as of signalr-rc2, IConnectionIdPrefixGenerator is not supported?o
if so, any plan to expose it later?
Nope, we own the connection id. If you want extra data you need to use the query string.
Related
I need to extract the Call-id info from the calls started by a Call-file (in Asterisk), and use this value as a parameter of another function in order to return the full-cdr from the SIP-Proxy. Either i need to extract the call-id from call file based calls, or i gotta insert a call-id value through the file and use it. However, could not figure out how to do that. Looking forward to your replies, thanks in advance.
p.s. I'm not asking for Caller-id which refers to, as far as i understand, the from-number.
Call-id will be created by chan_sip AFTER you do call via call file.
So no, there are no way put it in file.
Maybe possible read by SIPHeader function AFTER call placed, but more likly you should do patch.
You can add special header like X-something if other part support search by it.
I am trying to implement this-
https://gist.github.com/MendelGusmao/2356310
Lua,nginx based URL shortener,The only change i want to implement is when some query string parameter comes with shortened URL i need to take that parameter and insert into the long URL.
e.g.
http://google.com?test=2 will be like http://abc.in/abc
while hitting on http://abc.in/abc?test=3 I get redirected to - http://google.com?test=3.
For that i need to take query string parameters from $request_URI, can any one help with some code?
You should be able to use ngx.var.arg_name where name is the name of the query parameter you want to access. See Variables with Infinite Names section in this tutorial for details on query parameter handling; you may also check my blog post for Lua nginx/openresty examples.
As an alternative, you can use ngx.req.get_uri_args() to retrieve all query parameters as one table. See this section in the same tutorial for the brief comparison between these methods.
You can also use ngx.var.QUERY_STRING to access the query string and unescape and parse it.
You can obtain the query parameter with just nginx by using $arg_test, test is the name of the query parameter in this example.
This is documented in http://nginx.org/en/docs/http/ngx_http_core_module.html#var_arg_.
I'm using vert.x to write an application. It doesn't have built-in cookie support yet, and we have to use "putHeader()" method to manually set cookies.
Now I want to set several cookies, so I write:
req.response.putHeader("Set-Cookie", "aaa=111; path=/")
req.response.putHeader("Set-Cookie", "bbb=222; path=/")
req.response.putHeader("Set-Cookie", "ccc=333; path=/")
But I found vert.x send only one "Set-Cookie":
Set-Cookie ccc=333; path=/
I'm not sure if I misunderstand something. Can server send multi "Set-Cookie" commands one time? Is it correct to send multi cookies this way?
Use netty's io.netty.handler.codec.http.ServerCookieEncoder functionality:
req.response.putHeader("Set-Cookie",
ServerCookieEncoder.encode(new DefaultCookie("aaa", "111")))
there're many useful method signatures:
ServerCookieEncoder.encode(Cookie cookie)
ServerCookieEncoder.encode(Cookie... cookies)
ServerCookieEncoder.encode(Collection<Cookie> cookies)
ServerCookieEncoder.encode(Iterable<Cookie> cookies)
I think no, it's impossible out of the box because headers stored in a HashMap:
https://github.com/purplefox/vert.x/blob/master/src/main/java/org/vertx/java/core/http/impl/DefaultHttpServerResponse.java#L81
You can:
Open new issue
Comment existing issue https://github.com/purplefox/vert.x/issues/89
Checkout source and use map what allow duplicate keys
Map implementation with duplicate keys (you need handle duplicate manually, for instance Location-header should be only one time
Extend DefaultHttpServerResponse and see how you can integrate it
Merge cookies and handle it manually, for instance:
req.response.putHeader("Set-Cookie", "aaa=111&bbb=222&ccc=333; path=/")
There is one work-arround.
req.response()
.putHeader("Set-Cookie", "some=cookie;max-age=1000;path=/;HttpOnly"
+"\nSet-Cookie: next=cookie"
+"\nSet-Cookie: nnext=cookie;HttpOnly");
I am looking for some best practices when is comes to creating EditMoels and updating data in an ASP.NET MVC app. Lets say I have a Url like so /Post/Edit?Id=25
I am ensuring the user has permissions to edit the specific post by Id on the Get request and the same for my Post in the controller. I am using the ValidateAntiForgeryToken.
Questions: Should I include the Id property in my EditModel? If so, Should I encrypt it?
The problem is I can use FireBug to edit the Id hiddedinput and edit a different post as long as I have permission to do so. This is not horrible, but seems wrong.
Any help would be great!
There are several ways to prevent this.
The first - don't send sensitive data to the client at all. Keep the post id in session variables, so the user can never edit it. This may or may not be an option depending on your architecture.
The next approach is to convert the direct reference to an indirect one. For example, instead of sending postids = {23452, 57232, 91031} to the client to render a drop-down list, you should send an opaque list {1,2,3}. The server alone knows that 1 means 23452, 2 means 57232 and so on. This way, the user can't modify any parameter you don't want him to.
The last approach is including some kind of hash value that adds as an integrity check. For example, suppose you have 3 hidden fields in a html page - {userId=13223, postId=923, role=author}. You first sort the field names and then concatenate the values to get a string like postId=923&userId=13223&role=author. Then, append a server secret to this string, and hash (SHA-1 or MD5) the entire string. For eg. SHA-1('postId=923&userId=13223&role=author&MySuperSecretKey'). Finally add this hashed value as a hidden parameter. You may also want to add another hidden field called ProtectedParameters=userId,postId,role.
When the next request is made, redo the entire process. If the hash differs, balk the process.
Security wise, I have listed the options in decreasing order. At the same time, its probably in the increasing order of convenience. You have to pick the right mix for your application.
I don't think you should worry with that, if the user does what you said, i suppose that you'll know who edited what, so if he edits the wrong post, doing as you said, you can always remove his edition rights...
If you can't thrist your users, don't let them edit anything...
The closest thing I could find was System.Net.Mime.MediaTypeNames but that doesn't seem to have everything (like json) since it seems to be more focused around email attachments.
An enum doesn't make much sense. MIME types are open-ended. That is, the list is not finite: new types are added from time to time.
See RFC4288: Media Type Specifications and Registration Procedures
In 2022, with .NET Core and .NET5+, this is now available via MediaTypeNames. For example:
MediaTypeNames.Application.Json
MediaTypeNames.Image.Png
MediaTypeNames.Text.Html
Microsoft documentation around MediaTypeNames, and each of Application, Image, Text.
https://learn.microsoft.com/en-us/dotnet/api/system.net.mime.mediatypenames?view=net-6.0
https://learn.microsoft.com/en-us/dotnet/api/system.net.mime.mediatypenames.application?view=net-6.0
https://learn.microsoft.com/en-us/dotnet/api/system.net.mime.mediatypenames.image?view=net-6.0
https://learn.microsoft.com/en-us/dotnet/api/system.net.mime.mediatypenames?view=net-6.0
https://learn.microsoft.com/en-us/dotnet/api/system.net.mime.mediatypenames.text?view=net-6.0
IANA's database is most likely to be complete. Currently, they have the list available in CSV format at https://www.iana.org/assignments/media-types/application.csv. I am assuming this is a stable URL whose content changes as updates are made. If you want to stay up to date, you'd need to put together a mechanism that is appropriate for your needs.
There is also the mime.types file that comes with Apache which seems to have been derived from the said list.
If like me you wanted to have no hard-coded string in your code you can use something like below
httpHeaders.add(HttpHeaders.CONTENT_TYPE,MediaType.APPLICATION_JSON_VALUE);
which is essentially
httpHeaders.add("Content-Type","application/json");