I want to upload a video from an HTML form directly to Brightcove. We run Coldfusion 9 on our servers.
I can find instructions on uploading the video to my local server like this:
<cffile action="upload" nameconflict="makeunique" filefield="form.video_file" destination="#upload_path#" result="uploaded_file">
... and instructions on uploading a video from my local server to Brightcove like this:
<cfhttp url="#variables.apiBaseUrl#" method="post" timeout="#variables.timeout#" result="resultVar" multipart="true">
<cfhttpparam type="formfield" name="json" VALUE = "#arguments.jsonArgs#">
<cfhttpparam type="file" name="#getFileFromPath(arguments.filename)#" file="#arguments.filename#"/>
</cfhttp>
But not from the HTML form directly to Brightcove.
Is this possible?
Thanks!
Nick
There are examples of how to upload directly from the browser to Brightcove in their JavaScript Media API Examples.
But, as the documentation notes, what you want to accomplish is not recommended for a few reasons:
Some browsers such as IE9 will prompt you to download the response rather than show it in the form because the browser doesn't know what to do with the mime type.
It's not good practice to expose an API token on the form, as noted in the examples' source code.
Client-side Media API calls are not recommended as a UGC upload solution because of the lack of security.
If you're finding that the process for uploading to your server then to Brightcove is taking too long, you'll probably want to build a queue system.
The user waits on the browser to upload to your server.
Your server stores the file somewhere temporarily and adds a task to a database table storing queued tasks.
The user sees that the video is "pending" while it's still enqueued.
A scheduled task periodically checks the queue table and uploads the tasks one at a time. Once a task is done, it updates the video to be "ready."
The user sees that the video is ready.
Related
I created a flask web application that only runs locally and is used to fill out forms. When the form is filled out, it automatically records it in an excel file and sends emails. Since the application stays on 24/7, I was wondering how the web browser's cache could crash my program? I did not write code anywhere stating to use the browser's cache, but I am worrying that this could be something I need to think about as I am finding that it affected people who had created web apps previously. So I was wondering how caching in my situation could crash my program? Users simply type their name and fill out responses to questions.
I have placed the following code in my routes.py but I still see the browser saving user names so I don't think it cleared the cache:
#app.after_request
def add_header(r):
"""
Add headers to both force latest IE rendering engine or Chrome Frame,
and also to cache the rendered page for 10 minutes.
"""
r.headers["Cache-Control"] = "no-cache, no-store, must-revalidate"
r.headers["Pragma"] = "no-cache"
r.headers["Expires"] = "0"
r.headers['Cache-Control'] = 'public, max-age=0'
return r
If you don't specify cache in your flask app or in the server configuration, there won't be any cache handled by the server.
But it can be done automatically by the client-side. If there is an autosuggestion on the input, this is done by the browser.
You can disable it directly on the input with autocomplete="off"
<input type="email" id="email" name="email" autocomplete="off"/>
Can I use ColdFusion tags in JavaScript? For example:
<script language="javascript" type="text/javascript">
function validateUser() {
var userName = document.getElementById("username");
<CFQUERY DATASOURCE="mydatasourcename" NAME="getUser">
select USER_ID,COUNT(*) from user u
where u.firstname=userName;
</CFQUERY>
<cfif getUser.recordCount EQ 0>
<!--- Show eroor message --->
<cfelse>
<!--- Assign userId to hidden field --->
document.getElementById("userid").value=#USER_ID#
</cfif>
}
</script>
<input type='textbox' name='username' id='username' onblur=validateUser()/>
<input type='hidden' name='userid' id='userid'/>
When the end user enters their username, I would like to check in a database if this username exists or not. If it exists, I have to keep the userid in the hiddenfield or else throw an error.
Am I doing this correctly? If it is wrong, could you suggest the correct way?
Long version: http://blog.adamcameron.me/2012/10/the-coldfusion-requestresponse-process.html
Short version: no, you're not doing it right.
