I'm trying to add an allowed URLs to my Dynamic Links. It works with links to the app store/google play. I have a staging and production server and I need to set the ofl parameter accordingly. The production URL is HTTPS and works. But the staging URL does not work It is HTTP and has "-", I'm not sure if those are any relevant and the cause of the problem but those are the only differences.
For example: http://gettingstartedapp-env.bx7dx222kw.us-east-2.elasticbeanstalk.com/
Using this example, I'm listing bellow things I've tried so far:
^http://gettingstartedapp\-env\.bx7dx222kw\.us\-east\-2\.elasticbeanstalk\.com/.*$
^http://gettingstartedapp-env\.bx7dx222kw\.us-east-2\.elasticbeanstalk\.com/.*$
^.*gettingstartedapp-env\.bx7dx222kw\.us-east-2\.elasticbeanstalk\.com/.*$
^http://.*.com/.*$
I still get URL is disallowed. What can it be?
Related
Part of a site I am working on at the moment requires Audio/Video previews.
These are server from a different server to the main site.
The Streaming URL is of the form:
www.myserver.com/Preview.aspx?e=I_AM_AN_ENCRYPTED_KEY
The Key is generated by the server that hosts the file, not the site on which the previews are actually displayed. It's kind of an API.
Part of the security to stop these previews being played anywhere except this website is supposed to check the domain which is requesting this, but it seems that HttpContext.Current.Request.UrlReferrer is NULL when requested from an HTML5 video/audio element.
Without posting the domain along with the Key to the API, is there any way that I can get the referring URL on the receiving server, server side?
EDIT:
To clarify:
There is a website with HTML5 elements which are directed to a URL on a different server, the URL and key is provided by this server (not the website)
When the API server receives a request to stream the preview it checks the Key (which basically tells it what to play) and also checks for the referring domain against a list of allowed domains.
Figured it out - in case anyone cares...
Simply replace:
ReferringDomain = HttpContext.Current.Request.UrlReferrer
with :
ReferringDomain = HttpContext.Current.Request.Headers("Referer")
Sorted! :)
I'm trying to create a web browser using Cocoa and Swift. I have an NSTextField where the user can enter the website he wants to open and a WebView where the page requested is displayed. So far, to improve the user experience, I'm checking if the website entered by the user starts with http:// and add it if it doesn't. Well, it works for most of the cases but not every time, for example when the user wants to open a local web page or something like about:blank. How can I check if adding http:// is necessary and if I should rather add https:// instead of http://?
You need to be more precise in your categorization of what the user typed in.
Here are some examples and expected reactions:
www.google.com: should be translated into http://www.google.com
ftp://www.foo.com: Should not be modified. Same goes to file:// (local)
Barrack Obama: Should probably run a search engine
about:settings: Should open an internal page
So after you figure out these rules with all their exceptions, you can use a regex to find out what should be done.
As for HTTP vs. HTTPS - if the site supports HTTPS, you'll get a redirect response (307 Internal Redirect, 301 Moved Permanently etc) if you go to the HTTP link. So for example, if you try to navigate to http://www.facebook.com, you'll receive a 307 that will redirect you to https://www.facebook.com. In other words, it's up to the site to tell the browser that it has HTTPS (unless of course you navigated to HTTPS to begin with).
A simple and fairly accurate approach would simply be to look for the presence of a different schema. If the string starts with [SomeText]: before any slashes are encountered, it is likely intended to indicate a different schema such as about:, mailto:, file: or ftp:.
If you do not see a non-http schema, try resolving the URL as an HTTP URL by prepending http://.
I have an HTML5 app written in static html/js/css (it's actually written in Dart, but compiles down to javascript). I'm serving the application files via CDN, with the REST api hosted on a separate domain. The app uses client-side routing, so as the user goes about using the app, the url might change to be something like http://www.myapp.com/categories. The problem is, if the user refreshes the page, it results in a 404.
Are there any CDN's that would allow me to create a rule that, if the user requests a page that is a valid client-side route, it would just return the (in my case) client.html page?
