I have an OVH hosted application on http://ovhserver/myapp/
This application is also accessible via http://anyUser.domain.com. I did this by redirecting *.domain.com to http://ovhserver/myapp/
The browser displays the http://[anyUser].domain.com. But when I try to read it using GWT, I'm only getting the real adress (http://ovhserver/myapp/).
[anyUser] is a reference to the active account; If you create an account X, my application would be accessible via http://X.domain.com.
I tryed, in vain, using GWT.getHostPageBaseURL(), Window.Location.getHref() and Window.Location.getPath().
I want to read the "displayed" URL in the browser. How can I do it?
Thank you.
This is not redirection, most likely anyUser.domain.com loads ovhserver/myapp in a frame. You can try using $wnd.top.location.href in a JSNI method though I'm not sure you'll be given access to it (as it's a cross-origin access).
You should really try setting up a true domain/hosting, it doesn't cost much, and would save you many headaches that framing will doubtlessly create.
Related
I've an ASP .NET MVC4 application that uses SimpleMembership and allows users to sign in with their google accounts.
In order to do that I configured the application's AuthConfig class by uncommenting the OAuthWebSecurity.RegisterGoogleClient(); line to add google as an external login method. I didn't really change much inside the external login methods that already come with the ASP .NET MVC4 Internet Application template.
Problem:
Everything works fine when I run it locally (IIS express) or when I deploy it to a 'test' server (IIS 6.1, accessible on the intranet only). When I click my "sign in with google" button, I'm sent to google's authentication page, whose url looks something like this:
https://accounts.google.com/ServiceLogin?service=lso&passive=12096...(long url)
Alas, when I deploy it to the 'production' server (internet facing) and try to access it via internet, Google authentication stops working: when I click my "sign in with google" I'm being sent to an url that looks like this:
http://MY_APPLICATION_NAME.MY_DOMAIN.com/accounts/o8/ud?openid.claimed_id=http%3A%2F%2Fspecs.openid...(long url)
This url is wrong not only because it has my domain in it (I believe it should be accounts.google.com?), but also because the rest of it is completely different from the url I get when the authentication works.
What I know and have tried:
If I use fiddler, I can see that the application is behaving differently when I'm accessing the application via internet or intranet.
If I access it from within the network, I see I'm making a request to http://MY_APPLICATION_NAME.MY_DOMAIN.com/account/ExternalLogin?returnUrl= and then "Tunnel to www.google.com:443, Tunnel to accounts.google.com:443". This works ok.
If I access it from the internet I see I'm making a request to http://MY_APPLICATION_NAME.MY_DOMAIN.com/account/ExternalLogin?returnUrl= and then another one to http://MY_APPLICATION_NAME.MY_DOMAIN.com/accounts/o8/ud?openid.claimed_id=http%3A%2F%2Fspecs.openid...(long url). This obviously gives a 404.
I might be wrong but I assume that this url is generated by the OAuthWebSecurity.RequestAuthentication(provider, returnUrl). What puzzles me is that it looks like it is requesting the authenticaton to my server instead of accounts.google.com.
My research so far has only brought to me posts/questions/etc. showing how easy it is to use SimpleMembership for external authentication and I can see everyone does it pretty much the same way.
Conclusion:
I believe this probably has something to do with something I must configure on web.config or IIS. I do know that the requests to my application arrive at my DNS server which does a url rewrite and forwards the request to my web server, although I don't know if this is related to the problem.
Does anyone have any idea of what might be wrong or ever had a similar issue? Any help would be appreciated.
EDIT:
I've looked into OpenAuthSecurityManager.cs's source code and although I can't debug it I see the problem might be related to an incorrect HttpContext inside the RequestAuthentication method, due to my reverse proxy settings on IIS?
I ended up with a request to change the IT infrastructure.
OpenAuthSecurityManager.cs was probably getting a wrong HttpContext instance because of the way the requests were being handled by the previous infrastructure (requests arrived at our DNS server and were forwarded to the web service, on a different server inside our network, with UrlRerwrite rules).
It's working now.
