Firstly, I have to admit I am new to Magento and PHP. I am writing the configuration for my custom module. I would like to allow entry of some information, then send that information to a servlet on my web server where it is processed and a response returned and displayed in the configuration gui in a read-only field.
I am getting my guidance from various web articles and by looking at other modules' code. A module that does something similar is the PayPal module. However, it brings up a new browser window where the user logs in and enters their details. I just want to send the data gathered and wait for the response.
In my system.xml file I specify a frontend_model. In that frontend_model, the _prepareLayout method sets the template to my template, and in that template I have an HTML button. I added an onClick event handler to that button which makes an AJAX call to my web site. Unsurprisingly (because of the same origin policy I assume) the AJAX call fails with a code of 0.
I guess what I should be doing is when the user clicks the button, the request including the data they have entered in the other fields, is sent to the Magento server, and the AJAX call to my web site is made from there? Or perhaps my approach is completely wrong and there is a more appropriate way to achieve this?
Thank you.
You're right about the same origin policy. The best approach here would be to have the button trigger an ajax call to a local magento based controller, which itself uses curl or some other http request library to forward on a request to your remote servlet and process the feedback.
Try searching here "JSONP" or google the same thing. Dependent of javascript library you are using there are pre-made components/plugins to achieve what you are after.
Related
I have been trying this for quite some time and with no avail. Would someone point me to the right direction.
I have a simple suitelet
the suitelet dumps a html in the response by reading a file
The html has a button. On ajax call of that button, a restlet gets called and a request is sent.
This is working great with Login and internal calls. However, I want the suitelet to be available without login and also the restlet.
When I do that, I get CORS error and using jsonp when I relsolve that, I get 401 Unauthorized
Tried Outh and NLAuth, no avail.
Will really appreciate any help or pointers.
If the info isn't sensitive you can call the suitelet from the domain of your website. If you have enabled https on the site then that'll just work
e.g. https://forms.na3.netsuite.com/app/site... becomes http://example.com/app/site...
If you are using SCA then you can also just do this by calling a .ss service function. The nice thing about that is that you can set the role on the .ss file and have better control of your resources without just making the customer center role capable of seeing everything. Same issue with https though.
If the info is sensitive you can get around the issue on most browsers by embedding an iframe at the https:// forms etc and using the onMessage operation to transfer info from the non-secure to the secure. (see https://developer.mozilla.org/en-US/docs/Web/API/Window/postMessage)
It's certainly possible to call a RESTlet from a Suitelet but it sounds like your issue is more how to call the Suitelet securely.
To keep it simple I have a feedback form on my website. Whether or not the following is best practice is moot as I'm interested in the way this works. The customer can fill out their name, email address and reason for feedback on the form. This is then posted via AJAX to a server side function called SendFeedback. I am using .NET MVC4 and the SendFeedback method simply returns a true or false string. However I was testing out sending scripts through it to check out the security of the form and noticed that when I attempted to send through HTML tags or javascript that the SendFeedback method wasn't being invoked at all and instead my custom error page was being sent back to the client side AJAX response (if I sent though standard text, the SendFeedback method was being invoked as expected). Where is the first place that AJAX data is sent before it is passed into the server side method I am calling from the client? Is there any way to set a breakpoint here so I can examine what is going on?
This is part of an ASP.NET feature called request validaiton which is turned on by default. And which executes in ASP.NET handler before your code. If you desire, this feature can be turned off in web.config, but I would strongly advise against it.
More information on request validation can be found in MSDN.
I have an ASP.NET MVC4 sub web application added in to an existing ASP.NET WebForm web site. the whole website is using forms authentication.
In my MVC4 client side, I use Backbone.js for building the application, and the client application is most likely a SPA.
Everything works fine, but after session timeout my application does not redirect to log-in page.
I tried the error callback on Collection.fetch method, it was triggered (which is good) when trying to fetch after session time out.
However, the response status code is 200 (OK) with response content is the log-in page content.
So, my question is, in error handler how do I know whether the callback is triggered by session timeout or any other unexpected error?
If determined, how should I do to let Backbone redirect page to log-in page while referring current page?
Here is something what Phil Haack had blogged about
Exceprts from the post :
Possible Solutions
I’m going to cover a few possible solutions I’ve seen around the web and then present the one that I prefer. It’s not that these other solutions are wrong, but they are only correct in some cases.
Remove Forms Authentication
If you don’t need FormsAuth, one simple solution is to remove the forms authentication module as this post suggests. This is a great solution if you’re sole purpose is to use ASP.NET to host a Web API service and you don’t need forms authentication. But it’s not a great solution if your app is both a web application and a web service.
Register an HttpModule to convert Redirects to 401
This blog post suggests registering an HTTP Module that converts any 302 request to a 401. There are two problems with this approach. The first is that it breaks the case where the redirect is legitimate and not the result of FormsAuth. The second is that it requires manual configuration of an HttpModule.
Install-Package MembershipService.Mvc
My colleague, Steve Sanderson, has an even better approach with his MembershipService.Mvc and MembershipService.WebForms NuGet packages. These packages expose ASP.NET Membership as a service that you can call from multiple devices.
Some more info from comment of this blog
We had the same problem. But what we did, was to hook to AuthenticateRequest (just like you did) and we also checked the request to see if it's ajax or not (again, just like what you did). But at this point, we simply returned a JSON like {location: 'http://www.domain.com/path-to-login-page'} and we simply ended response in that method with HTTP code 200. This way, jQuery still gets a JSON result. But if the result has a "location" property, we simply do a client-side redirect to login page. That's our way and it works like a charm.
i have the following problem:
i need to send some custom info with every request made by a WebBrowser control. For example one of the infos is the used app version.
Now i have already read here that it is impossible to set custom headers for a WebBrowser control.
I have already tried to intercept all requests and perform them on my own with a WebClient (or HttpWebRequest). It partially works but is very buggy and often throws errors.
Any other ideas how to send the custom infos with every request that is made by the WebBrowser control?
Is the web server you are interacting with your own? Could you just add a query string parameter for all the data you want? Something like
http://yourwebsite/YourPage.aspx?version=2
Then you'd be able to process it on the server, either during that request in the aspx page, or via the logfiles for the web server.
I suspect that as you can't modify the content that gets sent directly from the WebBrowser and that intercepting every call and acting as a proxy for every request, while still maintaining all browser functionality may be too cumbersome.
Instead I'd suggest sending an additional request with just the additional information you want to record every time you make a request.
That could lead to a lot of overhead so it might be easier to send this once and then pass a hash of it, or some other identifying key to the webpage (as a querystring parameter) on the first request so it can reconcile the 2 pieces of information. Assuming that you are in control of the web server you could then have the web server set that hash/key as a cookie so it would be passed again with subsequent request from the control.
Im using jQuery validate plugin and every form has multiple validation levels.
level is by validate plugin
level is:
data is submitted to site
I get a reply
if everything is ok -> JS redirects to url
if there is an error, it shows warnings
Now I wonder, is it safe to send login info via ajax? I know that with addons like firebug, I am also able to get all POST parameters with normal submit. But can somebody else interfere with ajax login request and steal precious data?
is it safe to send login info via ajax
You do use HTTPS, do you? If you do it's as safe as form submit.
Are you issuing requests over HTTPS?
If you mean someone else on the network, then see the earlier comments about HTTPs.
If you mean "can someone inject something into a page and steal the data", the answer is yes. As you've observed, the user can install plugins which could do this; it's also possible that your page could be inadvertently be the target of injection via cross-site scripting or some other flaw.