I have a react / redux app that have a lot of ajax calls to an endpoint.
The endpoint url is written to a config.json file;
{endpoint: 'apiEndpoint.url'}
How should I get this URL from that file and where should I store it?
I have a lot of actions that uses fetch to get the data.
the endpoint url is written to the config file during release, so I can't access it before. It has to be on "runtime".
Related
First of all I've seen Accessing image url in Strapi and Strapi v4 REST API :GET image and Media field is not showing up in api response of strapi v4 which all tell to add ?populate=* to the request. I am already doing that.
I'm calling my API endpoint http://my-url/api/my-type?populate=* and everything is returned, including everything else but the image URL. I can also confirm that populate=* is working as if I remove it I also stop getting many fields too.
In content manager, I can see the file is uploaded, and is accesible through the obtained URL by tapping "copy link", so the file is there too.
How can I get the image URL in Strapi API request? I'm on Strapi v4.1.8.
Let's say when you send a request to this url: ...?query=something&filter=another_thing, I am returning a web page with model attribute let's say model.addAttribute('result', resultList) then just for loop the result and print the values. (Template resolver could be jsp or thymeleaf, but there is no option to load resultList without model fashion - I mean there is no ajax request - )
What I want to do:
before loading the result (or loading the page), I just want to load google recaptcha.js first and
recaptcha will return a token,
then I will send token to the backend via ajax request.
After all if request is not bot, I will print the resultList
Is this requirement possible to implement inside the Spring boot application itself?
NOTE: I could not find anyway to do this. I just though that I could intercept the original get url then redirect to the another page, and this page will load recaptcha and send the token to my backend. If it is not bot then redirect to the original get url. However I do not know how to preserve original request
You're framing it slightly wrong, which may make all the difference.
When making a request, you want to make sure that request is authorized, before you handle
it.
That is where a recaptcha comes in.
To prevent unauthorized access, look into spring-security and recaptcha for that.
Once sufficient authentication has been achieved, your request will then enter your controller, and you can serve the page.
(of course, you could look into it doing it dynamically, but that will be a bit harder)
I am trying to handle file uploads for a web app through cloud code.I am facing the following issues
We cant add third party middle ware such as busboy to parse
Express' built in function such as req.files doesn't seem to work with the body parser parse.com provides.
I don't want to expose my app key in the client code.
I wanted to know if there is any other way to handle this.
Parse Cloud is not a Node environment so it is not a surprise that it does not support nmp modules.
The middleware Parse provides for express.js does not support file uploads. Instead you need to send the file contents as base64 to your endpoint and create the Parse.File object from this data. more info here
Your app and client keys(except for master key) are PUBLIC INFORMATION and NOT secrets. This is clearly mentioned in the documentation by Parse and you cannot hide them at all. Use CLPs, ACLs and Cloud code to protect your data from unauthorised access.
I am about to start working on a project, which is basically a web interface for a mobile banking application. The API is ready, I only need to provide the frontend part of the web application. I was going to make it using Backbone/Angular/Ember, but started to worry about the security.
Particularly, the following. As a rule, every API request must contain a parameter method_code, which is calculated as hash of user token, method name and secret API key. If I put the logic of how this param is calculated into one of .js files, anyone could potentially access some sensitive data using tools like Postman or even browser console. How should I go about this issue? I could have a server-side script generating the method_code for me, but is it possible to make it accessible only to my web app's requests?
every API request must contain a parameter method_code, which is calculated as hash of user token, method name and secret API key
I could have a server-side script generating the method_code for me, but is it possible to make it accessible only to my web app's requests?
Yes, the server-side script would be the way to go if you do not want to expose the secret API key within your client side code or request data.
User token can (presumably) come from the user's session cookie value? So simply have a server side method that takes the method name and then returns the method_code calculated from the secret API key (kept server side only) and the user token.
The Same Origin Policy will prevent another domain making a request to your API and retreiving the method_code. I'm also assuming the API and front-end code runs on the same domain here, although if this is not the case you can use CORS to allow your front-end code to read and retreive data client-side via the API.
You can try to generate a token based on security factors and encrypt that and use it in your requests to identify your clients and valid requests.
I am implementing an AngularJS app with a REST backend (using Spring Boot).
I can currently download a file like this:
<td><a href="/api/datasheets/{{datasheet.id}}/documents/{{document.id}}/download" download>Download</a></td>
Now, I am adding security (using Spring Security) to my application and this now no longer works. The authentication of the AJAX calls works by adding x-auth-token in the HTTP header for each request.
But a simple href does not have the x-auth-token in the header ofcourse. I tried using $http.get() on an ng-click, but that cannot not work.
Is there a simple alternative?
I had similar problem while implementing file downloads in angular. In my case, I was not able to handle blob in safari. What I did was: create a handler which returns a download token valid for say 5 second. Only authenticated user can get this token. Once you have the token, call a different handler which returns the file after validating the token and this handler is publicly accessible. So you don't need to send authentication header while downloading file.
I used itsdangerous library to implement timstamped token.