Search Results

Search found 14226 results on 570 pages for 'feature requests'.

Page 326/570 | < Previous Page | 322 323 324 325 326 327 328 329 330 331 332 333 | Next Page >

PHP cors validation

- by Brian Putt

I have an endpoint that takes GET requests to collect data from any source that wants to send data. Is there a way to run some validation that the data is in fact coming from the sources we allowed? They enter the website url that they will be sending the data from and we generate an api key. The data is sent via a javascript file that they install onto their website. I have the Access-Control-Allow-Origin set to * as it doesn't necessarily scale to add in hundreds or more websites to that header and that in itself is a security risk as it shows anyone who wants to look at the headers who uses the script. Currently I am thinking of using the http_origin / origin referrer, but obviously that doesn't do too much

Read the article
Image expire time

- by Jens

The google page speed tool recommends me to set 'Expires' headers for images etc. But what is the most efficient way to set an Expires header for an image? In now redirect all image requests to an imagehandler.php using htaccess: /* HTTP/1.1 404 Not Found, HTTP/1.1 400 Bad Request and content type detection stuff ... */ header( "Content-Type: " . $content_type ); header( "Cache-Control: public" ); header( "Last-Modified: ".gmdate("D, d M Y H:i:s", filemtime($path))." GMT"); header( "Expires: ". date("r",time() + (60*60*24*30))); readfile( $path ); But of course this adds extra loading time for my images on first request, and I was wondering if there was a better solution for this.

Read the article
3 step validation with dataannotations

- by molgan

Hello I'm trying to build a "wizard-like" app that has 3 pages. First one you fill in some requests, then you select time and date, and last step is to fill in your name and address etc. How should the validation be taken care of, since I also need to validate all "3 steps" when pressing submit on the last step. Do I need to have 4 viewmodels there? like step1model, step2model...... and then validateallmodel? And must I use some session-like in between since it "redirect's" to next step if successful? /M

Read the article
Android DownloadManager - few questions

- by ChrisR

I have a few questions about the Android browser download manager . Does it support multiple downloads at the same time? From the code it looks like it does. What's advantage of using HTTPRequest over URL/URLConnection to download files? 3.The download manager opens and closes connection for each download. Is it the right thing to do? Or is it better to use the same connection for for all the download requests(by changing the required parameters) and then clse the connection?

Read the article
How to implement CSRF protection in Ajax calls using express.js (looking for complete example)?

- by Benjen

I am trying to implement CSRF protection in an app built using node.js using the express.js framework. The app makes abundant use of Ajax post calls to the server. I understand that the connect framework provides CSRF middleware, but I am not sure how to implement it in the scope of client-side Ajax post requests. There are bits and pieces about this in other Questions posted here in stackoverflow, but I have yet to find a reasonably complete example of how to implement it from both the client and server sides. Does anyone have a working example they care to share?

Read the article
Updating a module level shared dictionary

- by Vishal

Hi, A module level dictionary 'd' and is accessed by different threads/requests in a django web application. I need to update 'd' every minute with a new data and the process takes about 5 seconds. What could be best solution where I want the users to get either the old value or the new value of d and nothing in between. I can think of a solution where a temp dictionary is constructed with a new data and assigned to 'd' but not sure how this works! Appreciate your ideas. Thanks

Read the article
Jquery JSON .each() doesnt work in Google Chrome

- by Sheriffen

I have a really simple chat application on a site which works pretty good. It requests by ajax like this: $.ajax({ url: "fetch/"+CHAT_SESSION_ID+"/"+LAST_MESSAGE_ID, dataType: "json", cache: false, success: function(data) { if (data.session_active == 0) { //If other chatter ended session alert("Session Ended"); } else { $.each(data.messages, function(i,msg){ alert(msg.message.Body); )}; } } }); and gets a json response that lookes like this: { "session_active": "1", "messages": [ {"message": {"MsgID": "100", "UserID": "1", "Body": "heyy"}}, ]} It works really well in at least FF and Saf but in Chrome it never gets past the .each! This is driving me nuts, have tried everything I've come across online for days but I can't seem to get it right. Please someone help! I can provide testserver if someone wants to firebug it themselves ;)