More detailed explanation/example
The static files for my web app are stored on S3 and served via Amazon's CloudFront CDN. There is a single HTML file that bootstraps the application, client.html. This is the default file served when visiting the domain root, so if you go to www.mysite.com the browser is actually served www.mysite.com/client.html.
The web app uses client-side routing. Once the app loads and the user starts navigating, the URL is updated. These urls don't actually exist on the CDN. For example, if the user wanted to browse widgets, she would click a button, client-side routing would display the "widgets" view, and the browser's url would update to www.mysite.com/widgets/browse. On the CDN, /widgets/browse doesn't actually exist, so if the user hits the refresh button on the browser, they get a 404.
My question is whether or not any CDNs support looking at the request URI and rewriting it. So, I could see a request for /widgets/browse and rewrite it to /client.html. That way, the application would be served instead of returning a 404.
I realize there are other solutions to this problem, namely placing a server in front of the CDN, but it's less ideal.
I do this using CloudFront, but I use my own server running Apache to accomplish this. I realize you're using a server with Amazon, but since you didn't specify that you're restricted to that, I figured I'd answer with how to accomplish what you're looking to do anyway.
It's pretty simple. Any time you query something that isn't already in the cache on CloudFront, or exists in the Cache but is expired, CloudFront goes back to your web server asking it to serve up the content. At this point, you have total control over the request. I use the mod_rewrite in Apache to capture the request, then determine what content I'm going to serve depending on the request. In fact, there isn't a single file (spare one php script) on my server, yet cloudfront believes there are thousands. Pretty sure url rewriting is standard on most web servers, I can only confirm on lighttp and apache from my own experience though.
More Info
All you're doing here is just telling your server to rewrite incoming requests in order to satisfy them. This would not be considered a proxy or anything of the sort.
The flow of content between your app and your server, with cloudfront in between is like this:
appRequest->cloudFront
if cloudFront has file, return data to user without asking your server
for the file.
If cloudFront DOESN'T have the file (or it has expired), go back to
the origin server and ask it for a new copy to cache.
So basically, what is happening in your situation is this:
A)app->ask cloudfront for url cloud front doesn't have
B)cloudfront
then asks your source server for the file
C)file doesn't exist there,
so the server tells cloudFront to go fly a kite
D)cloudFront comes back empty handed and makes your app 404
E)app crashes and
burns, users run away and use something else.
So, all you're doing with mod_rewrite is telling your server how it can re-interpret certain formatted requests and act accordingly. You could point all .jpg requests to point to singleImage.jpg, then have your app ask for:
www.mydomain.com/image3.jpg
www.mydomain.com/naughtystuff.jpg
Neither of those images even have to exist on your server. Apache would just honor the request by sending back singleImage.jpg. But as far as cloudfront or your app is concerned, those are two different files residing at two different unique places on the server.
Hope this clears it up.
http://httpd.apache.org/docs/current/mod/mod_rewrite.html
I think you are using the URL structure in a wrong way. the path which is defined by forward slashes is supposed to bring you to a specific resource, in your example client.html. However, for routing beyond that point (within that resource) you should make use of the # - as is done in many javascript frameworks. This should tell your router what the state of the resource (your html page or app) is. if there are other resources referenced, e.g. images, then you should provide different paths for them which would go through the CDN.
I have noticed that GET requests for nonexistent paths don't return a 404 response. Instead, the client gets a "200 Ok", AngularJS renders the main view, and rewrites the path to /. A request for a nonsense URI is logged as successful in the server logs. If I understand correctly, the problem is that since AngularJS handles routing, the server has to accept a GET request for any URI and always respond by serving the client side of the app ("200 Ok" or "304 Not Modified").
For example, using the project scaffolded by the angular-fullstack Yeoman generator, requesting a nonexistent /unicorn goes like this:
GET /unicorn 200 31ms - 3.29kb
GET /partials/main 304 36ms
GET /api/awesomeThings 304 5ms
The Express route that handles the request looks like this:
// server, last route:
app.get('*', controllers.index);
// controllers:
exports.index = function(req, res) {
res.render('index');
};
and index.jade is the root of the whole client side of the app.
