As far as I can tell, the model for creating a Blazor client application is to have one project for the client and another for the server. The Microsoft template shows an async call to get data, but it's just a download of a static JSON file. Any real application would need to call an API.
So I have a separate API project for this. But that project has a different localhost endpoint for debugging, and this is causing a CORS nightmare for me. My call from client to server isn't really cross-site, except for this debugging problem, so I don't want to do a ton of work figuring out CORS.
How can I get the Blazor client and web api server to run off the same localhost (or alias) domain, so that the client can make same site requests?
Yes.
When you create a new Blazor Web Assembly app there is a tick box for hosting it in ASP.NET.
If you tick that checkbox then you'll get a server that both serves the client page (via _Host.cshtml) and also responds to web api calls.
Related
How can I deploy a js web application that uses an API.
I have hosted it on netlify but it doesn't fetch the data.
Everything works fine on localhost.
Link: hiuhu-theatre.netlify.app
In firefox you can see the request the function getMovies made was blocked, the console shows the reason, it links to this URL.
Basically you're trying to use http protocol for that request when you're over https in your website.
To fix that simply change your "http://www.omdbapi.com/” to start with "https://" instead.
Also, if you can, do not add API key to client side code, if you do so anyone can steal it and use it themselves (and that might make you pay more for the service or reach the limit you have really quick), instead do a request to your back-end server so it fetches the data while hiding the API key.
It works in local because you're using http in local aswell.
I've overrided the getMovies function in my browser to use https and it worked nicely
I am using NGINX as my web server for html/js/css files and my web app UI. It is a single page app that uses AJAX requests to a back end JEtty server. Previously I deployed everything in Jetty and ajax calls worked fine. In separating the back end from the web UI tier, I am now trying to figure out how to configure NGINX to allow AJAX requests to pass through to Jetty. But, I ALSO want to prevent someone from watching network traffic and seeing the ajax calls my app makes, then scripting those themselves. To do this, I believe if I can configure nginx to ADD a custom header to the requests as they pass through (is this even possible?) I could then only accept requests with those headers at my Jetty API level.
If that is possible, is it the right way to handle this so that outsiders can't get in to my back end API? Is there a way they could figure out that my nginx server is adding a header short of breaking in to my server and figuring out the configuration?
If your application calls your api via Ajax on the client there's nothing you can do to stop someone from calling it directly (assuming they otherwise have access to the page). At the end of the day, an Ajax request is just a request made from the client in JS. Now, there are lots of stupid ways to make it more difficult, but, if anyone really wants to call your api directly, they can.
If you're just talking about only allowing access through nginx (or specifically your /api location block), just bind jetty to localhost only.
I have a VS 2012 solution with a web api server project and a javascript-html client project. I can test my web api with Fiddler. I can test from another test project using HttpClient, but because I have the server and the client running on separate ports in IIS Express, I have some kind of CORS issue because when I try to make an ajax call from the client I get a 405 method not allowed error.
I have added the suggested custom header entries to my web.config and applicationhost.config files that should allow cross origin access.
There must be some simple solution to this that everyone uses, but it seems to escape me.
I found the answer here. I had to add the nuget package for system.web.http.cors and the web api took care of everything. Didn't need to touch my client side javascript.
I'm using WebBrowser control functionality to implement web browser capabilities in my project. Is there a way that when my browser (which I have developed by using WebBrowser control) sends a request to a server (lets say to download a file), instead of the browser handling the response, I would be able to handle it myself in my project?
Thanks in advance.
I am developing java web services (JAX-WS) to insert data into mysql DB and retrieve it. This web service has two methods i.e. fetchFromDB and insertIntoDB. Services seems to be running fine when I test them using netbeans IDE.
Address: /CalculatorWSService
WSDL: /CalculatorWSService?wsdl
but when I try to access it using AJAX's xmlHttpRequest object by providing url http://localhost:8080/CalculatorApp/CalculatorWSService. It is not able to access it. I have developed C# web services and It has been so easy to access them with a url but java web services don't seem to follow that.
My question is
What url to use to access the web service operations in AJAX? (Do I need to use '?wsdl' in the url?
Is there a javascript ajax library to easily access JAX-WS web services?
Apache Axis web services are a better choice over JAX-WS?
Please help me, Thanks, Jay
I was having the same problem of yours, couldn't invoke a Jax-ws web service from Javascript, but i've found a way to do this.
The Url to use can be your same (EndPointAddress) "http://localhost:8080/CalculatorApp/CalculatorWSService"
but when you create the XMLHttpRequest object from javascript you have to:
* Use the POST method to open the URL , i tried with GET but it didn't work for me.
* Set the SOAPAction Request Header to the one in your wsdl, even if its empty "".
* Be very careful with the request body to send, the soap Envelope must be correct.
hope this can help you!.
Bye.
Paul Manjarres.
From the client's perspective, I wasn't expecting significant differences between Axis and JAX-WS. Everything the client needs should be in the WSDL.
One thing that sometimes happens is that the URL used when developing a WebService references the develpoment host and port (and maybe even the ContextRoot) When deployed to a particular server any of those could be changed. Ideally a new WSDL could be created with new "binding" information.
My first step would be to point a browser directly at the Web Service you want to invoke. In my environments that returns a nice "Hi this is a Web Service" kind of message. If you get 401 not found errors then you just need to study exactly how the web service was deployed. Was a different port or context root specified?