I have an application in which one opens many windows. I added copy/paste, using XA_PRIMARY.
That works fine within my application. It also works fine when copying from other applications (pluma, FireFox, mate terminal) into a window of my application.
When I call XSetSelectionOwner(), with time stamp etc as explained in the documentation, server acknowledges new owner. That is, XGetSelectionOwner() returns the owner I just set.
However, when copying from my app to other applications I do not receive SelectionRequest.
From what I see, server only sets the owner for the Display used in the call XSetSelectionOwner().
Is this how it is supposed to work? Then, is there something else to do so server sets owner for all apps?
Given the behavior of the Server, I had to assume that other clients are not making their request for "PRIMARY". So, I added "CLIPBOARD", and now everything is working great.
The documentation appears to say that every client will use PRIMARY. Further reading seems to indicate that there is a difference between making a "selection", and "copying text". They seem to skirt this as a useful feature. I see nothing but confusion. Anyway, there really was no bug in my app. I think documentation should have a line saying: You must implement both, PRIMARY and CLIPBOARD. That was the problem.
Related
Suppose I have the following URL, which displays some unique information for the specified user:
http://example.com/?user=john-smith
I want this URL to look like this instead, because it's (supposedly) more SEO-friendly and human-readable:
http://example.com/user/john-smith
Of course I can do it by creating a "user/john-smith" sub-directory in the root and putting an index.php or default.htm or whatever in there.
But I might have millions of users and I really don't want to create millions of sub-directories like this (not even sure I can).
So, how can I make it so that a user enters "http://example.com/user/john-smith" in the browser, but arrives or is somehow redirected to "http://example.com/index.php" or whatever it takes to make this work without creating a separate directory for every user? Is this even possible?
Notes:
- The closest I can get to is "http://example.com/user/?john-smith", but that's still not good enough.
- I'm using Windows Server 2016 with PHP 7, but happy to hear solutions for any platform.
Okay, finally discovered the answer (sadly, no thanks to StackOverflow).
On a Windows Server it's actually pretty easy - IIS 7.0 and later contain a service called "URL Rewrite" (if it's not installed by default, it can be installed separately), which is a surprisingly convenient GUI for creating rules (using standard regular expressions) that convert "incomprehensible" URLs into something that the server understands.
In my example case, I just create a conversion rule from "^user/([a-z-]+)" to "?user={R:1}" and that's it!
There is a similar thing on Apache servers called "mod_rewrite", but you might need to write rules in XML manually for it.
I have been extensively using a custom protocol on all our internal apps to open any type of document (CAD, CAM, PDF, etc.), to open File Explorer and select a specific file, and to run other applications.
Years ago I defined one myprotocol protocol that executes C:\Windows\System32\wscript.exe passing the name of my VBScript and whatever argument each request has. The first argument passed to the script describe the type of action (OpenDocument, ShowFileInFileExplorer, ExportBOM, etc.), the following arguments are passed to the action.
Everything worked well until last year, when wscript.exe stopped working (see here for details). I fixed that problem by copying it to wscript2.exe. Creating a copy is now a step in the standard configuration of all our computers and using wscript2.exe is now the official configuration of our custom protocol. (Our anti-virus customer support couldn't find anything that interacts with wscript.exe).
Today, after building a new computer, we found out that:
Firefox doesn't see wscript2.exe. If I click on a custom protocol link, then click on the browse button and open the folder, I only see a small subset of .exe files, which includes wscript.exe, but doesn't include wscript2.exe (I don't know how recent this problem is because I don't personally use FireFox).
Firefox sees wscript.exe, but it still doesn't work (same behavior as described in my previous post linked above)
Chrome works with wscript2.exe, but now it always asks for confirmation. According to this article this seems to be the new approach, and things could change again soon. Clicking on a confirmation box every time is a big no-no with my users. This would slow down many workflows that require quickly clicking hundreds of links on a page and, for example, look at a CAD application zooming to one geometry in a large drawing.
I already fixed one problem last year, I am dealing with another one now, and reading that article scares me and makes me think that more problems will arise soon.
So here is the question: is there an alternative to using custom protocols?
I am not working on a web app for public consumption. My custom protocol requires the VBScript file, the applications that the script uses and tons of network shared folders. They are only used in our internal network and the computers that use them are manually configured.
First of all, that's super risky even if it's on internal network only. Unless computers/users/browsers are locked out of internet, it is possible that someone guesses or finds out your protocol's name, sends link to someone in your company and causes a lot of trouble (possibly loss too).
Anyway...
Since you are controlling software on all of the computers, you could add a mini-server on every machine, listening to localhost only, that simply calls your script. Then define host like secret.myprotocol to point to that server, e.g., localhost:1234.
Just to lessen potential problems a bit, local server would use HTTPS only, with proper certificate, HSTS and HPKP set to a very long time (since you control software, you can refresh those when needed). The last two, just in case someone tries to setup the same domain and, for whatever reason, host override doesn't work and user ends up calling a hostile server.
So, links would have to change from myprotocol://whatever to https://secret.myprotocol/whatever.
It does introduce new attack surface ("mini-server"), but should be easy enough to implement, to minimize size of that surface :). "Mini-server" does not even have to be real www server, a simple script that can listen on socket and call wscript.exe would do (unless you need to pass more info to it).
Real server has more code that can have bugs in it, but also allows to add more things, for example a "pass through" page, that shows info "Opening document X in 3 seconds..." and a "cancel" button.
It could also require session login of some kind (just to be sure it's user who requests action, and not something else).
The title of this blog post says it all: Browser Architecture: Web-to-App Communication Overview.
It describes a list of Web-to-App Communication techniques and links to dedicated posts for some of them.
The first in the list is Application Protocols, which I have been using for years already, and it started to crumble in the last year or so (hence my question).
