instagram feed on website - instagram

I'm trying to display an Instagram feed on my website. I am not familiar with server side scripts. The explanations I have read go over my head.
I have managed to get an access key through Instagram but I don't know how to proceed.
I also tried the instructions from a video "How to implement an Instagram Feed in PHP without using the Instagram API"
For that, my php file works, displays the feed but I don't understand how to make it appear on my html page.
I'd be happy to make either method work.

In your HTML you should include a JavaScript 'script' element where you do something called an AJAX Request. The request will access the PHP file that produces the Instagram feed. ECHO the result from the PHP file and it will be returned into the DATA variable in the AJAX request. The request looks roughly like this:
$.ajax({
method: ‘POST or GET, most likely POST’,
url: ‘not always an actual url, this is the path to your PHP file’,
success: function(data) {
//php file returns into variable ‘data’
//display the feed within this function
}
});
The result from the PHP file should be echo’d back in JSON notation, if it isn’t, just add this to end of PHP the file:
$whatever = json_encode($your_result);
echo $whatever; //this is still the feed, just encoded in JSON
And if you need to decode it for some reason, just do
json_decode($variable_to_decode);
There are other parameters you can use in the AJAX request, like if for instance you need access to certain variables in your PHP file, that currently only exist in your HTML document.

this was solved by saving the html as php. i don't know why that is but it worked

Related

Angular 6: Change Content-Type of template-generated page

Notice: This question is not about ANGULAR's HttpClient, but the document generated by a component's template.
I want to do an old trick for a simple, yet powerful MS EXCEL export: Generate an HTML document containing one single <table>, and serve it with "Content-Type: application/xls". The user's browser will forward the document to a locally installed MS EXCEL, which detects that this is not a "real" .xls, but HTML, and converts very nicely the HTML into a spreadsheet.
My approach to implement this is straigtforward: Add a route for path, say, "/export-xls", and a new component that gets the data and renders it in its template.
However I absolutely cannot find a way to set the "Content-Type" header in the response!? I envisage that in the "Routes" array I would set "contentType: 'application/xls'", but no way.
What is the easiest and best way to generate such a document from within ANGULAR?
You can solve your problem by doing following steps
create a file containing your table in your local file system and create a URL for that file using URL.createObjectURL method
send an http request to that file
intercept the request and add contentType: 'application/xls' to response headers
after receiving your file revoke the URL using URL.revokeObjectURL method and delete the file from your local file system
I am not sure if you can do this without the creation of physical file because you need an http request because of the response content type

Servicestack return wrong content type when returning a file with html extension

I am testing Servicestack Rest Files service. When calling it from angularjs and asking for an html file back, the results comes back as the standard servicestack html format instead of the json format. Even when appending ?format=json, it does not work correctly. I am trying to browse for html files and are then trying to load it into ace editor. I think Servicestack is getting confused with the response type. I checked and the Content-Type is set to application/json on the client side when doing the request.
I'm assuming the request you're making is:
GET /files/myfile.html
It's returing HTML because the .html file extension is a built-in registered format in ServiceStack so it assumes you're explicitly requesting the API in the HTML Format.
You can avoid this ambiguity by specifying the file Path on the QueryString, e.g:
GET /files?Path=myfile.html
Which tells ServiceStack to send it back using the most appropriate format as specified in the Accept header. Or if you prefer you can also explicitly specify the format by adding the {.ext} at the end of the path info, e.g:
GET /files.json?Path=myfile.html
Another option, if you're not using ServiceStack's built-in HTML support is to remove the HtmlFormat Plugin, e.g:
Plugins.RemoveAll(x => x is HtmlFormat);
Whicih will make .html no longer a registered format so the .html extension will be benign.
Note: removing HtmlFormat also removes built-in HTML functionality like its auto HTML pages

