w3hello.com logo
Home PHP C# C++ Android Java Javascript Python IOS SQL HTML videos Categories
Is there a standard pattern for cross-site JSON requests?
I eventually opted for joining the two domains (since I owned both) and hosting both locally. With that being said, CORS, seemed to be the best way to go, but it is still new so your mileage may vary. Also, creating a proxy as per my 3rd suggestion was quite viable, but of course had caveats.

Categories : Jquery

Flash - How come I do not receive a security warning to allow cross-site requests?
The cross domain issues are specifically for data that your SWF is retrieving from other domains. So if you're sending data (via a HTTP POST/GET), then this is not a problem. Also, unless you're using the debug player, you won't see the security exception that occurs. There are also various things that will not trigger the exception: like downloading and displaying an image from another domain. However, if you then try to access the bitmap data of that image, you'll get the security exception (unless the crossdomain.xml permits it). So it can depend on what you're retrieving and what you're doing w/the data you fetch. If you're still curious, you should further explain what type of data you're retrieving and what you do with it. As usual, it's better to explain that with code than with

Categories : Actionscript

How do I delete cross site cookies with Firefox 22+ extension?
You can't access XPCOM from a content script. Use the port mechanism for communication between the content script and main.js, and do the cookie deletion from the latter.

Categories : Firefox

How to realize cross-domain security with iFrame custom website under the sharepoint website
It looks like there are no good news on that. Here is the best I could find: You can't use the advantage of SPContext. You can't even use the server object model because your application is in .net 4.0. For exemple, creating a new SPSite won't work. Only solutions : Call SharePoint WebServices from your ASP.NET MVC app Create WebServices hosted in SharePoint. (and call them from your app) source: http://sharepoint.stackexchange.com/questions/14986/integrating-asp-net-mvc-3-and-sharepoint

Categories : Asp Net Mvc

Show text block under an image block on clicking the image block
You want like this, check DEMO http://jsfiddle.net/yeyene/gNQVR/1/ JQUERY $('#imageDiv img').on('click', function(){ $(this).hide(); $(this).siblings('#textDiv').show(); }); $('#textDiv .close').on('click', function(){ $(this).parent('#textDiv').hide(); $(this).parent().siblings('img').show(); }); HTML <div id="imageDiv" > <img src="http://wallpaper-fullhd.com/wp-content/uploads/2013/03/at-the-beach-hd-wallpaper-1920x1200.jpg" class="close" width="200" height="200"> <div id="textDiv"> <a class="close">x</a> This is the text for the image. ...</div> </div>

Categories : Javascript

How do cross domain requests work in IE8?
I was also facing this issue(not sure about the target browser), but using the below code, I got it resolved.. Use this code before making cross domain request if (!jQuery.support.cors && window.XDomainRequest) { var httpRegEx = /^https?:///i; var getOrPostRegEx = /^get|post$/i; var sameSchemeRegEx = new RegExp('^' + location.protocol, 'i'); var xmlRegEx = //xml/i; // ajaxTransport exists in jQuery 1.5+ jQuery.ajaxTransport('text html xml json', function (options, userOptions, jqXHR) { // XDomainRequests must be: asynchronous, GET or POST methods, HTTP or HTTPS protocol, and same scheme as calling page if (options.crossDomain && options.async && getOrPostRegEx.test(options.type) && httpRegEx.test(userOptions.url) &am

Categories : Jquery

Ember App Requests to Rails App -- Cross Domain?
You dont say what platform you're running on, but the best solution for this kind of thing Ive found is tape https://github.com/metajack/tape This will allow you to set up a little reverse proxy - and map a url to your rails app, whilst serving your JS. Different ports, are considered different domains by the security sandbox, thus you will need a reverse proxy in place, if you are serving your ember, and rails separately.

Categories : Javascript

Cross domain requests not working in SignalR 2.0.0-rc1
Something is wrong with your client configuration. XMLHttpRequest cannot load =1377623738064">http://localhost:8080/negotiate?connectionData=%5B%7B%22name%22%3A%22chathub%22%7D%5D&clientProtocol=1.3&=1377623738064. Origin http://localhost:7176 is not allowed by Access-Control-Allow-Origin. The negotiate request should be made to http://localhost:8080/signalr/negotiate?... not http://localhost:8080/negotiate?.... To fix this you can try the following before you call $.connection.hub.start: $.connection.hub.url = http://localhost:8080/signalr;

Categories : C#

Can typeahead.js make cross domain requests?
Regarding your first issue, judging by your error message, you may not have implemented it correctly because typeahead is not executing a JSONP request. As of Typeahead.js v0.9.3 you can execute a JSONP request by passing 'jsonp' as the dataType, like this: $('.typeahead').typeahead({ name: 'jsonpExample', remote: { // ... dataType: 'jsonp' } }); You'll find that typeahead will now execute JSONP requests. UPDATE In answering your second issue. The author has targeted to support JSONP - and by and large it does work - but it doesn't work properly in some edge cases in the current version. For instance, if you need to trigger an JSONP request using a query other than "callback", you're going to be stuck. In this or a similar situation, you have two options: 1) Patch ty

Categories : Twitter

Cross Origin Requests in Snap Framework
You can set the appropriate headers using Snap's header manipulation functions.

