Transferring Result Data via HTTP Header? - Asp.Net MVC - asp.net-mvc

I am trying to upload file without refreshing the page.
I got 1 form, 1 submit, 1 file input and 1 iframe in order to prevent refreshing.
Form sending data via iframe, so my form have target attribute.
After my c# function's work, I want to return result data, such as message, issuccess etc.
I don't know how to return result data without using http header.
Maybe it's also not possible with http header. I don't know. I am here to learn how to do.
Transferring result data via http header makes sense? Is it preferable way?
Does it occurs vulnerability?
Any other suggestions?
Thanks in advance.

Typically it's hard to get a file over the wire without a form post.
What I've done often is use an invisible iframe for a form post and then have the iframe call a function in the parent page upon load. This assumes you can't just use jquery or a recent version of dojo to take care of this for you.
http://viralpatel.net/blogs/ajax-style-file-uploading-using-hidden-iframe/
If you can use jquery it's much nicer. Edit: this is under the mit license
http://blueimp.github.com/jQuery-File-Upload/

Why not take advantage of the HTML5 File API. These links should point you in the right direction.
http://www.html5rocks.com/en/tutorials/file/dndfiles/
http://timothypoon.com/blog/2011/05/10/ajax-uploading-with-html5s-file-api/

Related

Fill the entire form based on selection (onchange)

I have an ingredient form and I want the user to type only the name and then the carb, protein and fat get automatically loaded. I know I need an ajax request but I don't know the path to learn how to accomplish this.
Can anyone gives an example or tell me where I can find it?
Learn Jquery too. Jquery is a widely used Javascript library and you will find a lot of help too.
Coming back to the question, $ajax method will be used to send an ajax request from your .js file. You will find a lot of documentation on it.
If you want to send an ajax request using rails helpers and views use the
remote : true
option. it will process your request as a XmlHttpRequest one. You can check the type of request by naigating to your browsers console and see the type of request. In case of Ajax request it will be XmlHttpRequest type.
This is not a thorough answer since you will find a lot of documentation on internet. But just to get you started.

Sending data to form, but cant work out encrypted post data - work around

Im trying to send some data to a form on a site were im a member using cURL, but when i look at the headers being sent, they seem to have been encrypted.
Is there a way i can get around this by making the computer / server visit the site and actual add the data to the inputs on the form and then hit submit, so that it would generate the correct data and post the form ?
You have got a few options:
reverse engineer the JavaScript that does the encryption (or possibly just encoding) process
get a browser engine (e.g. the Gecko engine), and add some scripting to it to fill in the forms and push the submit button - of course you would need JavaScript support within the page itself
parse the HTML using an HTML parser, feed the JavaScript in it to a JavaScript runtime with the correct libraries, fill in the "form" and hit the submit button
It's probably easiest to go for the first option. The JavaScript must be in the open to be able to be executed in the browser. But it may take some time to reverse-engineer as it is likely obfuscated.
You can use a framework to automate user interaction on the web pages, like Selenium.
This would enable you to not bother reverse engineering anything.
Selenium has binding in various languages, including Python and java.
Provided the javascript is visible on the website in question, you should be able to simply copy and paste their encryption routines to prepare the headers exactly as they do
A hacky fix if you can isolate the function that encodes the data you type in the form - is to use something like PyV8 to execute the JS inside python.
Use AutoHotKeyIt and actually have it use the Browser Normally. It can read from files, and do repetitive tasks infinitely. Also you can push a flag to make it only happen within that application, which means you can have it minimized and yet still preform the action.
You seem to be having issues with the problem of them encrypting the headers and such, so why not simply use that too your advantage? Your still pushing the same data in, but now your working around their system. With little to no side effect too you.

