation. On the File
menu, click Open. In the File name box, type
%windir%\system32\inetsrv\config\applicationhost.config, and then
click Open.
In the ApplicationHost.config file, locate the
tag.
Make sure that all the handlers use valid HTTP methods.
Save the ApplicationHost.config file.
Resolution 2
Send the POST request to a page that is configured to be handled by a
handler other than the StaticFile handler (for example, the ASPClassic
handler). Or, change the request that is being handled by the
StaticFile handler so that it is a GET request instead of a POST
request.
MSDN Source
In my opinion you have 2 errors:
1) If your file extension is *.html change it to for example *.asp, *.php and it will work.
2)The input tag doesn't have closing tag.
I have this variable defined in my web.config file :
<appSettings>
<add key ="version" value="123"/>
</appSettings>
and I am using it in my aspx pages' headers without problem:
<link rel="stylesheet" type="text/css" href="../css/style.css?<%= ConfigurationManager.AppSettings["version"] %>"/>
But this doesn't seem to work in a regular HTML page.
What is the correct way of using a web.config variable in straight HTML ?
Server code (for instance what you have in the <%%>) can't be executed on static pages.
You need to append this manually in your static pages, or convert them to dynamic pages (.aspx).
<%%> stands for:
<script runat="server"></script>
In a static page which is not routed through the ASP.NET engine, this will not do anything and will not get converted to server code.