I would like to have (use) in my Yii2 application:
a standard, SEO-like URLs, with .html at the end (thus 'suffix' => '.html') and
API request (basing on very simple code) without this suffix.
So, to make my application being able to serve both http://127.0.0.1/app/site/index.html-like URLs and http://127.0.0.1/uslabs/web/user/2-like API calls.
It this possible? If so, how should I configure urlManager component for this?
I went through "Quick Start" chapter in "RESTful Web Service" section, but it bring no help. They don't use suffixes in examples given there. I'm stuck with the choice of either one or other scheme.
Yii has a REST url router that you can use to associate with certain controllers, like this;
'urlManager' => [
'enablePrettyUrl' => true,
'enableStrictParsing' => true,
'showScriptName' => false,
'suffix' => 'html',
'rules' => [
['class' => 'yii\rest\UrlRule',
'controller' => 'api',
'suffix' => NULL],
],
]
See the documentation for more details
According to this Yii Forum post, what I'm trying to do is possible, but tricky and not encouraged.
API calls should be handled by a separate application. At the end of "Quick Start" part for API-like apps in Yii2 guide there's a suggestion:
While not required, it is recommended that you develop your RESTful APIs as a separate application, different from your Web front end and back end for easier maintenance.
Related
I have a webview application. I wrote the project in Laravel. I want to use push notifications. But how can I get device tokens? where can I find it?
$push->setMessage([
'notification' => [
'title'=>'This is the title',
'body'=>'This is the message',
'sound' => 'default'
],
'data' => [
'extraPayLoad1' => 'value1',
'extraPayLoad2' => 'value2'
]
]);
$push->setApiKey('Server-API-Key');
$push->setDevicesToken(['deviceToken1'
,'deviceToken2',
'deviceToken3'
]);
what is deviceToken1 2 3?
I created a project in Firebase. I can get the API. But how can I find and save devices' tokens? I cannot send a notification to the screen.
So basically, you should use Firebase SDK in your front-end to get the device ID/token, then send it to your server/Laravel (save it in your DB for later use).
There are different ways to get the device ID based on what front-end you're using, you can refer to these documentations:
Android
IOS
Web
Others (C++, Unity, etc.)
When i update data from ckeditor and it didn't save to database properly it saves only text but table div and inline style didn't save after I apply sneek/laravel-xss-middleware.
What xss middleware that not affect to text editor?
I tried others but it can't prevent xss.
Can anyone recommend ?
I use nessus to scan web for security after i use htmlpurifier it still show:
CGI Generic HTML Injections (quick test)
Synopsis
The remote web server may be prone to HTML injections.
Description
The remote web server hosts CGI scripts that fail to adequately sanitize request strings with malicious JavaScript. By leveraging this issue, an attacker may be able to cause arbitrary HTML to be executed in a user's browser within the security context of the affected site.
The remote web server may be vulnerable to IFRAME injections or cross-site scripting attacks :
IFRAME injections allow 'virtual defacement' that might scare or anger gullible users. Such injections are sometimes implemented for 'phishing' attacks.
XSS are extensively tested by four other scripts.
Some applications (e.g. web forums) authorize a subset of HTML without any ill effect. In this case, ignore this warning.
I often use HTMLPurifier
Complete the following steps
1.install
composer require "mews/purifier:~2.0"
2.setting
php artisan vendor:publish --provider="Mews\Purifier\PurifierServiceProvider"
config/purifier.php
<?php
return [
'encoding' => 'UTF-8',
'finalize' => true,
'cachePath' => storage_path('app/purifier'),
'cacheFileMode' => 0755,
'settings' => [
'body' => [
'HTML.Doctype' => 'XHTML 1.0 Transitional',
'HTML.Allowed' => 'div,b,strong,i,em,a[href|title],ul,ol,ol[start],li,p[style],br,span[style],img[width|height|alt|src],*[style|class],pre,hr,code,h2,h3,h4,h5,h6,blockquote,del,table,thead,tbody,tr,th,td',
'CSS.AllowedProperties' => 'font,font-size,font-weight,font-style,margin,width,height,font-family,text-decoration,padding-left,color,background-color,text-align',
'AutoFormat.AutoParagraph' => true,
'AutoFormat.RemoveEmpty' => true,
],
],
];
use
$article->body = clean($article->body, 'body');
Hope useful to you!
I'm working on a site and I need to customize site URL in such a manner that it will work like <username>/<controller>/<action> after login the user.
I have tried it with followings rules in Yii 2.0 configuration file:-
'rules' => [
'<username>/<controller:(site|comment)>/<id:\d+>/<action:(index|home|update|delete)>' => '<controller>/<action>',
],
But it shows me #404 error. Any Helps?
Everything in my Magento store is working ok, except for a route I created that calls the API:
$proxy = new SoapClient('SOAPCLIENTURL');
$sessionId = $proxy->login('USERNAME', 'PASSWORD');
$proxy->customerCustomerCreate($sessionId, array(
'email' => $email,
'firstname' => '',
'lastname' => '',
'password' => $password,
'website_id' => 7,
'store_id' => 7
));
When I comment out these lines, the route works fine. Any ideas why this 503s the page and how to fix it?
The code block that's causing your problem is a request to an external API that could fail for numerous reasons. The way you'd fix this is to monitor your server and Magento error and exception logs for errors, take a look at the error, and then fix the problem (or post the specific error to a site like this and ask for help).
You could also try running the above code snippet outside of a Magento context (in a stand along script) and see what sort of error you get.
If errors aren't showing up then you need to research how to setup your system for proper error handling.
Also, if you're setting up a Magento route and making an API call into the same system, there's no reason to use the SOAP or XML-RPC layer. Each Magento API section has a corresponding PHP object that contains all the logic. The above method is equivalent to
Mage::getModel('customer/customer_api_v2')->create(array(...));
With the real PHP class being at
app/code/core/Mage/Customer/Model/Customer/Api/V2.php
and the create method defined at
app/code/core/Mage/Customer/Model/Customer/Api.php
I'm trying to get mailchimp integrated with my ruby-on-rails app using the Gibbon gem.
I've successfully accessed the API. I tested it by getting a list of all my mailchimp lists. However, I'm running into problems with the listsubscribe method. I'm not getting any errors, it just isn't working at all.
I have the following code in the controller for the page where users sign up, after the user is made and their information can be accessed.
gb=Gibbon::API.new
gb.listSubscribe({:id => "the-id-for-list", :email_address => user.email, :update_existing => false, :double_optin => false, :send_welcome => true, :merge_vars => {'FNAME' => user.first_name, 'LNAME' => user.last_name, 'MERGE3' => user.subscription, 'MERGE4' => DateTime.now}})
It does nothing. I've tried playing around with the parameter phrasing (à la this post:How do you use the Gibbon Gem to automatically add subscribers to specific interest groups in MailChimp?) I've tried structuring it more like in this tutorial: http://www.leorodriguez.me/2011/08/subscribe-member-into-mailchimp-using.html
I have no idea what's going wrong. As I said before, other API calls are going through to MailChimp. Do you have any suggestions? Thank you in advance.
It turns out I had the code in the wrong place. I was not putting it where users were actually being created, but in the code to generate the view to ask users to sign up. Once I moved it to where the user was actually created, it worked fine.