Disable AJAX on only home page with jQuery Mobile

I am looking for a way to simply disable AJAX on ONLY the home page in my project. I am using MVC so there are links to the home page in many areas. I want AJAX for the entire site however not when loading the home page. The reason is because I am using a script to setup the UI dynamically, it contains objects and those objects load when the page loads as a hard refresh but no when jQuery Mobile transitions to the page. I am looking for a solution where I can add a Script to just the home page to disable AJAX whenever it is referenced. But still have AJAX for the rest of the solution. Its a very unique situation but I haven't found anything that could prevent ONE page from being loaded through AJAX. Does anyone know?
if I could I would like to do something like this only on the home page
<script>
$(document).bind(function(){
[some call to disable this page from being loaded with AJAX]
});
</script>
Thanks in advance.
No such thing exists. Think of AJAX like a little mini-browser: if the URL returns a response, it can access it. However, it might be possible to branch on the existence of a request header in your Home action and return something like a 403 Forbidden if an "AJAXy" request header is detected.
jQuery, for example, sends an X-Requested-With: XMLHttpRequest header along with its request. If this header is present, the request most likely came from an AJAX method in jQuery (or other libraries that potentially use the same methodology). You can also pass your own custom headers with the AJAX request, if you want. However, all of this is implementation-specific, so it pretty much depends on all developers on your team doing things a certain way. For example, if someone used a standard JavaScript XHR object to make the request, then the X-Requested-With header would be absent. Or, if you used a custom header, every developer would need to pass that header every time, or again, the logic would break down.
If your business rules say that the home page shouldn't be requested via AJAX, the best way to handle that is at a business level, i.e. policy. Anything you try to in the actual code could easily be worked around.

Forcing a page to POST

This may be a very unusual question, but basically there's a page on another domain (that I can view, but can't edit/change) that has a button. When that button is clicked it generates some unique keys.
I need to pull those unique keys with my web service (using ASP .NET MVC3) I can get the initial HTML of the page, but how can I force the page to "click" the button so that I can get the values after the POST?
Normally, I'd reuse the code to generate keys myself, but I don't have access to the logic.
I hope this makes sense.
Use e.g. firebug to see what POST parameters are sent with form and then make the same POST from your code.
For this you can use WebRequest or WebClient.
See this SO questions that will help you how to do it:
HTTP request with post
Send POST request in C# like a web page does?
How to simulate browser HTTP POST request and capture result in C#
Then just parse the response with technology of your choice (I would use regular expressions - Regex, or LinqToXml if the response is well formed XML).
Note: Keep in mind that your code will be dependent on some service you are not maintaining. So you can get in problems when the service is unavailable, discontinued or if the format of POSTed form or response will be changed.
This really depends on the technology on the targeted site.
If the page is a simple HTML form then you can easily send a POST. You will need to send the expected data to the POST. Then you can parse the data.
If its not so straight forward you will need to look into ways to automate the click. Check Selenium. Also you might need to employ scrapping if the results page is a mess.

Progressive enhancement - what to do when JavaScript is off?

I understand what progressive enhancement is, I'm just fuzzy on some of the details in actually pulling it off. Of course, that could be because I'm looking at it in the wrong way. Let me try to explain my difficulty with a hypothetical:
ASP.NET MVC site. I have a view that has tabbed navigation. Each tab is for a movie category/genre which displays 5-10 links to movies in that category. The movie data is obtained through Netflix's Odata.
My initial thought is to use Ajax to pull and parse the JSON from the proper OData GET requests when each tab is clicked. How would I provide a non-JavaScript version of that? Is it even possible?
For simpler requests where JSON isn't necessary - like, say, having a user log into the system - I see how I could simply set a cookie and dynamically change the page based on it to reflect the change. But what if I need to return and parse JSON? How do I provide an alternative?
The deal with progressive enhancement is that your server side must be fully capable of generating every last bit of HTML that appears in all of your pages. This is obvious, since otherwise (if JS is turned off) there will be no part of your application capable of doing said rendering.
Since the server side must know how to render everything, it doesn't make much sense to generate things (DOM elements/HTML) on the client side from JSON responses the server gives you. Why repeat yourself?
This brings us to the logical conclusion that when doing dynamic updates on the client, you need to get ready-made HTML from the server (since the rendering logic is over there) and insert it into the DOM as appropriate. You are then free to work on the newly inserted elements with jQuery and enhance them all you want.
So -- forget about parsing JSON on the client, otherwise you 're locking yourself out of progressive enhancement. If you want to call a third party, have the server be your intermediary: call the server with all the necessary information for it to call the third party and get ready-made HTML back.
If you do this, then the server can of course provide non-JS versions of everything on your site with no problem. Total non-reliance on JS achieved.
There is no JSON without JS, by definition (JavaScript Object Notation). Without JS you won't make AJAX calls. Your pages will render as is, just like oldschool sites.
If you need to do this progressively, you will have to call the odata service server-side, and provide .net objects to the site in viewdata, or your viewmodel, and have your views/partials render it.
In ASP.Net MVC actions, the httpcontext available via the controller will have a property on this path: this.HttpContext.Request.IsAjaxRequest() and can be used to test whether you want to return a view or just json data, or whatever type of ActionResult you want. This can be an excellent timesaver for building progressive enhancement style sites.

Resources