I have a cms, where am using laravel as web api, angularjs for requests.
I have an iframe where I call to services with a direct link and put it usig trusted src function.
The main problem is, I can not use a normal http post request and hide parameters, because using http request will return data, not file, and the report api returns in headers, an html file, pdf ... etc) so when i get result to the success of my http request, it won't download pdf file, it will show special chars
in the i frame am calling the api like this :
"localhost/api/getreportService/"+$scope.brandid+"&"+$scope.customerid"
but that's cannot be secure, is there any way to hide the request here from users?
ok, I found a solution, I called the api via http post request then I used $sce tustAsHtml for the response, with a ng-bind-html in my template and the result is good now, the report is showing in the div,
Now all is safe, the user needs a token to access the report, and that's impossible without a login.
Related
I would like to redirect from POST method to frontend page with HTTP status code 303.
Expected result is that browser after making POST request redirects to page specified in Location header.
Currently I am getting CORS failed error message and browser does not redirect to frontend page.
A redirect does not mean "Load this URL in the browser window". It means "You can get whatever you asked for here".
When you make an Ajax request using JavaScript, the response is provided to JavaScript.
If the response is a redirect, then the browser follows it automatically and provides the response to the redirect to JavaScript.
The URL you redirect to needs permission from CORS in order for the JavaScript to read the response.
Do not attempt to mix web services and regular page navigation
If you want to submit some data and load a new page: Use a form submission.
If you want to submit some data and handle the response with JS: Use Ajax.
I have a Java Spring REST back-end (#RestController) and using as security option Json Web Tokens(no session). At the front-end I want to use JavaScript (jQuery to send requests to back-end), Html.
So after login I save a JWT in browser and send it back in header with every request I make to #RestController.
My question is: How to navigate between pages (that are accessible only for authenticated users) from js? How #RestController will work in this case?
The #RestController handle the requests containing a path (the path of the request is not necessary to be the same with the path(URL) from front-end)
Solution (if you have a front-end server): When you try to reach a front-end URL you make a call to the server-side; if the response status is 200 the page can be displayed(with the body of the response if you send information); if the response is not you will stay on the home page, or you can redirect the user to login page...
Also check this : http://www.studytrails.com/frameworks/spring/spring-security-method-level/
In my application I need to open a pdf in a new window. I'm making a window.open call for that. Mine is an MVC application. The url for the window.open contains my controller name and action method so that it will hit the respective action method.
But due to some reason, when I run with http request, I'm able to open the pdf, which means my controller call returns 200. But in the case of https, my controller throws a 302. Is there any solution for this?
One more thing which I found out is, when I compose the https request in Fiddler by adding some request headers to it, my controller returns 200. But I'm not able to add the request headers in window.open. Is there any way to do this?
I cannot go for a server side coding here. I have to complete it in the js itself.
I have an API that I am able to authenticate against using the Postman client. Using Postman I am able to enter in my username and password into the header and receive back an access token.
I would like to accomplish the same authentication with a simple HTML page using Javascript. However, I am unsure how to craft the Javascript request and pass in my username and password as I did with Postman.
A password is normally considered private, if you include it in your javascript anyone can read it and fire requests off to the API as your user.
Additionally, the browsers same-origin policy - unless configured otherwise will stop you firing ajax requests to a domain other than the one the webpage was loaded from.
Instead you should create a proxy script in the server-side language of your choice hosted on your domain and fire your ajax requests off to this.
This script would do the relevant actions with the API keeping your credentials a secret and return the response.
Under the address bar of Postman there's a link that says "Generate Code" on previous versions it was a button with a </> symbol.
Clicking that link opens up a popup with a dropdownlist where Javascript is one option, this will generate the code to do the request.
Let me also add to the other answers that with jQuery you can do a get request with $.get(), and a post request with $.post(). But I would do what Vector suggests and generate the JavaScript with Postman.
You could do that with ajax call within a javascript file and you can aslo do with the xhttprequest .
example of ajax call:
$.ajax({
url : url, //URL
type : 'POST', // The HTTP Method
data : array,
contentType : 'application/json',
cache : false,
success : function (data) {
},
error : function (err) {
});
In this you can also add the Headers where u can your api access token
Given the url -
How can I make an AJAX GET query (on page load) to the url above and insert the content returned in to an empty div tag on an HTML page?
<div id="ajax-result"></div>
I have tried the .load method with jQuery but its not working
var url
jQuery(function($) {
$('#ajax-result').load('url');
});
any ideas?
Due to Same Origin Policy, you can't make ajax calls to a domain that is different to that of your code.
A possible solution is to proxy the request through a server side script on your domain. So you'd make an ajax call to your own domain, which would invoke a script to do the request to the other domain via server to server communication. The third party would give the response to your server side script, which in turn can pass the response on through the ajax response.
You can use this javascript library cross-domain-ajax:
https://github.com/padolsey/jQuery-Plugins/blob/master/cross-domain-ajax/jquery.xdomainajax.js
or as workaround ajax to own domain and pull the resources server-side