I have whitelisted an URL and using it inside my component. My expectation is, when component loads, this page should be displayed inside my component like it does externally. However, i get an error "refused to connect", even after whitelisting. Is there anything that i need to take care of besides whitelisting?
Related
I have an (java/jsp) embedded form builder (version 2019.2.0.201912301747) and I would like to use the test button, but I get an empty iframe on the popup window and indeed, the embedded fb-test-iframe iframe's src is an about:blank.
Although the same is true when I drop the orbeon.war to an empty tomcat and run the form builder there, there the test page works correctly (I have to add that I have implemented a custom persistence API for my orbeon instance, maybe I should have specified somewhere some related url, I have specified only the oxf.fr.persistence.${my persistence id}.uri .)
Unfortunately there is no network activity in the browser debug (maybe because of the iframe) and no browser error, it just does not work :(
Unfortunately the documentation does not really explain the way of working of the test button.
What and where should I configure in Orbeon to force it to, I don't know, raise an event that triggers something in orbeon to load something (ideally a form runner instance that loads the currently edited form) to there?
Update #1:
After switching to orbeon-2018.2.4.201911212304-PE.zip (but keeping the 2019 libs where it is embedded), I was able to get it to communicate, so I am a bit further. Now as it is visible on the picture, the embedded orbeon sends data to its backend, and the request arrived the orbeon backend according to its logs.
orbeon.war log
But there is no answer to the last request, this is the key I think, but I don't understand why. As if there would be a further call (maybe towards the orbeon CRUD API backend, and there would be no connect/read timeout for that connection).
But there is no further communication towards the crud api, there is no new entries in the crud api backend log.
My properties-local-prod.xml
Thanks in advance.
OP mentioned in a comment that this doesn't happen with an out-of-the-box install of Orbeon Forms, and thus suspects the issue they are having was due to some change they inadvertently made to Orbeon Forms.
Last year I implemented Oauth2 for users of our app to sign in via Google, obtaining the client ID and configuring multiple permitted URLs via the Google Dev Console at https://console.developers.google.com/project/<our-project-id>/apiui/credential?authuser=0.
I now need to add another URL to the list, but the UI for the Google Dev Console has changed. Using the new UI, I don't understand how to view the URLs I already configured, and I don't understand how to add another. The documentation I've found describes adding stuff such as credentials and domains, but I don't want to click anything until I understand it better because I can't risk breaking the production app, which relies on the existing setup I established with the old Google Dev Console. In particular, I don't think I should add or change anything until I can at least see the configuration data I previously created.
I'd appreciate info on how to view my existing configuration data, either by somehow accessing the old UI or by clicking the appropriate controls in the new one. From there I'll hopefully be able to figure out how to add another URL.
By the way, the URL I want to add is a proxy server for using "ionic serve" (http://10.0.0.15:8100/app/oauth_redirect) if that's relevant to your answer.
you can click on Credentials link in the left side menu and then click on you app. shown as hyperlink. and you will get options to add more URL to redirect uri list or to authorized uri list and you will be able to see your old configured url as well. See below screen shots to understand more.
I want to make an application to redirect websites.
It has a table with "domains" and "redirect domains".
Once it matched domain, it redirect to redirect domain.
If didn't matched, it redirect to default page.
So I created a Delphi application with IdHTTPProxyServer.
I have configured it to even work with https using "ssleay32.dll" and "libeay32.dll".
Everything works great.
It use "IdHTTPProxyServerHTTPBeforeCommand" event to redirect like this:
with AContext.Connection.IOHandler do
begin
WriteLn('HTTP/1.0 302 Moved Temporarily');
WriteLn('Location: ' + RedirectURL);
WriteLn('Connection: close');
WriteLn;
end;
But how do I distinguish the event call by main URL (user typed in the address bar) and other URLs?
"IdHTTPProxyServerHTTPBeforeCommand" event called lots of times when a page is loading for stat counters, facebook like buttons, etc. I don't want to redirect all of them to default page.
If this is not possible with IdHTTPProxyServer, is there any other options in Delphi or any other language (which can generate native executable. C++ preferred)?
Thank You
From the perspective of a proxy (or the target HTTP server, for that matter), there is no difference whatsoever between a user-typed URL and other URLs. Every HTTP request is self-contained and independent of every other HTTP request. They have to processed as-is on a per-request basis.
If you want to ignore dependent URLs (images, scripts, etc), you will have to know ahead of time what the initial URL is, parse the data that is retrieved from that URL, keep track of any URLs the data refers to, and then ignore those URLs if you see them being requested later. However, there is nothing in the HTTP protocol to tell you what the initial URL is. There is a Referer request header that may help at times, as it is filled in when a browser is requesting dependent resource files, but it is also filled in when the user navigates around from one page to another, so you can't rely on the Referer by itself. You will have to implement your own discovery logic to figure out the initial URL based on more analysis of the URLs being requested by a given client over time.