Read the article
RewriteCond simply doesn't work, doesn't check properly if file exists

- by ultranol

Hey everybody. I've been trying to solve this for hours now but came up with nothing. Inside .htaccess, whenever somebody requests an image from a folder of my website, I'm trying to check if a file with the same name exists in another folder; if it does, return that file; if it doesn't, return the file originally requested. It seems so easy but it simply doesn't work. The .htaccess code is as follows: RewriteEngine On RewriteCond /images/blog/watermark/$1 -f RewriteRule ^(.*) /images/blog/watermark/$1 The "RewriteCond" always returns negative, so the image requested is always loaded as is. If I change it to, like, RewriteCond %{REQUEST_FILENAME} -f it always returns positive, so it gets the image from the folder I want - except when the image's not there, generating an error, which is exactly what I'm trying to prevent. What am I doing wrong? Thanks.

Read the article
php most memory efficient way to return files

- by bumperbox

so i have a bunch of files, some can be up to 30-40mb and i want to use php to handle security of the files, so i can control who has access to them that means i have a script sort of like this rough example $has_permission = check_database_for_permission($user, filename); if ($has_permission) { header('Content-Type: image/jpeg'); readfile ($filename); exit; } else { // return 401 error } i would hate for every request to load the full file into memory, as it would soon chew up all the memory on my server with a few simultaneous requests so a couple of questions is readfile the most memory efficient way of doing this? is there some better method of achieving the same outcome, that i am overlooking? server: apache/php5 thanks

Read the article
Decoding international chars in AppEngine

- by Irro

I'm making a small project in Google AppEngine but I'm having problems with international chars. My program takes data from the user through the url "page.html?data1&data2..." and stores it for displaying later. But when the user are using some international characters like åäö it gets coded as %F4, %F5 and %F6. I assume it is because only the first 128(?) chars in ASCII table are allowed in http-requests. Is there anyone who has a good solution for this? Any simple way to decode the text? And is it better to decode it before I store the data or should I decode it when displaying it to the user.

Read the article
Offline navigation software for Android - what is out there?

- by Ted

Im looking for navigation software for the Android platform and I have a few requirements: Offline maps. The maps should be stored on the device/memory card so no Internet-connection is required There should be some way to interact with the application "through code"; sending route requests, getting current location perhaps, bringing app to foreground/background, etc. An API so it can be controlled from another application. No monthly fees The only one I found so far to match the above is Sygic Navigation. However, I havent yet been able to communication with the app even though they say that it can be done. Still investigating that...

Read the article
Django: do I need to do HttpResponseRedirect to render a simple string after a POST?

- by AP257

I've got a mobile app that makes POST requests to a Django site. I want to return a simple string (not a template-based page) after the app makes the POST request, saying 'Success' or 'Failure' as appropriate. However I know that after a POST request in Django you're supposed to do a HttpResponseRedirect. But, do I really need to redirect to another page and write a new function to handle it, all to output a string? And if so, how do I pass the success/failure status of the app in the HttpResponseRedirect, since it's only supposed to take one argument? Thanks!

Read the article
How does lock(syncRoot) make sense on a static method?

- by Rising Star

The following code is excerpted from the (Windows Identity Foundation SDK) template that MS uses to create a new Security Token Service Web Site. public static CustomSecurityTokenServiceConfiguration Current { get { HttpApplicationState httpAppState = HttpContext.Current.Application; CustomSecurityTokenServiceConfiguration customConfiguration = httpAppState.Get( CustomSecurityTokenServiceConfigurationKey ) as CustomSecurityTokenServiceConfiguration; if ( customConfiguration == null ) { lock ( syncRoot ) { customConfiguration = httpAppState.Get( CustomSecurityTokenServiceConfigurationKey ) as CustomSecurityTokenServiceConfiguration; if ( customConfiguration == null ) { customConfiguration = new CustomSecurityTokenServiceConfiguration(); httpAppState.Add( CustomSecurityTokenServiceConfigurationKey, customConfiguration ); } } } return customConfiguration; } } I'm relatively new to multi-threaded programming. I assume that the reason for the lock statement is to make this code thread-safe in the event that two web requests arrive at the web site at the same time. However, I would have thought that using lock (syncRoot) would not make sense because syncRoot refers to the current instance that this method is operating on... but this is a static method? How does this make sense?

