How exactly Angular flows between Client and Server? - angular-ui-router

I was exploring about Angular 8 Recently and I am new to this technology. Here is what I understood..
You build your spring rest API project, and deploy that .war file on the web server (Like tomcat)
You build your Angular client application
.ts files will be translated to equivalent .js files
The build process create a 'dist' folder. The dist folder will have .js and .html files with angular tags and directives.
You deploy dist folder on a server where node.js is installed
You go to browser and ask for index.html file
Server sends all the files in the 'dist' folder to the client, up on initial request. We now have entire client app in the browser
For all the subsequent requests, the client app will make a webservcie call to spring app through Ajax requests
Javascript will use DOM to update the part of the page with new data.
For all this to work, browser must support angular directives and must also know how to render custom components
Please help me understand!

Via HttpCLient
Most front-end applications communicate with backend services over the
HTTP protocol. Modern browsers support two different APIs for making
HTTP requests: the XMLHttpRequest interface and the fetch() API.
The HttpClient in #angular/common/http offers a simplified client HTTP
API for Angular applications that rests on the XMLHttpRequest interface exposed by browsers.
In the example below, we are creating a post call, params for this post are the posted object, the url, and httpOptions(Headers, httpParms etc ...)
addHero (hero: Hero): Observable<Hero> {
return this.http.post<Hero>(this.heroesUrl, hero, httpOptions)
.pipe(
catchError(this.handleError('addHero', hero))
);
}
addHero (hero: Hero): Observable<Hero> {
return this.http.post<Hero>(this.heroesUrl, hero, httpOptions)
.pipe(
catchError(this.handleError('addHero', hero))
);
}
Just like when you post from Postman, you should configure your call with the right parameters.
You call should be in a Service that will be injected in application, module, or component.

Related

How to deploy a js web app that fetches data from an api

How can I deploy a js web application that uses an API.
I have hosted it on netlify but it doesn't fetch the data.
Everything works fine on localhost.
Link: hiuhu-theatre.netlify.app
In firefox you can see the request the function getMovies made was blocked, the console shows the reason, it links to this URL.
Basically you're trying to use http protocol for that request when you're over https in your website.
To fix that simply change your "http://www.omdbapi.com/” to start with "https://" instead.
Also, if you can, do not add API key to client side code, if you do so anyone can steal it and use it themselves (and that might make you pay more for the service or reach the limit you have really quick), instead do a request to your back-end server so it fetches the data while hiding the API key.
It works in local because you're using http in local aswell.
I've overrided the getMovies function in my browser to use https and it worked nicely

Can a Blazor API project share the same localhost endpoint with the client?

As far as I can tell, the model for creating a Blazor client application is to have one project for the client and another for the server. The Microsoft template shows an async call to get data, but it's just a download of a static JSON file. Any real application would need to call an API.
So I have a separate API project for this. But that project has a different localhost endpoint for debugging, and this is causing a CORS nightmare for me. My call from client to server isn't really cross-site, except for this debugging problem, so I don't want to do a ton of work figuring out CORS.
How can I get the Blazor client and web api server to run off the same localhost (or alias) domain, so that the client can make same site requests?
Yes.
When you create a new Blazor Web Assembly app there is a tick box for hosting it in ASP.NET.
If you tick that checkbox then you'll get a server that both serves the client page (via _Host.cshtml) and also responds to web api calls.

Is it necessary for Server to allow/configure CORS

I am trying to perform an AJAX request from my site which is deployed on 'HTTPS' protocol. but the request I am making to is deployed on 'HTTP' protocol.
So I am getting the following error:
This request has been blocked; the content must be served over
HTTPS
My Request is as follows:
$.ajax({
url: "http://testsite/service/process.php",
type: "POST",
data: { service: '#service', id: '#id' }
});
Is there any way/trick to bypass this error/issue without changing
anything at ServerSide (http://testsite/) or Is it necessary to
ENABLE/CONFIGURE C.O.R.S on Server Side because I have no controll over Server Side.
Alternatives to CORS
If your web application must run in browsers that do not support CORS or interact with servers that are not CORS-enabled, there are several alternatives to CORS that have been utilized to solve the cross-origin communication restriction.
JSONP. This is a technique that exploits the HTML script element exception to the same-origin security policy. Script tags can load JavaScript from a different domain and query parameters can be added to the script URI to pass information to the server hosting the script about the resources that you wish to access. The JSONP server will return JavaScript that is evaluated in the browser that calls an agreed upon JavaScript function already on the page to pass server resource data into your page.
OpenAjax Hub. This is an JavaScript Ajax library that allows integration of multiple client-side components within a single web application. Trusted and untrusted components to co-exist within the same page and communicate with each other as long as they all include the OpenAjax Hub JavaScript library. The framework provides a security manager to allow the application to set security policies on component messaging. Iframes are used to isolate components into secure sandboxes.
easyXDM. This is a JavaScript library that allows for string-based cross domain communication via iframes. It works on the same principals as OpenAjax Hub but does not have the security manager component.
Proxied Iframe. This do-it-yourself technique involves including an iframe on your page from the domain you wish to communicate with. This assumes that you are able to host pages on this other domain. The JavaScript running in the iframe serves as a rest proxy to the server containing the resources you wish to access. Communication between your application and the rest proxy will take place using post message. Post message is part of the HTML5 standard, but there is also a jQuery implementation for non HTML5-compliant browsers.

Can nginx be configured to allow a path like /api to pass through, and add a header to the request

I am using NGINX as my web server for html/js/css files and my web app UI. It is a single page app that uses AJAX requests to a back end JEtty server. Previously I deployed everything in Jetty and ajax calls worked fine. In separating the back end from the web UI tier, I am now trying to figure out how to configure NGINX to allow AJAX requests to pass through to Jetty. But, I ALSO want to prevent someone from watching network traffic and seeing the ajax calls my app makes, then scripting those themselves. To do this, I believe if I can configure nginx to ADD a custom header to the requests as they pass through (is this even possible?) I could then only accept requests with those headers at my Jetty API level.
If that is possible, is it the right way to handle this so that outsiders can't get in to my back end API? Is there a way they could figure out that my nginx server is adding a header short of breaking in to my server and figuring out the configuration?
If your application calls your api via Ajax on the client there's nothing you can do to stop someone from calling it directly (assuming they otherwise have access to the page). At the end of the day, an Ajax request is just a request made from the client in JS. Now, there are lots of stupid ways to make it more difficult, but, if anyone really wants to call your api directly, they can.
If you're just talking about only allowing access through nginx (or specifically your /api location block), just bind jetty to localhost only.

How easy to call external Web APIs in Meteor?

Does (or will) Meteor provide a library to handle external Web API calls? E.g. to build a Meteor app that integrates with Facebook Graph API or Google Spreadsheet API.
Meteor now includes the http package. First, run meteor add http. Then you can make HTTP requests on the server in either sync or async style:
// server sync
res = Meteor.http.get(SOME_URL);
console.log(res.statusCode, res.data);
// server async
Meteor.http.get(SOME_URL, function (err, res) {
console.log(res.statusCode, res.data);
});
Same thing works on the client, but you have to use the async form.
if (Meteor.is_server) {
var http = __meteor_bootstrap__.require("http")
// talk to external HTTP API like you would in node.js
}
HTTP
HTTP provides an HTTP request API on the client and server. To use these functions, add the HTTP package to your project with $ meteor add http.

Resources