The fifth is Local Web Server, which is the one described by ahwayakchih.
UPDATE (this update follows the update on the blog post above mentioned)
Apparently I wasn't the only one thinking that this change in behavior was a regression, so a workaround has been issued: the old behavior (showing a checkbox that allows to remember the answer) can be restored by adding these keys to the registry:
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge]
"ExternalProtocolDialogShowAlwaysOpenCheckbox"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome]
"ExternalProtocolDialogShowAlwaysOpenCheckbox"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Chromium]
"ExternalProtocolDialogShowAlwaysOpenCheckbox"=dword:00000001
[Disclaimer: I'm not sure if this kind of question is accepted here as it is about a piece of software deployed already. Rest assured I didn't drop any confidential information. Also do tell me if I violated any rules in SO by posting this so I can take it down immediately]
I have a working Learning Management System web application and I recently received a bug report about a button not showing. After investigating, I have proved that the user was not using the web app as intended. When taking an exam, he was opening multiple tabs to exploit the feature that informs him whether the answer was correct or not. He then will use this information to eliminate the wrong answers and submit all the right answers in another tab/window.
I'm using Rails 4.2. Is there a way to prevent multi-tab browsing? I'm thinking like if a user is signed in and he attempted to open a new tab of the webapp, he should see something like "Please use one tab" and all the features/hyperlinks/buttons are disabled.
Here's a screenshot of how I proved he was using multiple tabs. Notice that there are multiple logs of the same attempt # because the current implementation allows saving a study session and resuming later (this is the part that's exploited). The opening of multiple tabs searches for the most recent attempt session and continues from there. This is also the reason why most of the sessions don't have a duration value -- the user only finishes a study session for one tab (by clicking a button that ends the study session). The system cannot compute for the duration because the other sessions don't have an end timestamp.
-
This is what a single-tab user looks like:
This is more of an application misuse issue more than a bug.
You should add protection not only from multi tab, but for multi browsers aw well, so it can't be purely FrontEnd check.
One of the solutions could be using ActionCable to check if a user has an active connection already and then act accordingly.
Another, for example, generate a GUID in JS and pass it with every answer. If its different from previous answer, it means user opened a new window.
But of course the solution would depend on your current architecture, without knowing how do you currently organise client-server communication it's hard to give exact and optimal solution.
I found an answer here. I just placed this js in the application view to prevent any extra instance of the website.
Thanks for everyone who pitched in.
I am developing something with ejabberd server. I came to the need of changing the subscription logic. I am using ejabberd-2.1.11
My need is on how the subscription works, I would like to change the logic so that users upload their roster contact with subscription both automatically and and save in in the rosterusers table-colum subscription immediately to be B. So that they should be able to see online and in their contacts at least when the first one has already registered to the server. ( hope this make sense for you and is valid)
I am a very beginner in erlang and ejabberd architecture but I have already developed some basic modules, my question to you is if you could help me on this regard, how difficult is to make this change and if you could give me some hints where the changes would be
I'd stay away from modifying the server, it conforms to standards and follows the specification. So if you ever need to move to another server or upgrade, you know it's just going to work.
What you would do to achieve this is implement this behavior on the client using the server's features.
If you are really sure you want to modify the server, mod_roster.erl is the file you want to be looking at.
If using an external DB, you can also modify the DB directly, but changes won't be reflected until the clients log back in.
What is the following portion of a Gmail URL for?
https://mail.google.com/mail/?**zx**=1efobg68r40co&**shva**=1#inbox
If you change it, nothing happens!!
I know Gmail is not an Open-Source program so we can't trace the code. But every website try to make the URL shorter so they ideally shouldn't add redundant data to the URL. At the same time they don't make any difference nor error if they change.
Edit: I know it's a parameter for a scripting language since I'm a PHP developer but as a developer I don't EVER add a useless parameter and I think it's obvious/primitive sense!
The acronym stands for "Should have valid authentication" as noted here:
http://googlesystem.blogspot.com/2010/07/gmails-shva-parameter.html
As others have noted, 1 is the default value.
If I'm remembering correctly, back when they were working on the current version of the interface, you could preview it by setting shva=2 instead of the default. That version is now the default and you can't get the old version, so shva does nothing now.
It may be used again in the future, who knows?
But every website try to make the URL shorter so they ideally shouldn't add redundant data to the URL...
This is self-evidently not true. Look at StackOverflow URLs for a perfect example. This post:
http://stackoverflow.com/questions/1692968/shva-in-gmails-url-what-is-this
could just as easily be (it works):
http://stackoverflow.com/questions/1692968
I don't think anyone worries these days about the extra couple bytes of data involved with an extra query string parameter.
Some of them saying it is" should have valid Authentication". We shall consider it OK.
But the real expansion of shva is "security host verification and authentication".
It always comes when you open Gmail.
We won't know what it 'exactly' means unless someone inside Google answers your question. But my guess would be that it has to do with security and encryption. Nothing happens when you change it because it is part of the cookie as well. So when you change it they must also compare it with what is set in the cookie.
"shva" is an acronym for "should have valid authentication". Apparently, the parameter is only included after a successful authentication.
The 1 is the default value applied to the parameter check. It's also a shorthand way for programmers to say true, like when you have successfully logged in.
The other part, #inbox, tells Gmail to load up your inbox as the first screen. You can change that to one of the other folders (or even labels you've created) to load them up.
E.g., https://mail.google.com/mail/?shva=1#sent will show your Sent folder items.
https://mail.google.com/mail/?shva=1#label/narwhals will load up your "narwhals" label.
Gmail, like many web services, serves a standard interface that will change to show only your information and data when you've logged in.
The particulars are referenced on their end through the use of an ID from the cookies or sessions generated after the login screen.