Mid-sized StackOverflow-friendly version: CFML code runs on the server side of a request; JavaScript runs on the client browser. And to be clear: the ColdFusion server never communicates with the browser directly at all: there's a web server in between. The client browser requests a file, the web server is configured to pass .cfm requests to the ColdFusion server, and it runs its code, returning the resulting string (eg: an HTML web page) to the web server which then returns that to the browser. That HTML might include JavaScript (inline or as external requests) which the browser will then execute.
Hopefully from that you can see that there's no direct interaction between server-side code and client-side code.
You have two facilities at your disposal to get the two communicating asynchronously though. Firstly: CFML code writes out text, but that text can be JS which the browser then runs when it finally receives it. Something like:
<cfset msg ="G'day world">
<script>alert("<cfoutput>#msg#</cfoutput>");</script>
Once the CFML server has processed that, what gets sent back to the browser is:
<script>alert("G'day world");</script>
In this way server-side code data can be used in client-side process if the server-side code "writes out" the data as part of its response. The example above is very trivial and not a "good practice" way of going about this, but it demonstrates the technique.
If you need to use JS code on the client to communicate back with the server, your only (real) recourse is to make an AJAX request back to the server to pass it client-side information for further server-side processing and for the server to respond with something. It is outwith the scope of your question to explain how best to do this, but there is a tonne of information out there to do this.
CFML provides some "wizards" to write HTML and JS out for you to facilitate this, but on the whole this is a bad approach to achieving this end, so I will not recommend it. However I will point you to a project which offers HTML/JS/CSS solutions to the inbuilt CFML wizardry: https://github.com/cfjedimaster/ColdFusion-UI-the-Right-Way
Back to the short answer: no, you cannot do what you are setting out to do for very good reasons, but if you revise your approach, you can achieve the ends that you want.
What you need to look at is passing the form fields back to the server via AJAX (jQuery makes this very easy), and run your <cfquery> code in a separate request.
If you read that blog article I mention from the outset (discloure: I wrote it, but I wrote it specifically for situations like this), then you'll understand why.
If you get stuck when working on part of your solution: raise another question more focused on whatever part you are stuck on.
I'm working on a web app that is ran nightly to retrieve a large XML file from another server. We're using ColdFusion MX7. We run a CFHTTP GET with username, pass, and url. Then we write the field with a cffileaction write to our temp location. So that it can be parsed and sorted into a database. There are a few CFHTTP calls on the page cut one of them is failing. In the CFCatch I have the system email me the catch type and the message and I'm getting this.
COM.Allaire.ColdFusion.HTTPFailure
Connection Failure: Status code unavailable
This the call an write action as is (the credentials are right):
<cfhttp method="GET"
username="#uname#"
password="#pw#"
url="#url#"
resolveurl="yes"
throwonerror="yes">
</cfhttp>
<cffile action="write" file="#getdirectoryfrompath(GetCurrentTemplatePath())#\XML_FileName.xml" output="#cfhttp.fileContent#">
Is anyone familiar with his error?
As it turns out we were getting the Cert from the other groups 'test' server and then trying to using to get things from their production server. So Peter was right! If you run into this problem check out these links:
CFHTTP Over SSL
http://www.houseoffusion.com/groups/cf-talk/thread.cfm/threadid:48687
I am testing consuming a web-service and I'm getting an error.
Here is the web-service component:
<cfcomponent >
<cffunction name="listBooks" access="remote" returntype="string" output="no" >
<cfquery name="getBooks" datasource="cfbookclub" >
SELECT bookID, title, bookDescription, genre
FROM books
ORDER BY title desc
</cfquery>
<cfsavecontent variable="bookList" >
<books>
<cfoutput query="getBooks" >
<book id="#getBooks.bookID#" >
<title>#XMLFormat( getBooks.title )#</title>
<description>#XMLFormat( getBooks.bookDescription )#</description>
<genre>#XMLFormat( getBooks.genre )#</genre>
</book>
</cfoutput>
</books>
</cfsavecontent>
<cfreturn bookList >
</cffunction>
Here is the consuming page:
<cfinvoke
webservice="http://127.0.0.1/books.cfc?wsdl"
method="listBooks"
returnvariable="rawXMLBookList" >
</cfinvoke>
Seems simple enough - I was actually trying to pass an argument "genre" when I got the initial error,
Web service parameter name category cannot be found in the provided parameters {genre}.
