I have a problem that I got stuck how to receive POST data in angularjs sending from PHP? Let me explain in detail. My project url is http://test.com/callback and other party will use FORM POST to my callback URL. I want to display all FORM POST data inside that callback controller. Please let me know how to do it. Thanks.
To answer you question you must understand these two concepts:
Web server: (PHP, Node, Apache, etc): the server hosting your page
receives HTTP requests
sends HTTP responses
Web agent: (Chrome, IE, FF, curl, etc) displaying/requesting your page
sends HTTP requests
receives HTTP responses
And find out things does not work the way you want.
Related
I have an online form to collect user's information.
In this form, I would like to make a call to NetSuite to get data.
I built a call to RESTlet with 'Authorization' on header, test this script by using postman and it works correctly
However when I do same thing on Online form (client script, call https.get() to RESTlet with valid header contain 'Authorization') It's return error "error code: INVALID_LOGIN_ATTEMPT" (none-sense error). I take 2 days to research why it's happening and found the issue is cross domain (i tried to call to RESTlet by using $.ajax and find issue).
Now, I would like to know how to pass "cross domain" issue while calling from online form.
What is best solution to call to NetSuite to get data from online form?
Thanks
Even if you were able to get around the CORS restriction, if call a Restlet from client side code that is a massive security problem because you are exposing your authorization token to end users.
A good approach is to "proxy" your Restlet using middleware such as a serverless function (like a Google Cloud Function, AWS Lambda etc.). This will solve both the CORS issue and keeping your credentials secure.
My website returns a JSON string contains database result when you call the URL through ajax. It's actually public. I mean everybody can send an ajax request to my website and simply get the result neatly (currently my website acts like a free API).
Now all I'm trying to do is authenticating all requests and just response the known ones. So I think I need to pass a token with along each request for identification.
My question: How should I make that token (that no one else can)? And how should I identify that token on server side?
If your "website" and the "app" that calls your website reside on the same domain. Then this can be done server side.
First CORS will stop any java-script app from replicating your client code on another server and calling, or the lack of.
Second. On your server just check that all incoming calls are from the same HOST or the host you want to permit. This would reject any calls that did not originate from the same domain - which you control.
I don't know what language you are using so i can't post code.
I suggest you use jwt to authorize. U can achieve this by requiring that a user log in first and respond with a token on successful request. This token will then be used for subsequent requests
I have a Meteor application I would like to let users retrieve data from via an ajax request. Currently if I send the ajax request it returns the HTML.
I understand I might have to do something with the headers but I can't quite figure out what given the flood of javascript, json, ajax search results that diminish the results of what I am looking for.
I am also curious how Meteor would even handle this since it is a one page application with dynamic headers which I am not sure I have control over.
So basically I need a client from cross origin to ping myurl.com/?myQuery=yadada and get back some data
I have a WCF web service hosted on Azure as a cloud service. I am trying to send a POST SOAP request from an HTML/JS web application it appears I cannot POST a SOAP envelope across domains. I have tried a variety of POST techniques with no avail. Has anybody experienced this before and/or is aware of a work around?
Any help would be appreciated.
Cheers
No, this is not possible, as per AJAX cross-domain requests cannot be made unless the server says " I'm ready to accept".
Normally, when you make a cross domain request an OPTIONS request is made to the server, to check what all methods and options are given allowed at the server. The server responds with a set of headers which says further communication can be made or not.
So, if you want to do a cross domain AJAX POST/GET, you can do it provided either of the following is possible
-> Server says "I am ready to accept" for your client request - which normally does not happen
-> Use a proxy server in your layer, to forward the request to target server, and revert back the response.
For more info, you can scroll on MDN forums or CORS facts.
I would like to make a bookmarklet that users can add to click on while browsing websites. Clicking the bookmarklet grabs some page content and sends it to myserverapi.com
myserverapi.com then sends a reply back to the bookmarklet, which then displays the results to the user (without taking them away from the page they clicked the bookmarklet in). The user confirms something, and then data is once more sent back to myserverapi.com
Is this possible?
I am aware of JSONP but to my knowledge it only works for retrieving data: I was wondering if information can be somehow encoded and sent to the server in a back-and-forth manner.
Thanks!
ah, in this usage case CORS works because I have control of the server.
I can't think of a scenario in which back and forth is required to send data to a possibly "un-willing" server anyway, only the other way around.
So if you have CORS, why not just post that data to the server? see:
How to get a cross-origin resource sharing (CORS) post request working
This question is answered, but here is answer in case you can't use CORS:
I am aware of JSONP but to my knowledge it only works for retrieving data: I was wondering if information can be somehow encoded and sent to the server in a back-and-forth manner.
You were so close, the answer was right in your grasp.
You SEND data to the server in one of two ways:
1.) The most simple way is with GET. Your JSONP script can be like server/jsonp.php?data=antyhing+you+want. So this is basically the same way as using AJAX communication with the same domain, but instead of using XMLHttpRequest to perform the GET, you are appending a script.
2.) If the data to send exceeds what GET can handle, you can POST the data using a form and an iFrame. One of the form variables should contain a unique ID for that POST to use as a key. Since the POST can not return any data, yo must use the GET method to get the response which corresponds to that key. Because the POST is asynchronous, your GET should poll the server until the server responds with success, which dependent on the server having received a POST with the corresponding key.