Categories : Haskell

Cross server MySQL connection and requests
Keep in mind, when running a CPU intensive operation in Node the whole application blocks as it runs in a single thread. If you're going to run a CPU intensive operation in Node, make sure you spawn it off into a child process who's only job is to run the calculation and then return to the primary application. This will ensure your Node app is able to continue responding to income requests as the data is being processed. Now, onto your question. Having the database on a different server is extremely common and typically is a good practice to have. Where you can run into performance problems is if your database is in a different data center entirely. The further (physically) your database server is from your application server, the more latency there will be per request. If these request

Categories : PHP

Why can't I make cross origin requests to an API hosted in IIS?
IIS (including the one in your Azure web site) has a default OPTIONS handler. You will need to remove it in Web.config. It answers the OPTIONS call before your message handler has an opportunity to respond. <configuration> ... <system.webServer> <handlers> <remove name="OPTIONSVerbHandler" /> ... </handlers> </system.webServer> </configuration>

Categories : Asp Net Mvc

How jQuery handle cross domain requests errors?
It depends on the type of error. A parseerror may be catched(and will be catched )by jQuery when you use JSONP.(the documentation is not exact in this case) But network-errors may not be catched, because JSONP does not make use of XMLHttpRequest, and therefore will not receive any status-codes that may indicate an error.

Categories : Jquery

Issues with SignalR and Cross Domain requests in Chrome 27
EDIT: I've found two solutions for this now... Method 1. get rid of crap you probably don't need: As I found in this Stack Overflow question, basically nearly everything I had added in my listing of "things I've tried" above were unnecessary. Steps to fix: Remove everything I've listed that I've tried above. That means no custom headers specified at all in the Web.Config or elsewhere like the Global.asax, no custom jquery settings, etc. .. except for RouteTable.Routes.MapHubs(new HubConfiguration { EnableCrossDomain = true }); In the Application_Start. Also you still need to set the $.connection.hub.url = 'http://localhost:13370/signalr/hubs'; ... that's it. this is probably the best solution and the one I ended up using. Method 2. use jsonp if you're still having problems in Chro

Categories : Asp Net Mvc

Cross site calls without JSONP
The modern way to handle cross site requests is using CORS instead of JSONP, although you have to be aware about which browsers support CORS. You can use CORS with almost modern browsers (IE10, FF, Chrome, Safari, Opera), but not with IE9/8. With IE9/8 you can use another technique called XDomainRequest, but you must implement it via JSNI. The goal of using CORS vs JSONP is that in your server side you just add a filter and everything should work out-of-the-box (RPC, RF, etc). To use CORS in gwt, you can read this page in the gwtquery site where you have a filter example. In that page you also have useful info about jsonp, and how to use gwtquery ajax which simplifies the gwt RequestBuilder way.

Categories : Javascript

Cross Browser Discrepancies On Block
Your Quicktabs UL (Livescore, Handy Links, Latest Posts) isn't inside the <div id="search-breadcrumb"> div, it's way down inside your "content" divs. Browser would probably find it easier & more natural to position it up by the breadcrumb, if it actually was up by the breadcrumb. Structuring the page sensibly would almost certainly be a good starting point.

Categories : HTML

Disable cross domain web security in Firefox
The Chrome setting you refer to is to disable the same origin policy. This was covered in this thread also: Disable firefox same origin policy about:config -> security.fileuri.strict_origin_policy -> false

Categories : Security

Cross site, same domain cookie confusion
Check for null. You're getting an error because you are trying to read the Value property of a cookie that doesn't exist. You are probably seeing a NullReferenceException. @{ if (Request.Cookies["UserID"] != null) { <span>Cookie: @Request.Cookies["UserID"].Value</span> } } By the way, to set up your dev environment to share cookies with another environment, modify your hosts file and map a subdirectory of your domain: c:windowssystem32driversetchosts 127.0.0.1 dev.mydomain.com And add a binding to that domain in your local IIS. Now, when you browse to dev.mydomain.com, you will load your localhost site, but with the security restrictions of a sub domain, which means you can share cookies.

