How to include another SAP Cloud project resource into deployed SAPUI5 app? - javascript

I created several SAPUI5 web applications in Eclipse that have been deployed to a SAP NetWeaver PO 7.5 Application Server.
All these applications use generic components of a "common" project. I just made them available via the html header with this bootstrapping script-tag:
<!-- Bootstrapping UI5 -->
<script id="sap-ui-bootstrap"
src="/sapui5/resources/sap-ui-cachebuster/sap-ui-core.js"
data-sap-ui-libs="sap.m"
data-sap-ui-theme="path.to.custom.theme"
data-sap-ui-compatVersion="edge"
data-sap-ui-resourceroots='{"com.namespace.ui.specificapp": ".", "com.namespace.ui.common" :"/com.namespace~ui~common~web"}'
data-sap-ui-frameOptions="trusted"
data-sap-ui-appCacheBuster = "./,/com.namespace~ui~common~web/" >
</script>
This worked fine until I tiered to transfer these applications to SAP Cloud.
I imported the projects to WebIDE and first thing I discovered was that data-sap-ui-resourceroots attribute doesn't work anymore because application cannot find the components from the common project. So I deployed the common application to SAP Cloud and inserted the corresponding URL in the bootstrapping script-tag of the index.html like this:
<script id="sap-ui-bootstrap"
src="/sapui5/resources/sap-ui-cachebuster/sap-ui-core.js"
data-sap-ui-libs="sap.m"
data-sap-ui-theme="path.to.custom.theme"
data-sap-ui-compatVersion="edge"
data-sap-ui-resourceroots='{"com.namespace.ui.specificapp": ".", "com.namespace.ui.common" :"/https://common-aXXXXXXXX.dispatcher.hana.ondemand.com/"}'
data-sap-ui-frameOptions="trusted"
data-sap-ui-appCacheBuster = "./,/com.namespace~ui~common~web/" >
This allows browser to find the JS-files from the common project, but leads to this error:
Note: Your browser does not support JavaScript or it is turned off. Press the button to proceed.
This is message is thrown by the https://common-aXXXXXXXX.dispatcher.hana.ondemand.com/ host.
Analysing the HTTP request I see that the parameter Accept:text/plain, */*; q=0.01 is set.
I don't know why SAPUI5 is requesting plain text or where I can change this behavior. Does anyone know how to tranfer this application structure to the SAP Cloud?

The answer is pretty easy: The server blocks requests to other origins to prevent CSRF attacks. In the on premise solution all source files come from the same origin: the own server. In the SAP Cloud each application is deployed standalone with its own URL. Therefore the browser doesn't accept JavaScript files from other projects. The solution to access these files is to add the URL of the common project to the destinations in the SAP Cloud Cockpit.
FYI: Including the URL in the destinations enables you to use a relative URL for referring to external JavaScript files, so that they aren't blocked by the browser.

Related

Executing Python via Pyodide in Github Pages

Is there any way I can run python in github pages? Specifically through Pyodide because I am using pandas. I know github pages is only meant to serve static pages using HTML/CSS/JS but I was wondering if there is a workaround with pyodide given that it is compiled in Javascript.
I am trying to build a small web application which has a username entry box that once submitted, calls some data from an API, processes in pandas and displays some visualizations (either using a JS library like Chart.js or Zingcharts, or otherwise matplotlib / seaborn)
WebAssembly is run client side, so you can make a Pyodide application hosted on Github Pages (or any other hosting for static assets).
For downloading Pyodide packages/dependencies, the easiest is to use the JsDelivr CDN (cf pyodide docs), but you can also host them on Github pages if you prefer. The corresponding asset size should be within allowed usage limits.

