I have been using django for a few months and the ssl middleware to redirect to https from http in my urls. In order to use more complex urls, I decided to use django-urls-sugar and it works fine but I do not know how to pass more parameters than the url parameters, the view and the name identifying the view.
url_sugar([Constant('ardataset'),
Variable('band_id', '\d+'),
Variable('version', '\d+'),
], LoggedInViewArDataset.as_view(), name='ar-dataset-view-get'),
This works but as soon as I want to use {'SSL': True} or passing the value as a keyword argument, it does not work.
Should work with the new version of django-urls-sugar, released today.
BTW, replying to what #chris-pratt said, it's true that it doesn't do anything that you can't do by yourself, but this is what any "sugar" library is intended to do, right? django-templatetags-sugar for template tags, django-urls-sugar for urls. You can perfectly live without them, they are just intended to make you life easier in some (rare?) cases.
Related
I am using redirectTo() function with params to redirect to another pages with a query string in the url. For security purpose this does not look appealing because the user can change the parameters in the url, thus altering what is inserted into the database.
My code is:
redirectTo(action="checklist", params="r=#r#&i=#insp#&d=#d#");
Is there anyway around this? I am not using a forms, I just wish to redirect and I want the destination action/Controller to know what I am passing but not display it in the url.
You can obfuscate the variables in the URL. CfWheels makes this really easy.
All you have to do is call set(obfuscateURLs=true) in the config/settings.cfm file to turn on URL obfuscation.
I am sure this works with linkTo() function. I hope it works with RedirectTo() funcation as well. I do not have a set up to check it now. But if doesn't work for RedirectTo(), you can obfuscateParam() and deObfuscateParam() functions to do job for you.
Caution: This will only make harder for user to guess the value. It doesn't encrypt value.
To know more about this, Please read the document configuration and defaults and obfuscating url
A much better approach to this particular situation is to write params to the [flash].1 The flash is exactly the same thing as it is in Ruby on Rails or the ViewBag in ASP.Net. It stores the data in a session or cookie variable and is deleted at the end of the next page's load. This prevents you from posting back long query strings like someone that has been coding for less than a year. ObfuscateParam only works with numbers and is incredibly insecure. Any power user can easily deobfuscate, even more so with someone that actually makes a living stealing data.
I'm working with JSF2 and PrettyFaces for creating a 'SEO-friendly URLs'.
Now I'm facing a problem when I want to pass parameters after the PrettyFaces is creating a new url those parameters will been delete and i want to avoid that.
I will explain it with an example:
Currently when hitting this url:
http://www.mysite.com/index.jsf?param1=value1¶m2=value2
After the PrettyFaces I'm getting this url:
http://www.mysite.com/
But I want it to be like that, so when hitting this url:
http://www.mysite.com/index.jsf?param1=value1¶m2=value2
After the PrettyFaces i'll get this url:
http://www.mysite.com/?param1=value1
Please note: That I only want to pass specific parameters. from the example above, only param1 should be passed.
My configuration on the 'pretty-config.xml':
<url-mapping>
<pattern>/</pattern>
<view-id>/jsp/index.jsf</view-id>
</url-mapping>
I'm actually surprised that the query string is not being preserved. I would guess that something is else is going on, other than prettyfaces. What version of PRettyFaces are you using? I'm also guessing that this is a problem with PrettyFaces, that this was a bug in the version you're using, but I think that's unlikely.
The only thing the url-mapping you've pasted should do is perform an internal forward from "/" to "/jsp/index.jsf". It will not do any client redirection from "/index.jsf" to "/"; this is why I think there is something else at play here. (See the code for reference: https://github.com/ocpsoft/rewrite/blob/master/config-prettyfaces/src/main/java/org/ocpsoft/rewrite/prettyfaces/UrlMappingRuleAdaptor.java#L213)
With regard to stripping out certain query parameters and leaving others, then I highly suggest looking at the Rewrite framework (which is the new core of PrettyFaces), you can use it to build very custom rewriting rules: http://ocpsoft.org/prettyfaces/ and http://ocpsoft.org/rewrite/
I hope this helps.
I just played with ember routing example. It looks quite interesting. Especially if you are going to build all your application on Ember framework.
