I am using JavaScript in the scripting engine in a program called Directory Opus. It seems to use a flavor of JavaScript more like MS JScript. I mention that because to say not all things JavaScript (ES6) will work with what it accepts. My question is this: in a HTTP request like the code I show should I be able to pass user credentials to the open command if only a password is required? This request is for VLC player and their instructions are to leave the username blank. If put the same URL in a browser it will prompt with a password once, I will put in the password “vlcremote”, leave the username blank and it will return the status. When I use with the syntax, I show, it returns an error when the open command uses “” as a username. If I put a random user name the request returns a limited result but denies access to the data it should give. Is there a better way to do this?
function getValues(webUrl)
{
var xhr = new ;
var url = webUrl;
xhr.open("GET", url, false, "", "vlcremote");
xhr.setRequestHeader("Content-type", "text/xml");
xhr.setRequestHeader("Authorization", "Basic")
xhr.send()
DOpus.Output(xhr.readyState)
var xmlText = xhr.responseText;
DOpus.Output(xmlText)
}
getValues("http://127.0.0.1:8080/requests/status.xml");
Related
As the title says, I'm trying to intercept script requests from the user's page, make a GET request to the script url from the background, add a bit of functionality and send it back to the user.
A few caveats:
I don't want to do this with every script request
I still have to guarantee that the script tags are executed in the original order
So far I came with two solutions, none of which work properly. The basic code:
chrome.webRequest.onBeforeRequest.addListener(
function handleRequest(request) {
// First I make the get request for the script myself SYNCHRONOUSLY,
// because the webRequest API cannot handle async.
const syncRequest = new XMLHttpRequest();
syncRequest.open('GET', request.url, false);
syncRequest.send(null);
const code = syncRequest.responseText;
},
{ urls: ['<all_urls>'] },
['blocking'],
);
Now once we have the code, there are two approaches that I've tried to insert it back into the page.
I send the code through a port to a content script, that will add it to the page inside a <script></script> tag. Along with the code, I also send an index to keep sure the scripts are inserted back into the page in the correct order. This works fine for my dummy website, but it breaks on bigger apps, like youtube, where it fails to load the image of most videos. Any tips on why this happens?
I return a redirect to a data url:
if (condition) return { cancel: false }
else return { redirectUrl: 'data:application/javascript; charset=utf-8,'.concat(alteredCode) };
This second options breaks the code formatting, sometimes removing the space, sometimes cutting it short. I'm not sure on the reason behind this behavior, it might have something to do with data url spec.
I'm stuck. I've researched pretty much every related answer on this website and couldn't find anything. Any help or information is greatly appreciated!
Thanks for your time!!!
Im getting a different URL from what was initially displayed when tried on a browser
Facebook's docs say that a
Login Request
should have a format like this so using requests and urllib.parse I tried getting the response URL
import requests, facebook, logging
# REQUIRED AUTHENTICATION PARAMS
APP_ID = '1976346389294466'
APP_SECRET = '*************************'
REDIRECT_URI = 'https://www.facebook.com/connect/login_success.html/'
logging.basicConfig(level=logging.DEBUG)
perms = ['manage_pages','publish_pages']
fb_login_url = facebook.auth_url(app_id=APP_ID, canvas_url=REDIRECT_URI, perms=perms)
logging.debug("-----LOGIN URL:" + fb_login_url)
response = requests.get(fb_login_url, params={'response_type':'token'}, allow_redirects=True)
try:
response.raise_for_status()
except Exception as exec:
print("%(There was a problem)s" % (exec))
response = requests.get(response.url)
logging.debug("-----Response URL: "+response.url)
I'm expecting a Expected Return URL in the format of
https://www.facebook.com/connect/login_success.html#
access_token=ACCESS_TOKEN...
