I have an app that I have developed using localhost. It makes relative xhr requests like this
http://localhost/arcgis/rest/...
When I try to run the app from within a functional test using intern, it loads my app on port 9000 (http://localhost:9000/...). This is causing all of my xhr requests to fail because they are now cross-domain.
I could probably make it work using jsonp or CORS, but I'm wondering if intern has already solved this problem. It would be great if it had a proxy that made the requests using a configurable base url or something. Is this functionality available?
It's all spelled out in the new wiki page: Using Intern to unit test Ajax calls.
Thanks, Colin!
Related
How Selenium WebDriver overcome same origin policy?
Same origin policy problem is in Selenium RC
First of all “Same Origin Policy” is introduced for security
reason, and it ensures that content of your site will never be
accessible by a script from another site. As per the policy, any code
loaded within the browser can only operate within that website’s
domain.
--------------------------------------------------------------------------------- ----------------------------------------------What it did???
Same Origin policy prohibits JavaScript code from accessing elements from a domain that is different from where it was launched.
Example, the HTML code in www.google.com uses a JavaScript program
"testScript.js". The same origin policy will only allow testScript.js to access pages within google.com such as google.com/mail, google.com/login, or google.com/signup. However, it cannot access pages from different sites such as
yahoo.com/search or fbk.com because they belong to different domains.
This is the reason why prior to Selenium RC, testers needed to install local copies of both Selenium Core (a JavaScript program) and the web server containing the web application being tested so they would belong to the same domain. ------------------------------------------------------------------------------------------------------------------------------------ How it is avoided???
To avoid “Same Origin Policy” proxy injection method is used, in
proxy injection mode the Selenium Server acts as a client
configured HTTP proxy , which sits between the browser and application
under test and then masks the AUT under a fictional URL
Selenium uses java script to drives tests on a browser; Selenium injects its own js to the response which is returned from aut. But there is a java script security restriction (same origin policy) which lets you modify html of page using js only if js also originates from the same domain as html. This security restriction is of utmost important but spoils the working of Selenium. This is where Selenium server comes to play an important role.
Before Selenium WebDriver, Selenium was "Javascript Task Runner". It would set itself up as a server (locally), and open a browser pointed to the Selenium server running locally. So the browser is now talking to the Selenium Server running locally.
This is a problem though, because the browser is getting a script from Selenium which tells it that it wants to fetch resources from http://websitetotest.com. But the browser got this script from http://127.0.0.1:9000/selenium (for example). The browser says "hey this script came from local host and now it's requesting a resource from some outside website. This violated the same-origin-policy.
WebDriver came along and created a proxy to trick the browser into thinking that it is talking to the same server where both Selenium and the websitetotest are "located". Abhishek provided a concise explanation on this.
This might be a late reply but, if you are referring to selenium webdriver and not selenium RC then the answer is you dont have to worry about same origin policy in case of webdriver since each browser has its own webdriver.This is the whole advantage of webdriver as opposed to RC i.e no selenium core injection into the browser and no middleware client server between the browser and AUT.Webdriver provides a native OS level support in controlling the browser automation.
I need to simulate web response for web requests during some tests. I was going to use fiddler core for that. So fiddler just acts like a proxy and Im able to set response for every request I like. But I need to run something like console application or standalone application to make fiddler core able to intercept the requests. And I need it to be somehow initialized inside my asp.net mvc test application, so that tester could access these fake data, by just using the urls, without the need to run fiddler or any other applications.
For now I tried to run my fiddler application in Controller action method, but it doesnt intercept anything.
I also tried to add URLMonInterop.SetProxyInProcess("127.0.0.1:"+ myPort, ""), but it doesnt work either.
Is there any way to self host fiddler core app and make it intercept the requests?
UPDATE:
In the end I managed to host fiddler core inside asp.net mvc app. I made initialization in a static method of a static class and it did the trick. Also, for some reason after calling shutdown and then performing initialization again I cant proxify anything. I even cal GC.Collect, nothing helps, but refreshing the host process, in my case IIS express.
