I want hide the values passing through the URLs. Is there any settings in ColdFusion administrator for this?. I know that converting all GET method to POST will resolve the problem. Then what about CFLOCATION tag.
<CFLOCATION url="test.cfm?id=2654&code=59874">
how to hide the values in the above url.?
Certain methods include:
Convert the cflocation to a form post. This will hide the parameters in the URL, but as previously stated, the data will still be in the headers.
Use an iframe, and send all requests to the iframe. Similar to above, the parameters will be visible to those capable of finding them in a DOM explorer.
Encrypt/Decrypt the values on the before and after pages.
Related
I have project in Django with already written pages. I want to rewrite some of them and put html content using Ajax in Modal window from Twitter Bootstrap. These pages should be internal(access from browser should be forbidden). Is it possible in Django?
You can check request.is_ajax() in the view and send back a different template. I usually do this with passing in a different context variable for the base template that doesn't show any of the usual header, footer, etc. content.
I'm currently using out-of-the-box django.contrib.auth to handle authentication in my Django app. This means that the user starts at a log in page and is redirected to the app on successful login. I would like to make my app single-page, including this login process, where a redirect doesn't happen, but maybe a "hot" template switch-out or some fancy client-side div magic (that still remains secure). My Google searching turned up pretty short, the closest solution dealing with putting a log in form on every page.
Any direction or ideas here would be much appreciated. I would obviously prefer to work within the existing confines of django.contrib.auth if possible, but I'm open to all solutions.
I'm not sure I understand your question completely. I think you want to have a single page. If so, put logic in your template that checks to see if the user is authenticated. If not, display a login form that POSTS to the appropriate django.contrib.auth view. You can supply an argument to this view to have it redirect back to your page. When you come back, the user will be authenticated, so you won't display the login form.
Have a look at Django-Easy-Pjax https://pypi.python.org/pypi/django-easy-pjax - it works like a charm and is well documented. Everything you like is being made with AJAX requests: links, forms using GET and forms using POST.
Essentially you only need to add a data-pjax="#id_of_the_container_where_the_result_goes" attribute in your a and form tags.
And the great thing about it: It updates the title and location bar of your browser.
One caveat: If you want to upload files in some form, this is not supported by Easy-Pjax, so you might want to use some workaround jQuery library for that.
I am using django-allauth for one of my project. I would like to implement login/signup process via ajax. I would like to have customized signup form. I was going through their signupmixin and signup form. Sounds like I can write custom views for each action and map it to the url config. I am not sure what is the best way to do this.
Thank you so much for any help or advice on this.
It depends a bit on what you mean by ajax. If you just want to have a popup-style login/signup box on every page, then you can simply add the form to your base template and show it dynamically using Javascript in a popup box or so. If you keep the form action url to the original allauth urls then this will already give the feel of an ajax signin. You could also tweak things by using $.ajax or $.post to post to the original allauth views.
Something like the above is done on http://officecheese.com/ -- this is an allauth based site, though I am not affiliated with it.
If by ajax you mean that all authentication related views should be displayed via ajax, without causing a new document reload, then I am afraid you are a little bit out of luck. This simply is problematic for scenario's where e-mail verification, or OAuth handshakes are involed, as here you are typically navigating to a new URL from your mailbox, or redirecting to Twitter and so on.
Im working a newspaper, and I was wondering if its possible to display different categories from another Website, and display in my website. This site created by Joomla 2.5, I Hope someone understands this :)
Since your site is the Joomla one, you could either write a custom extension or more simply use the Jumi extension so you can write PHP code directly in the article or page on which you need to grab the content from the other site.
Then depending on what you know about the other site, there are different approaches. If it offers an API or RSS feed, you can use that to pull the content you need (and use PHP string functions for instance to modify it as you need). If the other site doesn't have an obvious way of offering content through a web service, try PHP curl, and again you can modify the content before displaying it. Check out this page too: How to parse actual HTML from page using CURL?
As Arunu said an iFrame could also work if you don't need to modify the other site's content.
What u wish to do can be accomplished using RSS feed or an i-frame.But from ur question
it's not clear which site is using joomla.
I've been working through an issue with my django project. The issue is I've got one project, which will retrieve data for users of different clients. I need to know 'from where' a viewer is coming from (request.path [my original solution]). I've been looking at a number of different options which sound close to what I want to do, but I'm not sure what the best option is, not having done this before.
My first option was to add a url in the urls.py with a 'tag' or 'keyword' then look for that tag/keyword in the request.path, which I'd add as a session key. Then go onto get the data.
Something else I started looking at was the sites framework. After reading through the documentation, I'm still confused how sites actually works, so I'm not sure if this is the right option.
Another solution talked about using middleware, this came up in connection with the research into using the sites framework.
And then yet another talked about doing this in apache.
Could some one help point me in the right direction?
Cheers,
T
If you need to know from which URL came your user to your currrent page you should check the REFERER http header, available in request.META.get('HTTP_REFERER').
See http://docs.djangoproject.com/en/1.2/ref/request-response/#ref-request-response for more informations.
Be careful though, the referer meta is not mandatory and could be missing due to private browsing or direct access to the page from the URL bar.
It's not completely clear from your question, but if you're asking for the URL that the user was on before coming to the current page, you probably want request.META['HTTP_REFERRER'].
Edit after comment
That would be a very bad idea. Global variables are not safe given that you potentially have multiple requests being processed at the same time. The referrer is already available from the request, which can be accessed in all views and templates, so I don't know what else a middleware would give you.