Running Angular app in IOS app Webview

I have a requirement where we have to run website in iOS app Webview by keeping website source files in locally inside iOS app. Angular need server to run the application but as we are keeping files locally we can't run the server inside iOS application (assuming). Is there any way to run the Angular application inside IOS app by keeping website files locally?
App flow: (expectation)
User opens iOS application - iOS internally opens webview with index.html file
You need to think of this comparing it with if you were testing the web pages on your development PC. When testing on your dev PC, all your web references point to your local machine. What you are attempting to do is basically the same.
Assuming that you load all your resources within the index.html page, all those references will need to be pointed to local resources on your iOS. For example:
<link rel="stylesheet" href="css/style.css">
<script src="public/angular.js"></script>
<script src="app/a_module.js"></script>
Angular.js does not need a server to run, just the angular.js file. You will need to make local copies of any code that your web app references remotely, like angular.js.
By setting the correct source references for accessing all the files via your iOS repository locally, you will have your embedded app.
BUT this does assume that your angular file web pages are currently being served as static pages by the server, and the server is NOT dynamically generating or modifying them.
(What would need to be retrieved remotely, would be changing database information that is stored on your servers, for which Angular apps commonly implement REST apis to retrieve & update. These apis can still be used the same in your iOS web view app.)

What are the security implications of using sandboxed mode and loading scripts from a trusted source?

We are building a chrome web app that connects to a remote server. The remote server will be serving custom javascript files that are stored in the database. These files will be injected into code for working.
To be specific we are using ReactJS framework and we are injecting custom React components into this application based on the given route.
The chrome app with a sandboxed window works normally. However, I am trying to figure out the security implications of using a sandboxed app that connects to a remote server. What kind of security problems can this approach create?
I also want to know if there is a way to make that chrome app only loads JS files that are coming from a specific IP address. In extensions it is possible but I haven't been able to find anything for chrome packaged apps.

Apache Cordova load external website with exclusive app feature

I have a requirement where I need to migrate a website into an Apache Cordova app with minimal effort. I also need to add an extra feature that is not doable without native permissions.
The existing website contains enormous JSP content. As given here, I cannot use JSP files with Cordova. So, I'm thinking of loading (redirecting to) that website into the app. For the extra feature, I would need a two way communication between the website & the app.
I have done that previously between a native app and locally embedded HTML pages. But since the website is not locally hosted, Is the communication still possible ?

Running separate ASP.NET projects on the same port

I have an ASP.NET MVC project that encompasses the bulk of a web application as well as a web API that is consumed by client-side code. The API component is beginning to sprawl and I would like to separate the API and MVC app into two projects. (MyAppMVC and MyAppAPI). However I am unsure how to get the MVC app to play nicely with the API when they are not part of one project.
Right now I have an API controller MyAPIController that answers POST and GET requests sent from client-side JavaScript to /api/MyAPI. When both the JS and API live under the same project, I run the solution from Visual Studio and hit the API with no issues.
However, when they run in different projects, this no longer cooperates. To avoid violating cross-domain security, the JS must be hitting the API within the same domain / port. However Visual Studio runs my API and MVC application on different ports, and attempting to hit the API from the Javascript file living inside the MVC file causes same-origin errors.
Is there any way to have these two different but complementary projects running on the same domain / port? For organization and modularity I would really like to be able to separate my web application into multiple projects rather than lumping them into a single massive one.
I can suggest this way
Create application for api in IIS
Create application for MVC application in IIS
Enable cross domain request in API
<system.webServer>
<httpProtocol>
<customHeaders>
<add name="access-control-allow-headers" value="content-type" />
<add name="Access-Control-Allow-Origin" value="*" />
</customHeaders>
</httpProtocol>
<system.webServer>
In both projects use custom web server for debugging
VS 2012 it is: Right click on web project -> Web -> Select "Use custom web server" and provide the url of the project, it will be like localhost/api, localhost/mvc_client
From that moment your projects will have
Same address in debug mode or when you are browsing to the project without debugging.
Api project will allow cross domain requests.
Client will able to send request to the API cause it allows cross domain requests.
And you will able to debug the projects.
If you will do it, validate that you can brows to the projects before to run debug. You may have some problems like "access to the path denied" and so on.
So my fix, without using CORS ended up being to just give up on using IISExpress and create two separate applications under Local IIS, each with their own path, but both living under default web site (localhost) at port 80. That way I was able to reach http://localhost/MyAppUI and then make calls from MyAppUI to http://localhost/MyAppAPI/api without dealing with any cross-domain issues.
Go to Project Properties in Visual Studio and then go to Web, under servers change the project url to a different port number and Create Virtual Directory.

Categories