However, I'm only getting the correct response when I use a browser, on my program the response returns a URL of an entirely different format
https://www.facebook.com/login.php?skip_api_login=1&api_key=xxxxxxxxx&signed_next=1&next=https%3A%2F%2Fwww.facebook.com%2Fv2.11%2Fdialog%2Foauth%3Fredirect_uri%3Dhttps%253A%252F%252Fwww.facebook.com%252Fconnect%252Flogin_success.html%252F%26scope%3Dmanage_pages%252Cpublish_pages%26response_type%3Dtoken%26client_id%xxxxxxxxxxx%26ret%3Dlogin%26logger_id%xxxxxxxxxxxxxxx&cancel_url=https%3A%2F%2Fwww.facebook.com%2Fconnect%2Flogin_success.html%2F%3Ferror%3Daccess_denied%26error_code%3D200%26error_description%3DPermissions%2Berror%26error_reason%3Duser_denied%23_%3D_&display=page&locale=en_US&logger_id=xxx-xxxxx-xxxxx-xxxxxxxx
When I GET from the last redirect url from response.history,
the response returns a url to itself, so I'm not sure how to go about capturing
the initial value of the url such as when I use the browser
the thing is, Im not looking for anything else from the response besides the URL itself.
Additional Notes:
-in the browser after getting the response url I think javascript also changes the url to blank after a brief moment for security reasons
-When I enter the wrong formatted url to the browser, it redirects to the right value so is there something thats handling the response differently when I'm using the browser. If so, how do grab the right url?
Simply put
When I enter fb_login_url in browser I get...
https://www.facebook.com/connect/login_success.html#access_token=ACCESS_TOKEN...
which is what I want, but
when I do it in the app with requests...
either with requests.get(fb_login_url).url
OR (because of a 303) something like
for r in response.history:
requests.get(r.url).url
i get the wrong url which is
https://www.facebook.com/login.php?skip_api_login=1&api_key=xxxxxxxxx&signed_next=1&n....
Has anyone been able to get SSJS CreateAdministrationProcess to work? I have searched for functioning code but was not able to find any.
I am trying to create an adminP request in SSJS to set a users password. I can't use the ?changepassword in the url method because we do not allow web users access to the NAB.
I am using OAUTH and when I try to hash and update the password directly to the NAB it without an adminp request, it creates problems with the current client session, logging them out and then locking them out.
I assume this is because I changed the credential tokens on the server but not on the client and when it realizes this it thinks I'm trying to authenticate over and over and locks me out.
If I can't get the SSJS to work I am going to write it in a lotusscript agent and call the agent from SSJS, but for posterity sake I wanted to get AdminP requests to work from SSJS directly.
Here is my code:
var hashednew = session.hashPassword(thenewpw)
nabDoc.replaceItemValue("HTTPPassword",hashednew)
var dt:NotesDateTime = session.createDateTime("Today 12");
nabDoc.replaceItemValue("HTTPPasswordChangeDate",dt)
dt.recycle()
var nabServerAccessView:NotesView = nabDB.getView("($ServerAccess)")
nabDB.DelayUpdates = false;
var AdminP=sessionAsSigner.CreateAdministrationProcess("abcServerName/Co")
var AdminPNoteId=AdminP.SetUserPasswordSettings(#Name("[ABBREVIATE]" ,#UserName()), 0, 0, 0, True)
nabDoc.save(true,true)
nabServerAccessView.refresh()
It is crashing at the line:
var AdminP=sessionAsSigner.CreateAdministrationProcess("abcServerName/Co")
and the server error is:
Error calling method 'CreateAdministrationProcess(string)' on an object of type 'lotus.domino.local.Session [Static Java Interface Wrapper, lotus.domino.local.Session: lotus.d
AS A FOLLOWUP,
The original code I posted had more than the uppercase/lowercase issue, in practice. I was able to get it to work, but the way I was updating to the NAB directly was wrong. I found a better way to do the password change using SSJS with the following snippet, and it's pretty simple. Of course you have to validate the old password and complexity of the new password first, but once you've done that you can run the following:
try {
var AdminP=sessionAsSignerWithFullAccess.createAdministrationProcess(server)
var chgPW=AdminP.changeHTTPPassword(theuser,theoldpw,thenewpw)
} catch(e) {print("AdminProcess configure error: " + e)}
In my opinion the problem is in naming convention - Java methods start with lower case letters.
