Non server specific proxy? - iframe

I have a widget that is added to random websites. The widget needs to fill an iframe with content. I need the iframe source to be from the same domain as the website it is embedded in.
To do this I want to ask the site owners to put a file in their root folder that will be used as a proxy to my server.
My question is -how can I implement such proxy with static html/js/? file without using a server side scripting?

I'm not really clear how such a proxy would work/help either way. Are you looking for something like <base />?
The only issue with the base element is that it can't be turned off once it's turned on. If the iframe is the last thing on the page, or at least the last thing with either src or href, you could set it just above. But I'm not sure that this will allow js to access the iframe as though it were by proxy.
And again, I'm still not sure how a file on the remote server will make the iframe seem like it's on your domain. And I have serious doubts whether the site owners will extend such a favor, since doing so would allow hackers to use your site as a backdoor into their server.
I'm not sure how browsers/js policy is in terms of redirects and rewrites, but maybe you could go with something like pointing the iframe to your own server, and having that page actually go to their page, either by mod_rewrite or a redirect. Either way would be server side, so maybe that's not an option. I have heard tale of another thing that works, but have yet to see it in action... You have the site owners add a script with:
document.domain = "yourserver.net";
And be sure to set it on your script as well. This makes them play nice, supposedly. But they may not go for that if it breaks their site for other things, unless there is someway their page can tell it's inside of an iframe and can set that property conditionally.
Good luck

Related

Can I get the browsersync proxy to not update a particular URL?

Details:
I create virtual hosts for development like http://project.client.dev and then use browsersync for live reloading and whatnot, which creates a proxy at http://localhost:3000. This causes all URLs on the page to be written to http://localhost:3000, which in 99% of cases is exactly what I want, but sometimes I want to link to that original http://project.client.dev path instead.
Question:
Is it possible to have browsersync not update just particular URLs? Like, add a class of do-not-update or something and have those stay http://project.client.dev instead of being updated to http://localhost:3000?
Use Case:
I build WordPress websites. When I'm clicking around the site's front-end I want those http://localhost:300 addresses so live reloading occurs. On the back-end however, I don't want those paths ending up in the database or, worse yet, browsersync reloading my admin screens while I'm editing content. Typically I just open one tab on the front-end and one on the back-end using the respective domains, but I'd like to add an in-development link to the footer that says "edit page ID 123" and opens the current front-end page up on the back-end for editing; problem is, it opens the http://localhost:3000 version of the back-end and I need to manually update the URL every time (provided I remember to do so).
I think is it not possible at this moment to exclude some URLs. But have a look at the documentation : https://www.browsersync.io/docs/options

Load Drupal Site on Any URL

I'm setting up access to a Drupal 7 site. The site sits alone on a box that answers to a number of domains and that number is likely to grow. What I'd like to do is to tell Drupal to load the site regardless of which actual domain brought us to the box (the rest of the URL will always be the same, of course). Currently most of those domains send me to the install page.
The problem is the lack of a directory (symlink) in the sites/ directory.
I can probably rewrite requests coming through alternate domains in Nginx, but I'm wondering whether there's an application level answer. As it stands right now, accessing the box/site by any domain other than the canonical domain sends me to the install page.
Is there anything I can do?
It looks to me that you didn't configure your Drupal site as the "default" one.
The file "sites/default/settings.php" is loaded if no better (more specific to the current request) settings file can be found in the sites/folder... This is in fact a "wildcard" config, so the best solution would be to move the site files to the default folder. See the multi-site documentation for more details.
If you can't do that, then you can use sites.php for the rewriting, but you will need to update it to add any new URL you want to match. There's a little shortcut though: you can add a bunch of rewrites such as
$sites['com'] = 'default';
$sites['net'] = 'default';
$sites['org'] = 'default';
...
which will act as catch-all rewrites for sites ending in .com, .net, .org and so on, saving you a lot of (but not all) the manual rewrites.
Altering the conf_path() function should really be your last solution, since it will make updating Drupal a slower process (and if you forget to re-apply the changes after an update, your setup won't work any more).