After a quick look at the server side code of other AngularJS / Express projects on Github (AngularJS Express seed, AngularJS login), I see that this is a common pattern. I am wondering if there is a better way to handle requests for nonexistent paths, so that the client gets a real HTTP 404 response?
The angular documentation has a section about the routing. Also, this question and this question have some information that pertains to IIS but could easily be adapted to express.
Html link rewriting
When you use HTML5 history API mode, you will need different links in different browsers, but all you have to do is specify regular URL links, such as: link
When a user clicks on this link,
In a legacy browser, the URL changes to /index.html#!/some?foo=bar
In a modern browser, the URL changes to /some?foo=bar
In cases like the following, links are not rewritten; instead, the browser will perform a full page reload to the original link.
Links that contain target element
Example: link
Absolute links that go to a different domain
Example: link
Links starting with '/' that lead to a different base path when base is defined
Example: link
When running Angular in the root of a domain, along side perhaps a normal application in the same directory, the "otherwise" route handler will try to handle all the URLs, including ones that map to static files.
To prevent this, you can set your base href for the app to <base href="."> and then prefix links to URLs that should be handled with .. Now, links to locations, which are not to be routed by Angular, are not prefixed with . and will not be intercepted by the otherwise rule in your $routeProvider.
Server side
Using this mode requires URL rewriting on server side, basically you have to rewrite all your links to entry point of your application (e.g. index.html)
You can use $route.otherwise() function
In order to decide what to do with undefined
Routes.
If you want to still show a 404 message,
You could simply set a /404.html route both in this Function and in express.
This is actually express handling routing--not angular. Remove the app.get('*', ... that you found to disable that.
When accessing our sharepoint site via HTTPS, users inside our network receive a prompt stating "Display nonsecure items?".
When accessing the site from outside our network via HTTPS, some images do not display at all. Some links do not function correctly as well.
We have found that this occurs when site administrators create images and/or link and display them using HTTP.
How can we seamlessly integrate HTTP and HTTPS so that we don't have to tell site administrators to use only HTTPS when creating images and links?
I have looked at our Alternate Access mappings, and here is the relevant info there:
http://computername Default http://computername
http://HostName Default http://HostName
http://subdomain.domain.com Intranet http://subdomain.domain.com
https://subdomain.domain.com Extranet https://subdomain.domain.com
http://computername:port Default http://computername:port
http://subdomain2.domain.com Default http://subdomain2.domain.com
http://computername:port2 Default http://computername:port2
...Some explanation:
ComputerName is the name of the server.
HostName is just a single hostname DNS entry we have so people can quickly type for example "Sharepoint" in their address bar.
Subdomain is basically sharepoint.ourdomain.com. pretty self explanitory
Subdomain2 is for our Business Intelligence services server.
We have two entries with port numbers. One goes to central admin. the other gives an error and i'm not sure what its used for (if anything).
I inherited support of this application. I hope things arent too messed up.
So TLDR: How can I get HTTP and HTTPS working seamlessly together inside/outside our network to avoid missing images and invalid links?
Thanks all.
The problem is that the urls in the links and image src are absolute rather than relative.
http://subdomain.domain.com/someimage.gif is always going to use http as its an absolute link.
/someimage.gif is a relative link (the leading / means relative from the hostname) so if this url is from a http site it will use http, from a https site will use https (well technically depends upon the document BASE but you can ignore that for your purposes)
E.g. given the relative URL /somepage/someimage.gif
When accessed from this page
Will mean this
http://example.com/somepage/
http://example.com/somepage/someimage.gif
httpS://example.com/somepage/
httpS://example.com/somepage/someimage.gif
http://NEWDOMAIN.com/somepage/
http://NEWDOMAIN.com/somepage/someimage.gif
and everything will work just fine with no warnings.
The built in CEWP puts all links in as Absolute. To fix -
MSDN - Fixing absolute URLs for all Alternate Access Mappings (AAM) of Content Editor Web Part with a Control Adapter