I have awebsite, lets just call it search, in one of my browserpages open. search has a form, which when submitted runs queries on a database to which I don't have direct access. The problem with search is that the interface is rather horrible (one cannot save the aforementioned queries etc.)
I've analyzed the request (with a proxy) which is send to the server via search and I am able to replicate it. The server even sends back the correct result, but the browser is not able to open it. (Same origin policy). Do you have any ideas on how I could tackle this problem?
The answer to your question is: you can't. At least not without using a proxy as suggested in the answer by Walter, and that would mean your web site visitors would have to knowingly login to your web site using their other web site's credentials (hmm doesn't sound good...)
The reason you can't do this is related to security, if you could run a script on the tab next to the one with the site open (which is what I'm guessing you want to do), you would be able to do a CSRF attack and get any data you wish and send it to hack.com
This is, of course, assuming that there has to be a login somewhere in the process, otherwise there's no reason for you to not be able to create a simple form which posts the required query and gets the info.
If you did have access to the mentioned website, you would be able to support cross domain xml using JSONP.
It is not possible to bypass the same origin policy in javascript (assuming that you want to do it with that considering your question). You need to set up a proxy server side that is doing the request for you and returns the html.
A simple way of doing this in PHP would be like this:
<?php
echo file_get_contents("http://searchdomainname.com" . "?" . http_build_query($_GET, '', '&'));
?>
I need to configure a rails app in a way that it does not leave the browser to save the historic addresses accessed my app. Can anyone help me?
You can't. There's no protocol, let alone one implemented by all popular browsers, that would allow such insecure behavior.
Users can choose things like Chrome's "Incognito Mode" or Safari's "Private Browsing" but you can't (and shouldn't be allowed to) force such a mode on the user.
this is fo debugging purpose, please take into account the following:
the user logs in to his/her account so manually fetching a url will not work - the screenshot must happen together when the user access his admin pages.
would love to receive guidelines specific for ruby on rails and heroku (i guess heroku is not much an issue i just dump the screenshot to s3).
so ideally like i mentioned in #1, when a user access a page, my app also takes a screenshot of the entire page and dumps it in a tmp folder.
can anyone point me how to handle that?
In order to get a screenshot of what the user is currently seeing, you have to have some code on the user's machine that uses the underlying operating system API to take the screenshot. The API calls involved are different for Windows, Mac OS X and Linux.
Ruby on Rails executes on the remote server and generates HTML and JavaScript etc. that is sent to the user's web browser. The HTML is rendered by the browser and the JavaScript executes within the browser's sandbox, where it has no direct access to the operating system API. The important point is that there is no direct interaction between the server-side code and the OS running on the user's computer. If this were possible then it would be a massive security hole.
Therefore it's not possible to do what you want programmatically unless you can first install a client-side program on the user's computer that can talk to your server-side code. It cannot be done using Ruby on Rails alone because it's a server-side web framework.
You can't do this without a user sending a screenshot themselves.
I am trying to access a share point site using the SP object model from a console application.
I am trying to do something like this..
SPSite site = new SPSite(sitePath)
//Operations go here
This works fine when the share point site and the console app are on the same machine.
However when the console app and the site are on different machines, I get an error "The Web application at "http://server/url" could not be found. Verify that you have typed the URL correctly. If the URL should be serving existing content, the system administrator may need to add a new request URL mapping to the intended application"
Here are the things that I have already done:
1) I have tried accessing the site via both IP address as well as machine name, assuming that it could be a DNS resolution issue.
2) Initially I impersonated using a farm admin account, still i could not access. Then I added myself as the farm admin, still no joy.
4) The site is accessible via IE. So it is not a permission issue I guess.
5) I have tried almost all the solutions suggested by various links obtained by googling the error message.
I am trying this on share point 2010. A similar issue occurs on 2007 also. Sometimes its kind of frustrating to do SharePoint development , since I get the feeling of stumbling from one error to the next, with no clue as to what could be wrong and the error messages not being helpful in the least :(
That is true because you can't run server object model on another machine. You can use client object model