access denied when using winjs.xhr for ftp - http

I am writing some code for windows 8 that uses open data provided by the city of Vancouver. When I use the WinJS.xhr call on the data url:
ftp://webftp.vancouver.ca/opendata/csv/weekendplayfieldstatus.csv
I get the exception:
0x80070005 - JavaScript runtime error: Access is denied.
Here is the function call:
var url = ftp://webftp.vancouver.ca/opendata/csv/weekendplayfieldstatus.csv;
return WinJS.xhr({ url: url });
However, the very same call works for pretty much every other website I have tried. But, the rest have all been http and not ftp.

IE's XMLHttpRequest object (which WinJS.xhr uses) doesn't support ftp protocol so that's why you get an error.
Try using BackgroundDownloader class which supports ftp downloads.

The XHR acronym stands for "XML HTTP Request". The protocol it supports is in the name.

Related

External login with AspNet Web API

im trying to do external login with Google using Aspnet.
I created an mvc/webapi project with individual user accounts (vs2013). This will create some files like the 'AccountController' which contains GetExternalLogins action, after calling this action I get (because the google external login is set in the 'Startup' class) an object like this :
{
name: "Google",
state: null,
url: "/api/Account/ExternalLogin?provider=Google&response_type=token&client_id=self&redirect_uri=http%3A%2F%2Flocalhost%3A11166%2F"
}
The problem now : when i do another http request to "/api/Account/ExternalLogin?provider=Google&response_type=token&client_id=self&redirect_uri=http%3A%2F%2Flocalhost%3A11166%2F" I get the following error :
XMLHttpRequest cannot load https://accounts.google.com/o/oauth2/auth?response_type=code&client_id=my_client_id_here. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:11166' is therefore not allowed access
Im i doing something wrong ?
Thanks a lot.
I realized that its a silly question 5 seconds after posting it.
No need to do an http request, a simple redirection to the url works.

Failed to load resource: net::ERR_INSECURE_RESPONSE

IS there a way to trick the server so I don't get this error:
Content was blocked because it was not signed by a valid security certificate.
I'm pulling an iframe of an html website into another website but I keep getting the console (chrome) error in the title of this question and in internet explorer it says:
Content was blocked because it was not signed by a valid security certificate.
Your resource probably use a self-signed SSL certificate over HTTPS protocol.
Chromium, so Google Chrome block by default this kind of resource considered unsecure.
You can bypass this this way :
Assuming your frame's URL is https://www.domain.com, open a new tab in chrome and go to https://www.domain.com.
Chrome will ask you to accept the SSL certificate. Accept it.
Then, if you reload your page with your frame, you could see that now it works
The problem as you can guess, is that each visitor of your website has to do this task to access your frame.
You can notice that chrome will block your URL for each navigation session, while chrome can memorise for ever that you trust this domain.
If your frame can be accessed by HTTP rather than HTTPS, I suggest you to use it, so this problem will be solved.
Sometimes Google Chrome throws this error, even if it should not.
I experienced it when Chrome had a new version, and it needed to be restarted.
After restarting the same page worked without any errors.
The error in the console was:
net::ERR_INSECURE_RESPONSE
I still experienced the problem described above on an Asus T100 Windows 10 test device for both (up to date) Edge and Chrome browser.
Solution was in the date/time settings of the device; somehow the date was not set correctly (date in the past). Restoring this by setting the correct date (and restarting the browsers) solved the issue for me. I hope I save someone a headache debugging this problem.
Offering another potential solution to this error.
If you have a frontend application that makes API calls to the backend, make sure you reference the domain name that the certificate has been issued to.
e.g.
https://example.com/api/etc
and not
https://123.4.5.6/api/etc
In my case, I was making API calls to a secure server with a certificate, but using the IP instead of the domain name. This threw a Failed to load resource: net::ERR_INSECURE_RESPONSE.
open up your console and hit the URL inside. it'll take you to the API page and then in the page accept the SSL certificate, go back to your app page and reload.
remember that SSL certificates should have been issued for your Dev environment before.
If you're developing, and you're developing with a Windows machine, simply add localhost as a Trusted Site.
And yes, per DarrylGriffiths' comment, although it may look like you're adding an Internet Explorer setting...
I believe those are Windows rather than IE settings. Although MS tend to assume that they're only IE (hence the alert next to "Enable Protected Mode" that it requries restarted IE)...
Try this code to watch for, and report, a possible net::ERR_INSECURE_RESPONSE
I was having this issue as well, using a self-signed certificate, which I have chosen not to save into the Chrome Settings. After accessing the https domain and accepting the certificate, the ajax call works fine. But once that acceptance has timed-out or before it has first been accepted, the jQuery.ajax() call fails silently: the timeout parameter does not seem help and the error() function never gets called.
As such, my code never receives a success() or error() call and therefore hangs. I believe this is a bug in jquery's handling of this error. My solution is to force the error() call after a specified timeout.
This code does assume a jquery ajax call of the form jQuery.ajax({url: required, success: optional, error: optional, others_ajax_params: optional}).
Note: You will likely want to change the function within the setTimeout to integrate best with your UI: rather than calling alert().
const MS_FOR_HTTPS_FAILURE = 5000;
$.orig_ajax = $.ajax;
$.ajax = function(params)
{
var complete = false;
var success = params.success;
var error = params.error;
params.success = function() {
if(!complete) {
complete = true;
if(success) success.apply(this,arguments);
}
}
params.error = function() {
if(!complete) {
complete = true;
if(error) error.apply(this,arguments);
}
}
setTimeout(function() {
if(!complete) {
complete = true;
alert("Please ensure your self-signed HTTPS certificate has been accepted. "
+ params.url);
if(params.error)
params.error( {},
"Connection failure",
"Timed out while waiting to connect to remote resource. " +
"Possibly could not authenticate HTTPS certificate." );
}
}, MS_FOR_HTTPS_FAILURE);
$.orig_ajax(params);
}
This problem is because of your https that means SSL certification. Try on Localhost.