As documented, SetProxyInProcess affects URLMon clients only, and .NET doesn't use URLMon for networking.
.NET clients typically pick up the current proxy setting automatically, but if you're running FiddlerCore in a different user account, that's not going to work (and you probably don't want your mocker to be messing with any traffic except your test application). So, instead you should configure your application explicitly to proxy its traffic through your FiddlerCore instance; see http://fiddlerbook.com/fiddler/help/hookup.asp#Q-DOTNET and http://fiddlerbook.com/fiddler/help/hookup.asp#Q-IIS and if your services are local http://fiddlerbook.com/fiddler/help/hookup.asp#Q-LocalTraffic
Is there a good example somewhere of an ASP script which accepts a GET request for a URL, and returns the contents of that URL, passing along any headers sent in the request?
I'm working on a Silverlight app and am trying to work around some cross-domain web service issues, so I'd like to just proxy the requests through my own domain. Searching for "asp proxy" gets me lots of irrelevant results.
The code in this Reverse Proxy on CodeProject should do the trick: http://www.codeproject.com/KB/web-security/HTTPReverseProxy.aspx.
Currently I'm working on a jQuery Mobile website which will later be transformed into an app via Titanium. I have created a RESTful JSON web service, which is running on a different server than the jQuery Mobile application. The web service is consumed via AJAX using JSONP.
One thing I find annoying is that I can't make use of HTTP error codes, because jQuery automatically aborts a JSONP call whenever the server issues an error. I can never get hold of the error code on the client side.
Another thing is that JSONP only works with the HTTP verb GET, you cannot issue a JSONP POST for example (Currently, the web service is GET only, but that could change).
Are there any alternatives to JSONP? Or is JSONP the only choice I have when using remote JSON web services with AJAX? For example, how do Twitter apps interact with the Twitter API (they have a REST API)?
Your question is a nice illustration why people complain that jquery is too easy to adopt ;)
JSONP is not ajax. There are no success and failure callbacks. JSONP is this:
put the parameters in the url
add &jsoncallback=random2745273
create a global variable random2745273 and put the callback reference in it
add <script src="theurlhere"></script> to the head
that's all you can do.
The server returns
random2745273({somedata});
and that's how your callback is called.
If you want to report errors, then your server has to generate a correct code. You will not know what HTTP headers were sent.
And this is the only way you can communicate cross-domain with an api.
Sending cross-domain communicates is also possible with generating iframes, but it's hacky and rarely used.
[edit]
Ok, that got me thinking... I could use the iframe hack to wrap over the JSONP!
And as usual - I wasn't the first to have the idea (and I'm finally humble enough to google my ideas expecting it ;) )
Here it is: http://beebole.com/en/blog/general/sandbox-your-cross-domain-jsonp-to-improve-mashup-security/
awesome
[edit2]
awww, I forgot... There's another one.
window.postMessage
It already got implemented in some browsers. If you don't have to be compatible with most of the browsers, you can start using it now! :)
After some more research on postMessage I found an alternative to JSONP: AJAX via Cross-domain messaging with EasyXDM.
See http://easyxdm.net/wp/2010/03/17/cross-domain-ajax/
I have some software which makes a request to a specific URL in internet and I want it to receive my custom response. Is there any software tool for that on Windows? Also it would be nice if I could map a regexp instead of specific URL
Found the solution myself:
Set the domain of the URL to point to 127.0.0.1 in windows hosts file
Install nginx and set it up to show your file for the request response to which you're willing to modify and proxy all other requests to the original server
You could consider writing a test and mocking out the http response with your custom response.
I could give an example using C# and rhino mocks but it's not clear which platform you are working with.
You can:
Try to enject your dll into the process and replace functions like (HttpSendRequest, HttpQueryInfo,...) with your oun versions.
Try to use something like WinPCap (http://www.winpcap.org/).
Fiddler (www.fiddler2.com) has an AutoResponder feature which does exactly that.