So I removed all reference to arguments, and STILL get this error
Web service operation with parameters {} cannot be found.
The error makes it sound like the web-service cannot be found, however if I cut and paste the url into my browser I get the expected XML doc...
There was another post like this on this site, but the problem was a base64 issue, I'm just returning txt so I don't think it's a similar problem, even through the error msg is similar.
Try adding the refreshWSDL argument to your <cfinvoke> call and see if that helps.
<cfinvoke
webservice="http://127.0.0.1/books.cfc?wsdl"
method="listBooks"
refreshwsdl="yes"
returnvariable="rawXMLBookList">
</cfinvoke>
Setting refreshwsdl="yes" reloads the WSDL file and regenerates the artifacts used to consume the web service.
Note you do not want to keep this setting for all of your requests. You just need to set it for one request to refresh the artifacts. Then you should change it back to refreshwsdl="no". Until you need it again.
Here is an excerpt from Charlie Arehart's Blog about the refreshWSDL argument:
Why should you have to refresh the web service metadata?
Just to back up for a moment, the problem stems from CF's attempt to help. On the first request for a given web service, CF does some caching to make future requests go faster, not caching the results of the web service method but rather the artifacts used by CF based on the description of the web service itself.
CF uses the web service description (WSDL) reported at the time of that first call to create a java proxy/stub based on that, which it then reuses on future calls from CF to that web service.
The issue arises if/when the web service metadata changes. CF won't know, and will continue to use the older cached proxy/stub, and your long-running code may fail if it doesn't match the new WSDL returned by the web service.
So we need a way to tell CF to refresh its cache of that proxy stub.
This new feature is certainly the easiest way to make that happen, but it's not the only way.
I'm building a flash game that uses Django as a backend.
I currently have an api endpoint set up using django-tastypie, which the flash app can call to receive JSON data for populating the application.
I understand using simple django views, and templating system, one is able to simply include a csrf_token in a webpage with the aid of the middleware.
My problem now is trying to post data back to the server without using csrf_exempt, and the flash application ideally, can be run without inserting params tags. Hopefully, a standalone swf file that'll work as it is.
How would one get a csrf_token into the flash app so it can post data back to the server without security concerns?
If the csrf_token way is not possible, are there any other ways to post data securely?
I have searched many avenues leading to similar questions, but many are unanswered.
Maybe I'm missing something here as I'm engrossed in my perspective. I hope someone can enlighten me on better ways to do it.
Thanks in advance.
It sounds like you may have two problems:
How do I actually send the CSRF token with my POST requests from Flash?
Django also accepts CSRF tokens via the header X-CRSFToken. See the docs here.
You can append headers to your request like so:
var req:URLRequest=new URLRequest();
req.url="http://somesite.com";
var header:URLRequestHeader=new URLRequestHeader("X-CSRFToken","foobar");
req.requestHeaders.push(header);
URLRequests docs are here.
How do I get the CSRF token into my Flash file in the first place?!
(Option A) Because CSRF tokens are generated on a per request basis (e.g., with templating a traditional HTML form, on a GET request) the simplest thing to do is to pass the CSRF token to the Flash file via a templated parameter. Something like: <param name="csrf_token" value="{{ my_csrf_token }}" />
(Option B) It sounds like you don't want to do the parameter thing, so your final option is to build a custom Django view which has the sole functionality of delivering a CSRFToken to your Flash file. So the Flow would be your Flash file loads, your Flash makes a GET request to http://mysite.com/csrf_token/ which simply returns a valid CSRF token, and then you can use that token to do your POST. (Note you will need to do a GET request for each POST request).