Circumvent getImageData using Django - django

So I want to do pixel manipulation in my Django app, and I want the user to be able to provide links to their own image files. I already saw several solutions, including proxy servers, but I can't seem to get any of them to work, and most of them are specifically for JSON and not images.
The latest one I tried involves using the django corsheaders plugins that adds the cross origin resource sharing headers to responses, but I'm unsure as to what responses exactly are—I'm pretty new to servers.
In any case, this is the error I keep running into:
ImageEditor.js:509 Uncaught SecurityError: Failed to execute 'getImageData' on 'CanvasRenderingContext2D': The canvas has been tainted by cross-origin data.
I'm looking for some way to serve images from other domains onto my website and to manipulate their pixels.
Thanks in advance, and please, explain it as though I was someone who doesn't understand anything about servers. :D

Related

Getting 'TooBig' Memcachier exception on a Django Rest Framework response on Heroku

I have a Django site on Heroku, which uses Memcachier's free tier as a basic cache across the whole site. It works fine.
I've just started trying out Django Rest Framework to create a read-only JSON API, and that works fine too, except... one or more API URLs generate 'TooBig' exceptions from Memcachier, even though the response isn't very large (e.g. 20-30 KB):
MemcachedError:
TooBig
No exception message supplied
I'm puzzled as to why this is happening, given the small size, and not sure how to fix it. Maybe I've misunderstood something about how memcached works.
You should increase memcached limits.
See here:
https://django-cachalot.readthedocs.io/en/latest/limits.html#memcached
https://docs.oracle.com/cd/E17952_01/mysql-5.6-en/ha-memcached-cmdline-options.html

How to avoid the automatic loading of all files in order to separate loading for some routes(e.g. /admin)?

Meteor concatenates, minifies and compiles all html, css and javascript and sends them all to the client. But as I noticed, it's not useful for some cases.
For example, for most users we have app which works on myapp.com and another big part of app - admin dashboard works on myapp.com/admin. The size of admin part is compatible to the size of a main app part, but it's used only by hundreds of users or so. As a result most of the users load 2x size on client, half of which is useless and can't be used.
Does Meteor have solutions of this problem or maybe someone can suggest any hacks to solve it?
if you made your whole /admin/ section a separate package you could deploy two builds, with and without, and then route any clicks on "/admin/" URLs to "admin.APP.com/admin". both apps would of course need to talk to the same database.
Some people are using nginx proxy to decide what to serve, but this is not so much based on URLs as on some property of the userAgent, eg for mobile devices. this is nicer than having separate subdomains. the user doesn't see "admin.APP.com", the different backends are masked from them. But, you may not care so much about that. Having admin.* be explicit is a good thing.

wysiwyg for Heroku with Django and S3 static file hosting

I have a django app running on Heroku, with my static files hosted to Amazon s3 using boto and django-storages, as seems to be standard procedure on here.
Setting these up so far has been troublesome, and I would like to avoid future cross-domain hassle as I am considering to install a wysiwyg editor, to make a sort of FAQ where users can ask questions and post answers.
Is there a better package than django-tinymce? I have across a number of users who have had trouble with this, as js static files need to be served locally from heroku. I would prefer something lightweight, as this is for a basic purpose.
Any advice is much appreciated.
I use the Suit skin for Django admin, and one of the WYSIWYG options is something called Redactor. That's a quite nice-looking text editor that works well. It can sometimes produce a little garbage HTML but nothing too scary or malformed (just the odd empty div or span).
What you'll also probably want to do is use CloudFront to distribute your static and media files, and whitelist the Origin HTTP header. There are also some cross-domain rules you can add to your bucket.
My CORS (Cross-Origin Resource Sharing) settings are really bastardised form people who know more than I do, so if you want a clean approach I'd suggest checking the Amazon docs on the subject. They go through the details of setting all that up. This simpler guide might also help, as it just goes into the basic CORS settings.
But I've got that running and so far haven't come up against any cross-domain issues.
Hope that helps.

How to upload a movie file in Django?

I am sorry if this question is already posted somewhere.
I am very new to Django. I have been googling around for quite a long time for sample codes to upload large files using Django, but goes in vain.
Can anyone help me with some sample code for uploading large files in Django or provide relavant reliable link(s)?
Thanks in advance.
Django itself handles large files uploads quite well (the whole file is not loaded to memory since 1.0, see http://code.djangoproject.com/ticket/2070).
But django usually sits behind web server and there is often a limit over request body. So Web server config should be probably adjusted (if you are using apache, look at http://httpd.apache.org/docs/2.2/mod/core.html#limitrequestbody ).
There is this called django-video. I haven't tried it though. I have used django-basic-apps
which can handle video, music and image uploads.

Is someone trying to hack my Django website

I have a website that I built using Django. Using the settings.py file, I send myself error messages that are generated from the site, partly so that I can see if I made any errors.
From time to time I get rather strange errors, and they seem to mostly be around about the same area of the site (where I wrote a little tutorial trying to explain how I set up a Django Blog Engine).
The errors I'm getting all appear like something I could have done in a typo.
For example, these two errors are very close together. I never had an 'x' or 'post' as a variable on those pages.
'/blog_engine/page/step-10-sub-templates/{{+x.get_absolute_url+}}/'
'/blog_engine/page/step-10-sub-templates/{{+post.get_absolute_url+}}/'
The user agent is:
'HTTP_USER_AGENT': 'Mozilla/5.0 (compatible; Purebot/1.1; +http://www.puritysearch.net/)',
Which I take it is a scraper bot, but I can't figure out what they would be able to get with this kind of attack.
At the risk of sounding stupid, what should I do? Is it a hack attempt or are they simply trying to copy my site?
Edit: I'll follow the advice already given, but I'm really curios as to why someone would run a script like this. Are they just trying to copy. It isn't hitting admin pages or even any of the forms. It would seem like harmless (aside from potential plagiarism) attempts to dig in and find content?
From your USER_AGENT info it looks like this is a web spider from puritysearch.net.
I suggest you do is put a CAPTCHA code in you website. Program it to trigger when something tries to access 10 pages in 10 seconds (mostly no humans would do this or figure out a proper criteria to trigger your CAPTCHA).
Also, maintain robots.txt file which most crawlers honor. Mention your rules in robots.txt. You can say the crawlers to keep off certain busy sections of your site etc.
If the problem persists, you might want to contact that particular site's system admin & try to figure out what's going on.
This way you will not be completely blocking crawlers (which are needed for your website to become popular) and at the same time you are making sure that your users get fast experience on your site.
Project HoneyPot has this bot listed as a malicious one http://www.projecthoneypot.org/ip_174.133.177.66 (check the comments there) and what you should probably do is ban that IP and/or Agent.