But parameters in url follows after '#'. That means you can't copy and send a link to someone if client has to login with postback (if only to set a cookie with login parameters). Is there a better option - maybe use '?' instead of '#'?
You may also have a look at Ember.Router.
There are two good start points # https://gist.github.com/2679013 and https://gist.github.com/2728699
A lot of fixes have been made the last couple of days.
EDIT
A brand new guide is now available # https://emberjs-staging-new.herokuapp.com/guides/outlets#toc_the-router
Here is a full example courtesy of https://github.com/jbrown
http://jsfiddle.net/justinbrown/C7LrM/10/
I am trying to write some tests for a Django application I'm working on but I haven't yet decided on the exact urls I want to use for each view. Therefore, I'm using named urls in the tests.
For example, I have a url named dashboard:
c = Client()
resp = c.get(reverse('dashboard'))
This view should only be available to logged in users. If the current user is anonymous, it should redirect them to the login page, which is also a named url. However, when it does this, it uses an additional GET parameter to keep track of the url it just came from, which results in the following:
/login?next=dashboard
When I then try to test this redirect, it fails because of these additional parameters:
# It's expecting '/login' but gets '/login?next=dashboard'
self.assertRedirects(resp, reverse('login'))
Obviously, it works if I hard code them into the test:
self.assertRedirects(resp, '/login?next=dashboard')
But then, if I ever decide to change the URL for my dashboard view, I'd have to update every test that uses it.
Is there something I can do to make it easier to handle these extra parameters?
Any advice appreciated.
Thanks.
As you can see, reverse(...) returns a string. You can use it as:
self.assertRedirects(resp, '%s?next=dashboard' % reverse('login'))
I would like to fetch a source of file and wrap it within JSONP.
For example, I want to retrieve pets.txt as text from a host I don't own. I want to do that by using nothing but client-side JavaScript.
I'm looking for online service which can convert anything to JSONP.
YQL
Yahoo Query Language is one of them.
http://query.yahooapis.com/v1/public/yql?q=select%20*%20from%20html%20where%20url%3D"http://elv1s.ru/x/pets.txt"&format=json&callback=grab
This works if URL is not blocked by robots.txt. YQL have respect to robots.txt. I can't fetch http://userscripts.org/scripts/source/62706.user.js because it blocked via robots.txt.
http://query.yahooapis.com/v1/public/yql?q=select%20*%20from%20html%20where%20url%3D"http://userscripts.org/scripts/source/62706.user.js"&format=json&callback=grab
"forbidden":"robots.txt for the domain disallows crawling for url: http://userscripts.org/scripts/source/62706.user.js"
So I'm looking for another solutions.
I built jsonpwrapper.com.
It's unstable and slower than YQL, but it doesn't care about robots.txt.
Here's another one, much faster, built on DigitalOcean & CloudFlare, utilizing caching et al: http://json2jsonp.com
Nononono. No. Just please; no. That is not JSONP, it is javascript that executes a function with an object as its parameter that contains more javascript. Aaah!
This is JSON because it's just one object:
{
'one': 1,
'two': 2,
'three':3
}
This is JSONP because it's just one object passed through a function; if you go to http://somesite/get_some_object?jsonp=grab, the server will return:
grab({
'one': 1,
'two': 2,
'three':3
});
This is not JSON at all. It's just Javascript:
alert("hello");
And this? Javascript code stored inside a string (ouch!) inside an object passed to a function that should evaluate the string (but it might or might not):
grab({"body": "alert(\"Hello!\");\n"});
Look at all those semicolons and backslashes! I get nightmares from this kind of stuff. It's like a badly written Lisp macro because it's much more complicated than it needs to (and should!) be. Instead, define a function called grab in your code:
function grab(message) {
alert(message.body);
}
and then use JSONP to have the server return:
grab({body: "Hello!"});
Don't let the server decide how to run your web page Instead, let your web page decide how to run the web page and just have the server fill in the blanks.
As for an online service that does this? I don't know of any, sorry
I'm not sure what you're trying to do here, but nobody will use something like this. Nobody is going to trust your service to always execute as it should and output expected JavaScript code. You see Yahoo doing it because people trust Yahoo, but they will not trust you.