Only the client really knows what it is requesting and why, a proxy is just a gateway to reach it. So there is only so much smart filtering you can do in a proxy without knowing what the client is actually doing.
I have awebsite, lets just call it search, in one of my browserpages open. search has a form, which when submitted runs queries on a database to which I don't have direct access. The problem with search is that the interface is rather horrible (one cannot save the aforementioned queries etc.)
I've analyzed the request (with a proxy) which is send to the server via search and I am able to replicate it. The server even sends back the correct result, but the browser is not able to open it. (Same origin policy). Do you have any ideas on how I could tackle this problem?
The answer to your question is: you can't. At least not without using a proxy as suggested in the answer by Walter, and that would mean your web site visitors would have to knowingly login to your web site using their other web site's credentials (hmm doesn't sound good...)
The reason you can't do this is related to security, if you could run a script on the tab next to the one with the site open (which is what I'm guessing you want to do), you would be able to do a CSRF attack and get any data you wish and send it to hack.com
This is, of course, assuming that there has to be a login somewhere in the process, otherwise there's no reason for you to not be able to create a simple form which posts the required query and gets the info.
If you did have access to the mentioned website, you would be able to support cross domain xml using JSONP.
It is not possible to bypass the same origin policy in javascript (assuming that you want to do it with that considering your question). You need to set up a proxy server side that is doing the request for you and returns the html.
A simple way of doing this in PHP would be like this:
<?php
echo file_get_contents("http://searchdomainname.com" . "?" . http_build_query($_GET, '', '&'));
?>
I faced a problem some time back on a particular website. It has given many hyperlinks on it to other sites. e.g. of one such URL is:
http://http//example.com/a9noaa.asp
It is clearly incorrect (http comes twice) URL so when one clicks on it there is a page error like "Address not found".
But when one copies the link location and pastes it in the browser’s location bar, it loads that new page correctly. So it’s the problem of incorrect URL being mentioned in the hyperlink.
Will it be possible to make browser check for basic sanity of the URL being accessed like checking that:
word http is present only once,
colon is typed correct,
no unusual character at beginning of URL,
double backlashes are correctly present, etc.
Or that the URL being typed in the address bar and automatically correct the errors in it?
Can any client side code be present to make a internet browser achieve this functionality? Is it possible?
Or are there any plugins for popular browsers (Firefox, IE) already available to achieve this?
Thank you.
-AD.
First of all, http://http//example.com/a9noaa.asp is a valid URI with http as the scheme, the second http as the host name and //example.com/a9noaa.asp as the path. So if it’s not invalid, the browser has no need to correct it.
Now let’s look at the location bar. Most user friendly browsers do some error correction if the location that has been entered is invalid. One of that correction measures is to prepend the string with http:// if that’s not present. So you just have to type example.com to request http://example.com.
Another correction measure is to complete unknown host names with http://www. and and .com before and after the entered string. So you just have to type example, hit enter and you request http://www.example.com.
But any error correction outside the location bar can especially in hyperlinks can be crucial. Take this for example: A guest enters his/her website URI in a guestbook entry but ommits the http://. Now that value is used in a hyperlink but the missing http:// is not prefixed. So the link might look like this:
Website
If you click on such a link, the relative URI of that link would be resolved to an absolute URI using the current document’s URI as the base. So the link might be expanded to http://some.example/guestbook/example.com. Who hasn’t experienced that?
But correcting that missing http:// in the browser is fatal. Because the auther might have intended to reference http://some.example/guestbook/example.com instead of http://example.com that the browser would expect.
So to round it up: Correcting the user’s location bar input suitable when there is something missing (e.g. the http://). But doing that on every link is not.
The URL you posted is not "incorrect", it is valid. Hostnames can take many forms, such as http://localhost/ or http://http/ as well as the more common http://example.com
If you don't include http:// or another protocol in a web link, then the browser assumes you are using a relative link. For example...
link
...will link to http://yoursite.com/www.example.com, because this is a perfectly valid URL - you can name a file www.example.com.
I would recommend contacting the website in question to fix their error. No browsers will correct this automatically.
It really shouldn't be up to the browser to correct mal-formed URLs. A URL is supposed to be a unique identifier of some page. The one doing the linking to the page should take care to link to the correct page. There must be no guesswork involved in opening a URL.
That said, some browsers are better than others. Of the top of my head I think IE won't understand "localhost:8888/test" (no protocol given and not standard port 80), but Firefox will at least try to access it via "http://localhost:8888/test". This kind of best-guess filling-in-the-blanks is fine I think, any further auto-correction would be doing too much.
Safari for example will try to auto-guess domain names for you. If "apple/safari" yields a DNS error, it'll automatically try to complete the address to "apple.com/safari". With your URL it might try to complete it to "http://http.com//example.com/a9noaa.asp", which might yield a page if http.com exists. There's just no one way of doing it, therefore it shouldn't be done at all.