I am developing single page application using HotTowel.
My question is that, When I am writing a Breeze query with string parameter whose length is greater than 1600 characters then action is not invoking.
Please let me know the reason.
Thanks in advance.
as stated in:
What is the maximum length of a URL in different browsers?
there is a limit for the length of urls
check parametrized queries as a possible workaround:
How to properly send action parameter along with query in BreezeJs
The answer from #fops is correct. Using .withParameters, you may be able to create some methods on your server that allow you to use some shorthand on the client instead of very large queries.
If your queries are really big, and even .withParameters blows up your URL, you may need to use POST instead of GET.
Breeze doesn't support POST for queries directly, but there's an (unsupported) add-on in Breeze Labs called breeze.ajaxpost.js that will let you use POST for .withParameters queries.
Related
We can use
'PATCH /companies/:id' : 'CompanyController.find'
to update data.
One suggested me that I can use the alternative way:
'PATCH /companies/find?key=Value'
But I do not know what it works. Please explain me why we prefer ? mark than : mark in search path.
You can use either or. The biggest reason most people chose one or the other is just how they want to present the URL to the user.
Using a path variable (:) can symbolize you're accessing a defined resource, like a user ID, where as an argument (?) can symbolize you're are dynamically changing/searching something within a defined resource, like a token or search term.
From what I can tell that's the general practice I see:
example.com/user/:username
versus
example.com/user/?search="foo"
http://en.wikipedia.org/wiki/URL
If we are firing GET request, ? symbol is used to let the server know the url parameter variables starts from there. And this is commonly used. I didn't used : symbol instead of ?
You are probably messing the things up:
According to your example, :id indicates a variable that must me replaced by an actual value in some frameworks such as Express. See the documentation for details.
And ? indicates the beginning of the query string component according to the RFC 3986.
It's a rule to design rest api
you can find 'how to design a rest api'
Assuming below code is Sails.js
'PATCH /companies/:id' : 'CompanyController.find'
It will makes REST API that be mapped onto 'CompanyController.find' by using PathParam. Like this
www.example.com/companies/100
Second one will makes REST API by using QueryParam.
It also be mapped onto 'CompanyController.find'
/companies/find?key=Value
But the API format is different. Like this
www.example.com/companies/find?key=100
PathParam or QueryParam is fine to make REST API.
If the Key is primary for company entity,
I think PathParam is more proper than QueryParam.
I am currently working on a Grails solution and I am looking to pass a URL using WSLite, I basically want to pass a bunch of query params and have them fired off. One of the params I need to have is session.name, I need this exactly like this as a 3rd party system can only read data as "session.WHATEVER". However when i enter the data below it has a problem with the "session." as it appears that session is a reserved word in grails. Is there anyway I can get grails not to pick-up the reserved word and just use session.name? Maybe by some sort of override?
def response = client.get(path:'/TestingService', query:[code:testCode, session.name: name])
Thanks
Use quotes:
query:[code:testCode, 'session.name': name]
When I allow a user to enter text using s:textfield, he can enter something like <b>Name</b> or something like \Me/. I want that these should be escaped before I am saving them to the database. When we retrieve them, the escaping is done automatically, but I want it to happen also when we are saving it.
I was trying to return a json output from my action class, but due to a name \a/ stored in my database, wrong json was being formed. This would have been avoided if the name had been escaped before being saved into the database.
You can use StringEscapeUtils. You can call escapeJavascript(textfield) in your action and then store it into the database.
#Daud, The problem you explained is called Cross site scripting or XSS.
And I think you should use Filters to clean the request parameters. This is the most sophisticated way. You can call these filters for the actions which are posting some parameters via request.
Visit my blog to see how to avoid XSS threat using Filter approach.
I also faced this issue when our project was tested by well known firm specializing in security testing and they suggested this filter approach.
You can give it a try.
I'm unsure what the proper way is to access parts of the requested URL.
In this case, I want to get the requested path without the query variables. This is the only way I found to do it:
String path = getRequest().getResourceRef().getHostIdentifier() +
getRequest().getResourceRef().getPath();
The result would be the bold part of this url: https://stackoverflow.com/questions/ask?query=value
I also found about 6 different ways to get the server name (http://stackoverflow.com) but I'm worried that some of them would fail in certain cases that I am unaware of (why would there be 6 different ways to do one thing):
getRequest().getHostRef().getHostIdentifier();
getRequest().getHostRef().getIdentifier();
getRequest().getRootRef().getHostIdentifier();
getRequest().getRootRef().getIdentifier();
getRequest().getResourceRef().getHostIdentifier();
And this seems to get the complete URL with query parameters:
getRequest().getResourceRef().getIdentifier();
Any further explanation would be much appreciated.
If you're in a UniformResource (or subclass) I think you might be looking for the method getReference(), which returns the URI reference. There are a number of other convenience methods in that class you might be interested in so you don't have to go through the request. See UniformResource (Restlet 2.0).
I have a set of actions that are returning time-series data with-in ranges specifiable to the minute.
They work fine with querystrings,
i.e.
/mycontroller/myaction?from=20091201 10:31&to=20091202 10:34
with or without URL encoded colons, but I thought it would be nice to have a pretty URL
/mycontroller/myaction/from-20091201 10:31/to-20091202 10:34
but this now strikes fear in the hear of IIS as it doesn't like colons in the URI so I get 'Bad Request' responses.
My question then, is what's a recommended/standard course of action to ensure I can keep the time in there?
Do I need to write a custom ModelBinder to parse my own datetime format? Should the actions just take strings for from and to and parse with a custom format eg "YYYYMMDD-HHmm". Can I specify a custom format somewhere? If so where? Or should I just give this up as folly and stick with querystring parameters?
Oh, and I see a lot of people go on about RESTful URLs; from what I've read there's nothing that says query strings aren't RESTful - it's more about appropriate use of existing HTTP action types.
You're right REST doesn't mean if it's its not in a folder structure its not REST.
The path structure is there to describe the resource. Querystrings can still be used to describe a filtered subset of such a resource. A date range fully qualifies as a filter criteria and should thus be perfectly RESTful being passed in as a querystring.