I want to send a HTTP request for the server to save a record from the browser. However I'd like the browser to not have to change pages/reload its content (as many of the solutions I've searched for suggested). Right now I'm using a pop up that performs the action then closing itself, but I'm looking for a better solution. Using rails 4.1.1
Related
Snip.ly nicely checks if the entered web address can be used in an iframe.
I'd like to replicate it in ruby. Looking through their code they send an ajax request to their server and thats where they do the validation.
Even after extensive googling couldn't find anything that could help me accomplish that.
My use case is that we let users add news listings to their page, which are shown in iframes, and would like to show it if the entered url can be used in an iframe.
You can figure out some cases by checking the X-Frame-Options header. But as you mentioned in the comments, it does not work all the time.
In my experience, it's best to side-step the problem altogether.
If you reverse-proxy your request through your rails server, then you can display pretty much anything all the time in your iframe.
Following is an example of the process. I'm assuming that your server is your-server.com and the user wants to list a page on user.com/list. The way it works would be:
Set an iframe's src to https://your-server.com/proxy?url=https://user.com/list`
Intercept the request, extract the url: https://user.com/list
Perform an HTTP request on https://user.com/list to fetch the content
Return it to the browser as if it come from your own server
This approach works pretty much all the time, but it then has other limitations:
- you should reverse proxy any asset on that page that has a relative url; otherwise the css/images may be broken
- you must handle ajax requests on that page
You can fix these as well, by transforming the html before step 4.
You could use https://github.com/waterlink/rack-reverse-proxy for step 2 and 3, instead of re-implementing your own reverse proxy.
You could set it up using the following code in config/application.rb:
config.middleware.insert(0, Rack::ReverseProxy) do
reverse_proxy_options timeout: 10 # avoids waiting for pages that take forever to load
reverse_proxy(/proxy\?url=(.*)/, '$1') # reverse proxy on the url parameter
end
I have awebsite, lets just call it search, in one of my browserpages open. search has a form, which when submitted runs queries on a database to which I don't have direct access. The problem with search is that the interface is rather horrible (one cannot save the aforementioned queries etc.)
I've analyzed the request (with a proxy) which is send to the server via search and I am able to replicate it. The server even sends back the correct result, but the browser is not able to open it. (Same origin policy). Do you have any ideas on how I could tackle this problem?
The answer to your question is: you can't. At least not without using a proxy as suggested in the answer by Walter, and that would mean your web site visitors would have to knowingly login to your web site using their other web site's credentials (hmm doesn't sound good...)
The reason you can't do this is related to security, if you could run a script on the tab next to the one with the site open (which is what I'm guessing you want to do), you would be able to do a CSRF attack and get any data you wish and send it to hack.com
This is, of course, assuming that there has to be a login somewhere in the process, otherwise there's no reason for you to not be able to create a simple form which posts the required query and gets the info.
If you did have access to the mentioned website, you would be able to support cross domain xml using JSONP.
It is not possible to bypass the same origin policy in javascript (assuming that you want to do it with that considering your question). You need to set up a proxy server side that is doing the request for you and returns the html.
A simple way of doing this in PHP would be like this:
<?php
echo file_get_contents("http://searchdomainname.com" . "?" . http_build_query($_GET, '', '&'));
?>
I am trying to implement basic progress bar for file uploads to work across multiple browsers without additional plugins like Flash or Silverlight. There are multiple ways to approach this problem on a client-side, however I can't find anything to work on a server.
Anywhere on MVC controller (before/on authorization and before/on executing action) file is already uploaded to server as HttpPostedFileBase. If I use basic HTTP handler for form submission, I have access to Context.Request.InputStream as well as to Context.Request.Files, but as soon I access the properties the stream/files would load silently.
I did extensive research, but could not find anything what allows me to Cache or store file upload process in Session. That would at least allowed me to use periodic AJAX requests from a client to monitor the progress.
What am I missing?
You should try a Javascript alternative, instead of handling it server side. The controller should only come in action when the request is done sending.
Try this JavaScript/jQuery alternative to Flash/SL
http://blueimp.github.io/jQuery-File-Upload/
I'm writing a toy application to get acquainted with AngularJS. This application has a Rails backend.
I don't know how to make the client side angularjs app, deal with a PDF that the backend sends when hitting a particular URL (http://localhost:3000/contacts.pdf)
When typing the above mentioned URL straight in the browser, the server replies with a PDF and the browser asks what to do with it (download or open).
When the same thing is done via the angularjs app, I can see the file gets returned in the response. And that's where I'm stuck at.
How can I replicate the same behaviour within client side app?
Thanks for your help
One way is just use an anchor tag in HTML and put the link as a controller variable ie. Download and in controller put $scope.link = "http://localhost..."; (or array if requiring multiple links).
If this is not what you want, please add further clarification.
I've got a Rails 3.2 app where I'm trying to debug a weird ssl problem.
I'm page caching throughout my app and to maintain dynamic content I am making ajax requests to update certain aspects.
All of the pages that are cached are supposed to be requested by http only. All but two of them are redirecting to http when an ssl request is made.
The problem is, that these two pages Artists and the Blog are failing to redirect back to http and the ajax requests to refresh content is getting canceled. To the best of my knowledge, it is getting canceled because it sees normal http as a different site and you can't make ajax requests to a different site under ssl.
Setting up a local signed certificate has not helped. In development these two pages are acting appropriately. I'm also using AWS ELB where the ssl terminates at the load balancer and goes to port 80 and that seems to also be working appropriately.
I could force just these two pages to redirect to http every time but I much rather get to the bottom of this.
I am using ssl_requirement to do the app level redirects.
I'm looking for ideas of how this could be happening. I've combed my codebase and I can't find anything at the app level that would be making this happen. I don't think my apache vhost is perfect but there's nothing pertaining to just these two pages. Anyone got a clue of where in the stack this could be occurring?
Edit:
Finally realized that since the pages are fully cached, the request is only hitting apache and never the application where it would get redirected. This makes me question why the Ajax requests are getting canceled. The Ajax requests are to the same domain but not encrypted. Shouldn't that just show up as a warning of 'insecure content'? I'm using jquery getScript to load the dynamic content.
Well, this will go down in the history of stupid mistakes but I thought I'd leave it up to help others googling.
The simple answer is that my ajax calls were not being allowed over an ssl connection. If your ssl_requirement has the method ssl_allowed, make sure that the ajax method your calling to load the dynamic content is allowed over ssl. Otherwise the request will be canceled or it will get a 302 redirect.