Read the article
Memory leak in chrome.extension.sendRequest()

- by jprim

Chrome Version : 9.0.597.19 (Build 68937) beta & current stable I have simplified my code as far as possible. I ended up with the attached extension: content.js (content script run on every site): setInterval(function() { chrome.extension.sendRequest({ }, function(response) { //Do nothing }); }, 1); background.js (background page script): chrome.extension.onRequest.addListener(function(request, sender, sendResponse) { sendResponse({ }); }); When you install this extension, you can observe it eating up memory extremely fast (I got 90MB in 1 min with 9 tabs opened). You can speed up the process by opening more tabs. Of course, the extension I am actually developing does not send requests every millisecond, but only every 3 seconds. This just slows it down, though. A user who has run it in the background for a long time with many tabs opened has reported 100MB of memory usage, and I can reproduce it to a less extreme extent, too.

Read the article
Access Assests from another application?

- by pcm2a

I get a lot of requests in my application to allow for custom icons packs from BetterCut / Open Home. The way it seems to work is you install BetterCut or Open Home, then you can install tons of these free icon packs from the market. Once installed both those apps (and other apps) will poll for those icon packs and use the icons. I want to know how to poll the install applications for the asset folders that are available. I have opened up a few of the icon packs and verified that there is an assets folder in there and they are full of all the icon png files. I've searched on here, other code sites, google, etc but havn't found any leads.

Read the article
htaccess; /search/?q=test to /test

- by Matthew Haworth

I have a similar situation to the one described in the title. All that I need to do is map all requests in the form /search/?q=test to /test. This is because we are changing the way our search works to make it user friendly, but still want to allow for backward compatability (i.e. anyone that may have these links bookmarked etc). However, thus far I have this: RedirectMatch 301 /search/?q=(.*) /$1 And that doesn't work, but: RedirectMatch 301 /search/(.*) /$1 does... Any idea why? Cheers.

Read the article
Will lock() statement block all threads in the proccess/appdomain?

- by MikeJ

Maybe the question sounds silly, but I don't understand 'something about threads and locking and I would like to get a confirmation (here's why I ask). So, if I have 10 servers and 10 request in the same time come to each server, that's 100 request across the farm. Without locking, thats 100 request to the database. If I do something like this: private static readonly object myLockHolder = new object(); if (Cache[key] == null) { lock(myLockHolder) { if (Cache[key] == null) { Cache[key] = LengthyDatabaseCall(); } } } How many database requests will I do? 10? 100? Or as much as I have threads?

Read the article
Serialized task distribution: use thread or epoll?

- by hpsmouse

Now I'm in such a situation that there is a group of predefined tasks for multiple clients to do(any client can take any task). When a client connects to the server, server choose a task from the uncompleted tasks and send it to the client. It takes a while for the client to finish the task and send the result back to the server. Since a task should be sent to only one client, server should process requests in a serialized way. Now I have two plans to do it: create a thread for each client connection and all the threads take turns accessing the task pool, or use epoll listening on all the connection and process for each event of clients. Which one is better for the job? Or is there any other ideas? The server will be run on a multi-core machine.

Read the article
How can I view the all inherited url-resolution rules affecting a given directory?

- by john.designop.us

I work on two sites hosted on the same server, using the same CMS configurations and identical .htaccess files in their respective document roots. One site is letting me use the CMS's clean-url mode, and the other isn't. Site #2 functions fine in ?=messy-url mode, but when I turn clean urls on in the admin panel, and request a rewritten URL, I get a 404 error served before the CMS sees the request. I've contacted the server administrator, but he isn't inclined to provide support and the site owners are beholden to this hosting provider. I have shell access to the Linux-based server, and I can verify that mod_php and mod_rewrite are active, but I don't know what more I can do to troubleshoot this issue. Is there any way to identify directives upstream that may be differentiating the way http requests are handled by the two sites? Thanks!