Creating a url in controller in asp.net mvc 4

I am trying to send activation mail to the currently registered user.In mail body,I need to send a link like http://example.com/account/activation?username=d&email=g.Now, for debugging on local machine, I manually write it as localhost:30995/account/activation?username=d&email=g. But, when my port number changes, I need to rewrite it.
I tried another question
on this website,but, compiler gives error like url.action doesnot exist.
Please give me fresh solution as I am confused with that solution.
Use a Url.Action overload that takes a protocol parameter to generate your URLs:
Url.Action("Activation", "Account", new { username = "d", email = "g" }, "http")
This generates an absolute URL rather than a relative one. The protocol can be either "http" or "https". So this will return http://localhost:XXXXX/account/activation?username=d&email=g on your local machine, and http://example.com/account/activation?username=d&email=g on production.
In short, this will stick whatever domain you're hosting your app on in front of your URL; you can then change your hostname/port number/domain name as many times as you want. Your links will always point to the host they originated from. That should solve the problem you're facing.
Try using IIS / IIS-Express instead of Casinni web server that comes with visual studio.
You could add bindings to have the right URL (with host entries of course).
This will avoid the port numbers in your links.

Loading Policies files from https address with flex

I'm having an epic amount of difficulty trying to get a result from a httprequest to a https address.
I'm loading a policy file from the address but I'm still getting the 2048 security error.
I load my policy file like so in my preinitilize handler.
private function preint(e:FlexEvent):void
{
Security.loadPolicyFile("https://api.soundcloud.com/crossdomain.xml");
}
My server gives me back a special token I need and then I try to make a request to the resource I need using a urlrequest and urlloader.
private function getprivatetracks():void
{
var url:String=new String("https://api.soundcloud.com/me/tracks?oauth_token=" + testapplicationparameters["oauth_token"])
var req:URLRequest=new URLRequest()
req.contentType="application/x-www-form-urlencoded"
req.method=URLRequestMethod.GET;
req.url=url;
var loader:URLLoader=new URLLoader()
loader.dataFormat=URLLoaderDataFormat.TEXT;
loader.dataFormat="text";
loader.load(req);
configureListeners(loader);
}
If I trace out the url I'm calling and paste it into a browser I can see the result fine. It's purely a flash thing.
When I run the swf in debug mode from the flex IDE the request works fine. The problem only occurs when the swf is on a server.
I've spend the best part of a day banging my head trying to figure this out.
Could somebody suggest what I might be doing wrong?
I'm guessing I'm lacking some fundamental knowledge about how flash deals with https.
EDIT 1
Error: Request for resource at https://api.soundcloud.com/me/tracks?oauth_token=0000000NBfKiNXEYG00FWTUGAy5Uw68r by requestor from http://myserver/content/flash/soundcloud/sclive.swf is denied due to lack of policy file permissions.
*** Security Sandbox Violation ***
Connection to https://api.soundcloud.com/me/tracks?oauth_token=0000000NBfKiNXEYG00FWTUGAy5Uw68r halted - not permitted from http://myserver/content/flash/soundcloud/sclive.swf
Error #2044: Unhandled securityError:. text=Error #2048: Security sandbox violation: http://myserver/content/flash/soundcloud/sclive.swf cannot load data from https://api.soundcloud.com/me/tracks?oauth_token=0000000NBfKiNXEYG00FWTUGAy5Uw68r.