Categories : C#

preventing cross site request forgery in the url
A great example of the intended difference between $_POST and $_GET. $_GET should be for reading data, while $_POST should be used for acting upon it. Instead of a link, you could use a form with one submit button, and your token as a hidden input. You can even use CSS to style the button to look like a link if desired.

Categories : PHP

How to config WAMP apache server to allow cross domain requests of ajax?
You were on the right track. The only thing left to do now is to enable the headers module. This can be done as follows: click on the wamp icon in your systray go to Apache > Apache modules check the option 'headers_module' After you do this, wamp will restart and the configuration you put in your post will work

Categories : Apache

Cross-origin image load denied by Cross-Origin Resource Sharing policy
If you wish to load cross-origin images to a canvas, you need to either serve the image with cross-origin headers or under the same origin. That image under Facebook is served with the following header option set: Access-Control-Allow-Origin:* Meaning, it can be cross-origin loaded with the useCORS option. However, it would appear that your Host B isn't serving them with cross-origin headers set.

Categories : Javascript

cross browser inline-block alignment
You need to set the vertical-align property: .pb { background: #ddd; display: inline-block; margin: 4px; padding: 16px; vertical-align:top; } jsFiddle example

Categories : HTML

Cross-domain origin error with Firefox add-on in localhost?
XMLHttpRequest and by that $.ajax in content scripts are limited by the same-origin policy/CORS. You'll either have to implement CORS on your localhost. (Not quite sure if CORS actually works in panels with a local URI, though...) Or use the request module. Using the request module will require some message passing between the lib script and the content script. Or wait for the new permissions introduced in Firefox-24.

Categories : Jquery

Cross site request forgery (CSRF) mitigation
CSRF protection is not designed to prevent DOM parses or bots from getting the token and submitting a form. A CSRF is when a malicious site submits a form or request to the target site with the intention of changing some setting or performing an action on the logged in user's account. What happens is when the form is submitted, the user's cookies for the target site are sent with the request and so without a anti-CSRF token, the malicious site could affect the user's account or perform some action on the target site. There is no way for the malicious site to get the user's specific anti-CSRF token and so the attempt will fail.

Categories : PHP

Converting site to html5 and cross browser compatibility
The earlier versions won't recognise any of the new elements should you use them (which of course you don't have to). But you can make these versions of IE recognise these elements by simply adding the html5shiv script. As for the first question, if you want to use HTML5 then go ahead and perhaps make it IE compatible as you go along.

Categories : HTML

How to prevent cross site script attacks using javascript
If that's all they needed in order to inject code then your grid must be using 'eval' - unless you comfortably accomodate only arithemetic expressions and cell references in your grid (and have the capability to implement this filtering) then you can't really solve the problem.

Categories : Javascript

Cross scripting attack by appending link url in our web site
xss is most often caused by allowing raw content (such as user-entered html, containing <script> blocks) to be rendered directly (not escaped or sanitized) to the client. Simply: don't allow that. Find whatever is either: rendering the content without escaping it, or allowing in input intended to be displayed as-is (html, etc) without sanitizing it and fix that. In the case of ASP.NET aspx, make sure you use <%: rather than <%= (unless you know the content is clean and intended to be written raw) - as that does an html-encode if appropriate. In cshtml (razor), @ does an encode by default anyway.

Categories : Dotnet

How to block IPs for POST requests, but not GET?
Change the order of allow deny like this: <Limit POST PUT DELETE> order allow,deny allow from all deny from 210.5.214.128/29 deny from 210.89.69.160/28 # Hundreds more lines... # My current IP (sample provided here, actual used in reality), to test deny from 100.100.100.100 </Limit> <Limit GET HEAD> order deny,allow allow from all </Limit>

Categories : Apache

ChromeFrame ignoring X-UA-Compatible header in cross-site navigation
Chrome Frame has been discontinued. Your best bet is to switch to Chrome's Legacy Browser Support, which silently switches the user's browser depending on the site being visited. Edit From the documentation Chrome Frame as a closed container GCF sends all top level navigation to Internet Explorer. This is to allow content to load other links in the host browser. This feature can be turned off by adding a DWORD value HandleTopLevelRequests=0 under HKCUSoftwareGoogleChromeFrame. In this case all the subsequent top level navigations will remain inside Chrome Frame whether they have a meta tag or not. So to break out of CF, you must either set target="_top" on the link or open the link with a popup window--this as long as the registry key HandleTopLevelRequests is set

Categories : Dotnet

Django block repeated requests
To stop broken emails, add the url you wish to ignore to your IGNORABLE_404_URLS setting. See the Django error reporting docs for more info.

Categories : Django

preventing cross site request forgery using cookie generated using javascript
I think what you are looking for is the following CSRF in PHP Please go through other parts of the website for complete details.