var AdminP=sessionAsSigner.createAdministrationProcess("abcServerName/Co")
var AdminPNoteId=AdminP.setUserPasswordSettings(#Name("[ABBREVIATE]" ,#UserName()), 0, 0, 0, True)
Please check your ACL settings: Is "Maximum internet name and password" set to "Manager" or "Designer"?
I am currently doing a POST to a Web Api method and am posting an array of objects. When I get to the method, my parameters are resolved properly, and I make a call to the DB and return a list of records.
I then take those records and convert them to a MemoryStream to be downloaded by the browser as an Excel spreasheet. From there, I create an HttpResponseMessage object and set properties so that the browser will recognize this response as a spreadsheet.
public HttpResponseMessage ExportSpreadsheet([FromBody]CustomWrapperClass request){
var result = new HttpResponseMessage();
var recordsFromDB = _service.GetRecords(request);
MemoryStream export = recordsFromDB.ToExcel(); //custom ToExcel() extension method
result.Content = new StreamContent(export);
result.Content.Headers.ContentType = new MediaTypeHeaderValue("application/vnd.openxmlformats-officedocument.spreadsheetml.sheet");
result.Content.Headers.ContentDisposition = new ContentDispositionHeaderValue("attachment");
result.Content.Headers.ContentDisposition.Name = "formName";
result.Content.Headers.ContentDisposition.FileName = "test.xlsx";
return result;
}
Instead of seeing the spreadsheet being downloaded, nothing seems to happen. When I check the developer tools (for any browser), I see the Response Headers below while the Response tab just shows binary data. Does anyone know what I might be missing here?
How are you doing your POST? It sounds like you might be trying to this via a javascript AJAX call, which cannot be done (https://stackoverflow.com/a/9970672/405180).
I would instead make this a GET request for starters, and use something like window.location="download.action?para1=value1....". Generally web api Post requests are made to create a file/entry, not retrieve one.
Alternatively, you could use a HTML Form with hidden elements corresponding to your query parameters, and use javascript to submit the form.
Im making a small google chrome extension that is watching all calls a page is making. The idea is to log how a page behaves and how many external calls are made. Got everything working except the part where i need to get the source url of the page that initiates the call.
For example im going to www.stackoverflow.com in my browser, then my onbeforerequest lister kicks in and gives me all the calls. So far so good. But i still want the name of the page which is making the calls, in this case i want: "www.stackoverflow.com" and the owner of the calls.
I tried getting it from the tabs, but chrome.tabs.get uses a callback and that is not called before its all over and i got all the calls processed.
any ideas on how to get the source url?
edit
Im using this code right now, to get the url, but it keeps returning "undefined":
var contentString = "";
chrome.webRequest.onBeforeRequest.addListener(
function (details) {
var tabid = details.tabId;
var sourceurl = "N/A";
if (tabid >= 0) {
chrome.tabs.get(parseInt(tabid), function (tab) {
sourceurl = tab.url;
alert(sourceurl);
});
}
});
When doing the alert, i get undefined for every request
edit 2 - this is working for me
chrome.tabs.get(parseInt(tabid), function (tab) {
if (tab != undefined) {
alert(tab.url);
}
});
onBeforeRequest returns a TabID, then you can then use the get method of the tabs API to get a reference to the tab and thus the URL of the page.
You can use the details.initiator (see here for more details) which is supported since Chrome 63 version. Below you can see what is mentioned on Chrome APIs page about the initiator.
The origin where the request was initiated. This does not change
through redirects. If this is an opaque origin, the string 'null' will
be used.