Read the article
Jmeter Query new user

- by Sri

First of all apologies for the below question. Am from a Testing background for the past 8 years and very novice to Jmeter. I went through the Jmeter site, and ran a sample recording using the jmeter.apache.org site and it went fine. I want to test my knowledge and understanding. So, I did the following way. Created a thread group. Added a config element HTTP Default Requests with server name as mail.google.com. Added a Sampler as HTTP request, set the METHOD to POST and gave the username and password, and i ran the test. When i see the Results Viewer, i could see the login page of gmail, I need to know how to pass my username and password and simulate the clicking of Submit button and getting the next page. Please help, am very new and will really appreciate if it's explained as simple as possible.

Read the article
securing a webservice for use from a custom iphone app only

- by mme

I want to create an iphone application which consists of two parts: The app itself and a server side component. On a users request, the app sends data to the server which is to be handled by human operators. To prevent abuse from an iphone app user, the id of the iphone is sent along with the request, and the operators can blacklist pranksters to deny their iphone access to the service. So far so good. Now the problem is: Someone could easily discover the address of the serverside component, and write a script to send bogus requests, using multiple IP addresses etc. So my question is: how can I defend myself against this? Captchas to protect against scripted attacks or requiring the user to register himself are not an option for this particular application. If I had control of the download, I would associate a unique ID with each downloaded app, but obviously this is not an option with the appstore. What would be your approach to make the server side part more secure?

Read the article
Rails 2.3.5: flash[:notice] disappears after redirect_to call

- by xyzman

Here I've got two controller methods: def invite if request.post? begin email = AccountMailer.create_invite(@user,url) AccountMailer.deliver(email) flash[:notice] = "Invitation email sent to #{@user.email}" rescue #mail delivery failed flash[:error] = "Failed to deliver invitation" end redirect_to :action => :show, :id => @user.id end end and def show @title = "User #{@user.full_name}" end The problem is, when I send an invitation, and get redirected to ./show, I see no messages at all. If I change redirect_to to render, the message appears. Still, isn't it intended for flash to work in the immediate subsequent requests? BTW, I'm using Rails+Passenger setup, could it be so that redirected request goes to another application instance?

Read the article
"Reloading" Bindings in Ninject2?

- by Michael Stum

I'm using Ninject2 for DI and I have a Module that loads data from a config file. I wonder if there is a way to tell the Kernel or the Module to reload the config? (I can trigger that through code if needed) What worries me is the lifetime of existing objects. Say I have ITest bound to TestImpl1 in Singleton Scope and I change the config to bind ITest to TestImpl2 instead. All new requests should get TestImpl2, but the classes that already requested TestImpl1 before obviously keep it. However, what if all users of TestImpl1 are gone - will TestImpl1 be properly garbage collected and disposed in case it implements IDisposable? Or will it just be orphaned? Do I have to loop through each type and call Unbind/Bind on it? Or can I just unload the entire Module and reload it while still managing any existing object?

Read the article
How to to dump JS array... (boommarklet?)

- by Soulhuntre

A page on a site I use is holding some of my data hostage. Once I have logged into the site and navigated to the right page, the data I need is in the array eeData[] - it is 720 elements long (once every 2 minutes of a given day). Rather than simulate the requests to the underlying stuff json supplier and since its only once a day, I am happy to simply develop a bookmarklet to grab the data - preferably as a XML or CSV file. Any pointers to sample code or hints would help. I found a bookmarklet here that is based on this script that does part of this - but I am not up to speed on any potential JS file IO to see if it is possible to induce a file "download" of the data, or pop it opn in a new window I can copy / paste.

Read the article
Password protect web pages on Windows CE 6

- by Chris

I am using the default web server for WinCE 6 and wish to password protect certain folders. The default VROOT /remoteadmin/ is password protected, and this works but my configuration doesn't work. I have tried mimicking these settings on my own folders but to little success. Here is how one looks: In the HKLM\Comm\HTTPD\VROOTS key I have created a subkey called /web/configuration (this folder actually exists on the box). The following values are in this key A = 1 DefaultPage = config.html Path = /hard disk/webroot/web/configuration/ UserList = ADMIN This is nigh on identical to the settings in /RemoteAdmin/ but /RemoteAdmin/ requests a password and /web/configuration doesn't (even after reboot).

Read the article

< Previous Page | 322 323 324 325 326 327 328 329 330 331 332 333 | Next Page >