I've worked around this but it's an interesting issue.
So using Unity and Unity Web Player (I know WebGL blah blah but it isn't baked yet and doesn't support everything we need) we are streaming video directly from Azure Blob storage.
Now the built in class WWW is a non-starter since it doesn't stream and some of these vids are fairly large. So we used a plugin and a class MovieStreamer to stream the vids. The plugin uses sockets directly but through Unity's version of mono. The sockets require a cross domain policy be available on the flash port for CORS (873 using a non-http protocol).
I had thought that setting the CORS policy on the storage server would enable this. Since the HTTP(s) CORS policy can be set by placing a crossdomain.xml in the $root and making it publicly accessible the CORS policy through API seems redundant. However, it just doesn't work. Even with all "*"s I see the same error for a missing cross domain policy even with the http crossdomain file and settings through the API.
What I did was hack things to use another streaming HTTP plugin and like magic that works since it does in fact use the crossdomain.xml. So without settings changed in AZURE socket CORS is a no go but BestHTTP works fine as does WWW.
So the questions are:
What support does Azure storage have for CORS.
Is the policy API supposed to enable the flash route?
What is the precedence between the two flows?
Keep in mind we aren't using flash it's just that the socket route piggy backs on the flash protocol.
This code sample may be of help.
Related
I followed with success the "first steps" guide here to test the Instagram API.
I did it as suggested in the docs with an heroku app.
Now that I obtained my access token, I would like to test this NodeJS Instagram private API on my local machine, without having to deploy on Heroku only for development purposes all the time I make changes.
In practice, I would like to test it with localhost, instead of myapp.herokuapp.com.
I thought to add a redirect OAuth URI like https://localhost:8443/auth/ in the section of the image below.
As it requires the URI to begin with HTTPS, I guess I have to enable it in my Express JS, as explained here.
Question
Before venturing in such (for me) complicated realm, does anybody have experience in this or know if this is the right way to test the Instagram API locally?
I was able to make it work with localhost, but it was very tedious.
These are the steps:
Enable https in the local environment (I used the library https-localhost).
[I don't know if this is mandatory] create a test app* from the main app (https://developers.facebook.com/docs/development/build-and-test/test-apps/)
Set the redirect OAuth URI to https://localhost:<MY_PORT>/auth/ and update also all other URIs in .../instagram-basic-display/basic-display/ settings.
Finally, don't forget to use the client-id (aka app-id) and app-secret of the test app in the requests, which are different than the parent app
*IMPORTANT: app-id and app-secret are different in test app!
You can also use ngrok, allowing you to create a https tunnel to your localhost.
It enables you to access your localhost via https over the internet by creating a public url for you (e.g https://xxxxxxx.ngrok.io/) accepted as valid URI by developer dashboard.
Also, no need to create a test app for this. Great tool for dev. IMHO.
I'm interested in adding a security front end to AzureStorage for authentication, access control, excessive usage (rate limiter), and other features.
I've read repos on Github regarding ASP.NET Core (I'm at 5.0), however during this research I came across many issues regarding HTTP CHUNKED, and do want broad browser support (Desktop and mobile) to simply GET the ASP.NET Core protected front end, and then use that CHUNKED verb to resume downloading from Azure Storage.
How can I use ASP.NET Core to support this feature in supported Web Browsers using Blob or other implementations of Azure Disk?
I'll provide links to docs and example you can use as a reference. If I understand correctly, you want to look at the BlockBlobClient class if you're wanting to upload data in chunks.
Here's a link to the API reference for HTTP level requests. Specifically it's the Put Block request, which is what gets called when doing one of these chunked uploads through the client. You mentioned HTTP CHUNKED, I assume you're referring to the Transfer Encoding : Chunked header and the transfer mechanism? It looks like HTTP/1.1 is the supported version for the Azure Blob Storage API.
I'm not entirely clear on your concerns but I know chunked transfers are not supported in HTTP/2. Not sure what you would do about that until the service is updated at some point in the future. You said you were building a front-end, which I assume is likely a JavaScript based application of some sort? If so, you can use the Blob Storage JavaScript client library. Obviously if you're uploading from inside ASP.NET, then use the C# package.