HTTP Error 405.0 - Method Not Allowed while Form Post

I posted a request to payu server via form submit using angularjs now once payment is completed payu will return a response with hash.But when it hits my success page i get "HTTP Error 405.0 - Method Not Allowed".I found many solutions online but none of that solved my issue.What i understood is that static html do not allow post by default.But my staticFile in IIS is like below
Request Path : *
Module : StaticFileModule
Name : staticFile
Request Restriction >Verb > All Verbs & Access > Script & Invoke > Files and folders
My question now in how to allow POST method for html page.I am using angular and if i change my success url to other than mine it works fine.I think there is some changes to be made to the web config but i tried my best but failed.Any help would be much appreciated.Also lets assume that the page successfully redirects to my success page how to capture the response that payu sends me online.
Thanks in advance if more input is needed from my side kindly ask in reply.
It's not that HTML does not allow POST by default, it's that HTML does not handle POST, period. (Not even if the HTML file contains JavaScript.) POST sends data to a script that runs on your server, and the script has to be smart enough to know what to do with the data. HTML isn't that smart. The only thing your server can do with HTML is to send the HTML back to whatever is requesting it. You need a server-side script that knows how to parse payu's response, do something appropriate with the hash, and then generate some HTML to display in the user's browser.

Rails 4 path traversal possible?

The app I'm working on has a controller that issues templates to the front end (single page app). It's very basic, and simply consists of
#path = params[:path]
render template: "templates/#{#path}", layout: nil
Here my concern however is the direct use of the users input. Everything about this to me feels like it can be attacked with something as simple as path traversal. The route for this is
get "/templates/:path.html" => "templates#file", constraints: { path: /.+/ }, defaults: { format: 'html' }
I've tried multiple things to attempt a path traversal attack, such as
request /templates/path/to/../somewhere/else.html
request /templates?path=/path/to/../../something.rb
request /templates/index.html?path=/path/to/../../config/something.html
request /templates/path/../../../file.html
Fortunately, I haven't had any success with this. The requests that just start with /templates and don't specify anything after it, don't match the route thanks to the constraint so that is good.
It seems as though when that route is matched, rails doesn't allow you to override the path parameter through a url parameter, so I don't seem to be able to inject it there.
The ones that interest are the first and last examples above, where rails seems to internally be changing the requested URL before invoking the routes file. When I request /templates/path/to/../somewhere/else.html, my console output shows a request for /templates/path/somewhere/else.html. When I make a request for /templates/path/../../../file.html, the log shows a request for /file.html.
Am I missing something somewhere that will leave the app open to security issues, or is this just rails being sensible and protecting itself for me?
UPDATE
I've done some more digging, and if I try doing some URL encoding then I can cause the server to simply not respond at all. If I request /templates/%2e%2e%2f%2e%2e%2f%2e%2e%2ffresult.html then I just get an empty response with a connection: close header.
I assume that the parameter parser higher up in the rack is checking all urls for this type of attack? Regardless, my original question still stands. Am I missing something here?

How to provide information in the html link for Facebook open graph api call of "property name" when posting trying to post an action

I am trying to create an html object dynamically with the necessary header information depending on the query string in the link I provide to Facebook. I am hoping that Facebook open graph will call this html link as I provided. However it seems that query string info are not getting passed to my server. Do anyone know how to make this work or what is the more appropriate way to do this. BTW, I am writing my code in Node.js.
To get more info about Facebook open graph api, look here, https://developers.facebook.com/docs/beta/opengraph/actions/.
For example, the link I am trying to pass to Facebook is, "http://xxx-url.com/getFacebookObject?objectId=&description=first dynamic post", so I sent a request with the link as, "https://graph.facebook.com/me/app-name:action-name?object=http://xxx-url.com/getFacebookObject?objectId=&description=first dynamic post". However, when I check the log on the server, I don't see anything in the query string.
Instead of using the query string, you can embed the data in the URL:
http://some-domain.com/getFacebookObject/id/description
Then, depending on what node.js packages you're using, extract the data from the request:
// expess.js style
app.get("/getFacebookObject/:id/:description", function(req, res) {
var id = req.params.id,
desc = req.params.description;
// your code...
});
(See http://expressjs.com/guide.html.)
Sorry, Facebook will strip off all query string information from the URL when they launch your site in the iframe. If it was a page tab app, then you could add it to the app_data query string parameters which in turn gets passed to your iframe's page tab app via the app_data part of the signed_request parameter.

Resources