Plone, behaviour of URLs

The situation is the following: I created a site with Plone, developed, used, but behind a test URL. Now it has to be published, but the test URL is not appropriate and I don't want to move the site. I think, if I use a redirect, it won't be appear in the URL-bar, only in the case of site start page. Am I wrong? (The test URL should not be used, because it will be a "semi-official" site.) What do you suggest to do?
As far as I can see Plone uses absolute URLs everywhere. I can add relative URLs, but if I create a new page, a new event, etc., then they have absolute URLs on other automatically generated inner pages. Is there any way to convert these URLs to relative paths? Is there any setting possibilty where only a checkbox changes this default setting?
Plone does not store your URLs in the database. It uses the inbound host header (and any virtual hosting configuration set up with rewrite rules in Apache or Nginx) to calculate the correct absolute URL when rendering the page.
In other words - as soon as you actually point the relevant domain name to the server with your Plone instance, it'll just work.
P.S.
You should put a bit more effort into asking your question. This is just a copy and paste of a half-finished email chain where you tried to get the answer from me in private. It's not very easy to understand what you're asking.
I think what you are looking for is url rewriting to handle virtual hosting. ie to get your site to appear as if it's the root url of a domain.
This is normally done via the webserver that normally sits in front of plone. For apache, here is a howto
http://plone.org/documentation/kb/plone-apache/virtualhost
for other servers
http://plone.org/documentation/manual/plone-community-developer-documentation/hosting
You can also achieve this directly in zope (via ZMI) using something called the Virtual Host
Monster. see http://docs.zope.org/zope2/zope2book/VirtualHosting.html
PS. I don't think your question is badly worded. Plone does serve pages with a "base" tag and what appears to be absolute urls. They aren't baked into the database but it's also not obvious that the solution to getting the url you want is the VHM url syntax and a proxying frontend webserver. There is a reason why it doesn't use relative urls... which I can't remember it was so long ago.

Adobe Flex, loading a remote swf

I have a flex app running on my server.
I have had a request from some clients to have the swf loaded on their server, so that their customers dont have to be transferred to my server to login; i.e. from the user's point of view it looks like they are logging in from theirsite.com instead of mysite.com
I tried something really simple, and that was to give them a html wrapper to host on their site. The only modification that I made was to change the "src" var to:
"src", "https://www.mysite.com/app/myapp.swf"
and
embed src="https://www.mysite.com/app/myapp.swf"
To my surprise, this worked perfectly. And best of all, the service calls still seem to come from mysite.com, so I dont have to bother with modifying the crossdomain.xml file.
All good it seems.
Are there any issues or downsides to the above that I should be aware of?
If you're doing an ExternalInterface calls to JavaScript in the enclosing page, this may cause a security error; since the SWF from your domain shouldn't be able to access HTML content served from your client's domain.
I expect that is a fringe case though. Aside from that, what you're doing is not much different than what YouTube does. I've done the same thing with The Flex Show player. I don't think you'll have any issues. And I do not believe that this approach makes your app any less (or less) secure.

ASP.Net reverse proxy, what to do with external resources?

I'm currently working on a concept for a reverse proxy to basically relay responses and requests between the user and an otherwise invisible website. So basically the user goes to a site, let's say www.myproxyportal.com, where it is possible to access a website (in an iframe) in the webserver's intranet which isn't made public (for example internal.myproxyportal.com).
I've been working on a solution where I translate request objects to the desired location and return that response to the website. Works great, except for stuff like CSS links, IMG's, etc. I can do the translation of course, but then the link would go to internal.myproxyportal.com/css/style.css and this will never work from the outside.
How to approach such a thing?
Are there any out of the box solutions maybe?
EDIT: I found this, which is very similar to what I have written so far, but it also lacks support for external images, css, javascript, etc.
You can change settings in IIS to route all requests through ASP.NET pipeline, not just .aspx pages. Then simply create an HttpHandler to handle those in your proxy.
By default, IIS doesn't run "static" content requests through ASP.NET engine.
Apache has a pretty slick reverse proxy built-in, I use it extensively.
See more here: http://www.apachetutor.org/admin/reverseproxies

Resources