at sclive/getprivatetracks()[C:\flex_projects\sclive\src\sclive.mxml:74]
at sclive/authorize_result_handler()[C:\flex_projects\sclive\src\sclive.mxml:62]
at flash.events::EventDispatcher/dispatchEventFunction()
at flash.events::EventDispatcher/dispatchEvent()
at HTTPOperation/http://www.adobe.com/2006/flex/mx/internal::dispatchRpcEvent()[C:\autobuild\3.5.0\frameworks\projects\rpc\src\mx\rpc\http\HTTPService.as:763]
at mx.rpc::AbstractInvoker/http://www.adobe.com/2006/flex/mx/internal::resultHandler()[C:\autobuild\3.5.0\frameworks\projects\rpc\src\mx\rpc\AbstractInvoker.as:263]
at mx.rpc::Responder/result()[C:\autobuild\3.5.0\frameworks\projects\rpc\src\mx\rpc\Responder.as:46]
at mx.rpc::AsyncRequest/acknowledge()[C:\autobuild\3.5.0\frameworks\projects\rpc\src\mx\rpc\AsyncRequest.as:74]
at DirectHTTPMessageResponder/completeHandler()[C:\autobuild\3.5.0\frameworks\projects\rpc\src\mx\messaging\channels\DirectHTTPChannel.as:409]
at flash.events::EventDispatcher/dispatchEventFunction()
at flash.events::EventDispatcher/dispatchEvent()
at flash.net::URLLoader/onComplete()
EDIT 2
I've tried catching the security error event and checking the url to make sure theres no redirects going on but the handler never gets called! I always get the unhanled exception error even though I've written a handler for it.
It is not advisable to permit HTTP content to access HTTPS content for security reasons.
So, if soundcloud wants to allow HTTP content to access its data, they should specify it in their crossdomain.xml (using the attribute secure="false" in the allow-access-from tag).
However, I've just noticed there is also a crossdomain on http :
http://api.soundcloud.com/crossdomain.xml
So I suggest you to use this URL instead of the HTTPS and it shloud work

Reading a remote URL in Domino LotusScript

I have a remote RSS feed which has to be transformed into Notes documents using LotusScript.
I've looked through the documentation, but I can't find how to open a remote URL in order to retrieve its contents. In other words, some sort of wget- or curl-like functionality. Can anyone shed some light on how to do this? Using Java is not an option.
Thanks.
Check out the NotesDOMParser class - available in LotusScript - which lets you (indirectly) pull XML from a remote URL and process in a an XML DOM object.
You can pull the XML into a string using the MSXMLHTTP COM object, then use NotesStream to send the XML to the NotesDOMParser.
I have not tested, but the code would look something like this:
...
Set objXML = CreateObject("Microsoft.XMLHTTP")
objXML.open "GET", sURL, False, "", ""
objXML.send("")
sXMLAsText = Trim$(objXML.responseText)
Set inputStream = session.CreateStream
inputStream.Open (sXMLAsText)
Set domParser=session.CreateDOMParser(inputStream, outputStream)
domParser.Process
...
Documentation: http://publib.boulder.ibm.com/infocenter/domhelp/v8r0/index.jsp?topic=/com.ibm.designer.domino.main.doc/H_NOTESDOMPARSER_CLASS.html
You can't open a remote URL (whether it's HTTP or some other protocol) using native Lotusscript: the object library simply doesn't support it. If you're running on a Windows server, you should be able to use the MS XMLHttp DLLs to get a handle on your remote file via a URL, as specified by the previous answer. (Alternatively, this link specifies how to parse and open a UNC path with Lotusscript—again, Windows only).
All that said, if I understand you correctly, you're not using HTTP to access the remote file at all. If the RSS file is just on a simple path, why can't you open the file for parsing in the normal way with Lotusscript?

Resources