Categories : Javascript

MySQL how to properly deal with rows containing code/cross-site-scripting?
you can use htmlspecialchars to convert all the html tags syntax to respective entities. this will cause the literal value of <script>alert('name');</script> to be displayed rather than being interpreted as a script block

Categories : PHP

Cross domain session sharing does not work until site visited in browser
I believe I have found what is causing this issue. Because both domains are served by separate instance they have unique PHP environments running. My code is currently using the native PHP session - so when the cookie is sent to the second server it gets the ID to which no data is allocated. It's only by visiting the site manually that triggers the allocation of data as it automatically runs through the authentication and authorisation procedure. I am going to switch to using database session in Kohana. Both instances point to the same DB so this should resolve the issue. I'll post back here to confirm.

Categories : PHP

Why does my site look different on Firefox vs every other browser
You're missing box-sizing: border-box; for the other browsers - you only have the -moz prefix defined for the below selectors: a.med-block, a.small-block, a.big-block { -moz-box-sizing: border-box; box-sizing: border-box; color: #FFFFFF; display: block; float:left; overflow:hidden; text-decoration: none; transition: background-color 250ms ease-out 0s; }

Categories : CSS

How to make Clang to ignore specific warning in specific block?
First of all, be aware that: std::numeric_limits<float>::min() will return zero, as std::numeric_limits<T>::min() returns smallest non positive number for integer types, smallest non negative number for floating point type Minimum negative number for a floating point type is: -std::numeric_limits<T>::max() I think you have to combine different numeric_limits methods/members (like is_integer and is_signed) and if statements, also to get rid of your warnings. (From the efficiency point of view) You do not have to worry of getting a too complicated function, as most of the checks will be evaluated at compile time and will have no influence on the execution time. In fact, if you can avoid some unnecessary checks at running time because of some checks done at compile

Categories : C++

JSON Proxy: Perform cross-domain web service requests from a single-page HTML app as ubiquitously as possible?
In case anyone searches this, I have offered my app with the following workarounds: A small node.js Proxy: Approx 10 lines of code and I have a standalone proxy to get around CORS A Chrome Extension: Extensions can make CORS requests. Flash Object (Not Tried): Flash Objects can make CORS requests, or so I read A firefox extension: Same as the chrome situation Instructions on how to have the remote services enable CORS.

Categories : Json

Is there csf setting to block ip that require certain amount of requests?
You can set PORTFLOOD in the server. Try this and make changes in your csf.conf file By dafualt PORTFLOOD = "" Change that to PORTFLOOD = "80;tcp;20;5" This means that if an IP is making 20 connections to port 80 in 5 seconds, Then csf will block that IP for at least 5 second after the last connection seen. There will be a mandatory 5 second block before the block is lifted.

Categories : Misc

firefox addon sdk - setting an SSL certificate for https requests
Unfortunately there is no direct way to verify a cert manually and continue with the request. Instead you need to add an override on error yourself and retry. Attempt to make a regular XMLHttpRequest via nsIXMLHttpRequest. There is enough code and samples around on SO and Google describing how to do it. The requests module won't do, as it hides some necessary details. Implement nsIBadCertListener2 and stuff it into req.channel.notificationCallbacks (might want to preserve the original callbacks). If your .notifyCertProblem() get called, that means the cert did not verify. Now it's up to you to verify the cert with your seeded fingerprint (and serial). If your seeded infos match, add a cert override (that won't work for STS hosts, of course) Re-spin the request after adding the override,

Categories : Javascript

node.js http.get hangs after 5 requests to remote site
Here's the reason of the "exactly 5": https://nodejs.org/docs/v0.10.36/api/http.html#http_agent_maxsockets Internally, the http module uses an agent class to manage HTTP requests. That agent will, by default, allow for a maximum of 5 open connections to the same HTTP server. In your code, you don't consume the actual response sent by Google. So the agent assumes that you're not done with the request, and will keep the connection open. And so after 5 requests, the agent won't allow you to create a new connection anymore and will start waiting for any of the existing connections to complete. The obvious solution would be to just consume the data: http.get("http://www.google.com", function(r){ r.on('data', function() { /* do nothing */ }); ... }); If you run into the problem that yo

Categories : Node Js

Firefox and IE fail again Help make my code cross browser? JQuery Auto scroll
Scroll the HTML element as well: $('html, body') .animate({scrollTop:3000},20000) .animate({scrollTop:0},2000,updown); and also $('html, body').stop(true); on the button. Updated fiddle: http://jsfiddle.net/CsqGr/5/ (Also note I changed the jquery to edge, as there is a bug in 1.10.1 that causes problems with IE 10).

Categories : Javascript



© Copyright 2017 w3hello.com Publishing Limited. All rights reserved.