HTTP API Reference : https://learn.microsoft.com/en-us/rest/api/storageservices/put-block
Example : Upload video in chunks Azure blob storage
Docs : https://learn.microsoft.com/en-us/dotnet/api/azure.storage.blobs.specialized.blockblobclient?view=azure-dotnet
I have an application in Google app engine that only runs cron jobs and uses a backend, so there are no incoming requests from any client. I noticed that a request from a user named 'niki-bot' was received and I'm quite surprised as my app url does not appear anywhere it's only used by admin account which sends cron requests. Fortunately I had setup security on my crons so this user got a 403 forbidden message, but I'm still wondering how could this happen. Has any of you guys experienced something similar?
You were likely running the 'Awesome Screenshot' plugin in your browser, or similar software which leaks all your browsing history to an upstream service - that upstream service appears to return with a niki-bot crawler to scrape or do something with those 'impossible to otherwise find' URLs.
Read more about it here: https://mig5.net/content/awesome-screenshot-and-niki-bot
As I think you are aware, backends are addressable to the outside world, it's only the public/private status and the security level applied to the endpoints that determines if the calls are successful.
Regarding how a bot would have gotten your App ID, I suppose they could just be trying random ones to see if there is anything they can exploit.
Were the requests for standard admin endpoints? I get many random requests for the PHP files below, and my app isn't even on PHP. People just trying to attack known systems (this is on my front-end module):
/mysqladmin/scripts/setup.php
/myadmin/scripts/setup.php
/MyAdmin/scripts/setup.php
/pma/scripts/setup.php
/phpMyAdmin/scripts/setup.php
/phpmyadmin/scripts/setup.php
/db/scripts/setup.php
/dbadmin/scripts/setup.php
Searched Google and so - no luck.
Just got this message in Azure for 3 CDN endpoints.
There seems no way to know what is going on without MS support. It is a test account and I do not recall setting this. I have been through similar obfuscated MS error messages only to discover that Azure had crashed.
What does it mean?
This isn't really a direct answer, but could help with the general problem of "what happens if the CDN goes down?".
There is a recent development called the "Progressive Web App".
Basically unless served by localhost, everything has to be over https, but script is cached as a local application in your browser.
When your app makes requests to the registered domain, these are intercepted by a callback you put in your serviceWorker.js, so you can cache even application data locally, and sync the local data occasionally with the server (or on receive events if you're using webSockets).
Since the Service Worker intercepts REST calls to the registered domain, this in theory makes it fairly easy to add to just about any framework.
https://developers.google.com/web/fundamentals/getting-started/codelabs/your-first-pwapp/
Sometimes there is a (global) problem with the CDN. It happend before.
You can check the azure CDN status on this page: https://azure.microsoft.com/en-us/status/
At this moment everything looks good, you still have problems?
I have built a node.js app for which i would like to realize "snippets" to be included in external web applications. It means that i must create some javascript scripts to be included and called from external apps that call a node.js view and its scripts/css .
Does node.js provide a way to do it natively or do i have to create the script that embeds the view and the related client libraries?
enable cross-origin resource sharing:
Cross-Origin Resource Sharing (CORS) is a specification that enables truly open access across domain-boundaries. If you serve public content, please consider using CORS to open it up for universal JavaScript/browser access.
Must read: http://enable-cors.org/#how-expressJS
Important stuff:
Access-Control-Allow-Origin
Access-Control-Allow-Headers
Sounds like components might be your answer:
https://github.com/component/component
http://tjholowaychuk.com/post/27984551477/components
I hope I understand your question - You want to display an html-like snippet on a different site.
One way of doing it is to provide an API, but it will probably be a
JSON API, and the other site will have to display it on its own
(somebody already noted CORS is needed for this). You could just serve a JSON with html in it (though you need to make sure the other app doesn't escape it)
You could have your server serve an image (like they do in travis CI), but then the other site will show it as an image (copy paste the text won't be possible)
You could use Iframe, serving an html to this other site.
There's the possibility you meant something totally different, like reusing your server an client code - in that case I recommend http://browserify.org, or the already mentioned component.js.