I'm currently developing an application on Cloudant servers. I'm using Google Vis API library. The file "jsapi.js" is installed on the Cloudant server, I am not loading from the web, but it seems that Google is trying to load something externally. Is there a way to overcome this?
[blocked] The page at https://username.cloudant.com/web/_design/web/index.html ran insecure content from http://www.google.com/uds/?file=visualization&v=1.0&packages=corechart%2Ctable.
The jsapi.js file is for the Google loader, which pulls the Visualization API scripts from Google's servers. Locally hosting the API is forbidden according to the Terms of Service - you must access it live from Google.
Load the jsapi.js file like this to avoid the security problems:
<script type="text/javascript" src="//www.google.com/jsapi"></script>
Unfortunately offline access is not authorized/possible. You can vote here and spread the word so that Google does something for that - still do not understand why Google does not want to publish offline versions from time to time.
Related
The Current Situation
My Squarespace website uses client-side, custom JavaScript and JQuery injected into the Head section of a page as well as the Amazon Web Services Command Line Interface SDK. The custom JS, the JQuery and JS Libraries, and the SDK are loaded into the page Head each time the page is loaded.
That Is Objectionable
The SDK uses two predetermined, static, handshake credentials to connect to the AWS server. They are stored in a file, "credentials," in a hidden directory, .aws, created by the SDK when it first loads. At that point, however, they have no values.
The Situation Exposes Supposedly Secret AWS Login Credentials To A Potential Hack
Currently, it is necessary to set their values programmatically when the page loads by executing a CLI "updateConfig" command in the custom JS. The credential values are thus in a plain-text config file client-side.
As such, they are not so secret. Any site visitor who loads the page in his browser could use the browser's developer tools to view the source code and, potentially, discover the supposedly secret credentials thus compromising the security of the AWS account.
One Ought Not Put The Secret Credentials In Client-side JS
For that reason, AWS rather forcefully insists that one not put the credentials in client-side source code. The preferred method is to instantiate the SDK on the server-side and set the credentials one time only. Thereafter, the hidden .aws directory and the credentials file persist server-side at the root level of the website's Home Directory.
The Problem
So the problem is to load the SDK in the server-side Home Directory where it will persist over the site's lifetime.
The Question
The question is on a Squarespace website can one load the SDK server-side at the root level on the site's Home Directory. Can it be done in Developer Mode? How?
Unfortunately, Squarespace doesn't support the use of server-side/back-end code:
You can't add server-side code. Server-side code is handled by a server, not by a browser, and includes:
- PHP
- Ruby
- Ruby on Rails
- SQL
That would also include server-side JavaScript/Node. Because Squarespace only supports the front-end addition of HTML, CSS and Javascript within Code Injection, Code Blocks, and Developer Mode, you need to use front-end JavaScript in order to utilize third-party APIs (which is what you're doing currently).
Enabling Developer Mode only exposes template files for the site. Beyond the JSON-T templating engine, Developer Mode doesn't enable any sort of server-side logic or requests to take place. Therefore, it seems the answer to your question is no.
A potential alternative solution may be to use Google Apps Script or Google Cloud Functions instead, storing the credentials in the code there, and making a front-end request (via JavaScript on your website) to that endpoint in order to perform the handshake and get back the data you need.
I want build site using Sitecore(7.2) and also make it offline. Our requirement is not to use headless CMS. Is there any way to build or make it offline?
Internet websites cannot be delivered 'offline' without having all possible data delivered to the device so that it no longer needs to connect to the internet. This sounds less like a website, and more like an app that somebody would install?
If so, you probably DO need to look at headless and building an app that connects to the APIs for updates.
You might need to be more specific about the business use case because it seems contradictory to want to use a web application software that delivers web content, without using headless, and works without the web.
As already suggested that internet websites cannot work offline so either you have an app or intranet website.
Considering as an app you can consume sitecore OData apis for Content/Media however it will not work for Presentations and you have to implement your own mobile designs based on Xamarin or native.
For odata related information you can refer below link:
https://doc.sitecore.com/developers/90/sitecore-experience-manager/en/the-odata-item-service.html
Once you get the response from api, you can locally store it in your local db of app
HiI want users to be able to upload their own photos from the browser, but I read that it isn't safe to let them upload files to your server without many protections. I need a image hosting website that has an easy API for uploading photos (for free).
The only one I have found is Cloudinary, which is awesome, but following their tutorial didn't work. I guess the reason is it's outdated, and I'm using Django 1.10...
If there is a way of doing so, even without a special API, (by sending requests to some image hosting site) I would like to give it a try as well.
Thanks in advance!
If you are creating a non-commercial application, you might want to check out Imgur. Their API is free for open-source applications and non-commercial applications.
A note from their official API page: Each application can allow approximately 1,250 uploads per day or approximately 12,500 requests per day.
Is there a way I can leverage the Google APIs to get a report on Google Voice usage in my domain? We just turned it on and wanted to see if any of our users were using the service.
Google Voice is not a core service within Google Apps and does not fall under Google's SLA. There are also no official APIs that allow access to Google Voice data. There is however at least one unofficial Python library to interact with Google Voice programatically.
Hi Guys
I am trying to create a web app to share docs with all editor features (just like google docs).
My main requirements for this app are as follows:
1. Should have all editor features (can be done using open office api, google docs api, Microsoft office web apps api)
2. Should be shared between multiple users and can be edited by multiple users and other sync features (can be done using google docs api, Microsoft office web apps)
3. Can save the document created and edited on my own/ custom server addr. (Which api can support this??? I know open office can support this)
Guys can you please suggest me one api which can be used to do all the above. Also please suggest if I am underestimating any API above regarding any functionality that i thing is not supported.
Thanks
King
What you are asking for is so complex it takes a Google to make a "in progress" version!
Can't you just use Google API? Its is free. Your only issue would be logging users via OAuth, 1 simple API