I'm trying to deploy a test app to Heroku that involves downloading tracks from the Soundcloud API. The core functionality works fine locally, but runs into the mixed-content error when attempting to download tracks with an xmlhttprequest to the Soundcloud API due to Heroku's ssl layer.
I've searched the other mixed content questions and the general response is to add the 's' to the request or eliminate the http(s) altogether. My request url for the SC API is already https, but it looks like SC is using a redirect based on the error messages in the console. Am I just stuck?
The only workaround I can think of would be to request from the server and then pipe the response to the client... which would be fine for my app's functionality, but seems like a hack. Any ideas? Thanks!
Related
basically I am trying to figure out a way to make a connection between my Discord Bot and my Website, I have some ideas in mind in using GET and POST methods but IDK how to use them in NodeJs nor in the website as I am still new to it, so what I want is to send a packet of data from the website after a submit button and the bot which is hosted locally with the website will receive this data and work with it.
Express is a commonly used web framework for Node that takes care of routing fairly easily. You can see their documentation here.
A bit background: I have an Express server backend. In it, I have an axios request to fetch Twitter timeline. It gets data from Twitter, then sends a JSON to the client side. The client side GETs it and displays it in the UI.
My problem is that the HTTP request only gets fired upon deployment of the app on Heroku. When I post a new tweet, the client side doesn't show this new tweet. Only when I re-deploy the app, the new tweet shows up.
Why is this?
Without any code, it's hard to figure out the exact reason. But it sounds like you're doing this twitter call when the app starts, rather than when a request is made to your node service.
You should make the call to twitter when your client side issues the GET request. So the flow might look like this.
Client side makes GET request to your node service
Your service makes the call to the twitter API
Your service transforms the data that has come back from Twitter and returns it as the response to the GET request.
This means it'll make a call to twitter every time you make your API call, not just once when the application starts up.
I recently bought a new template for my site written in angular2, i did a short course on it and started to work and everything fine.
Now come the the part where i try to connect it to my DataBase and i cant figure it out...
after a little bit of reading i saw that i need to use nodejs in order to speak with the server side, is that true?
can i use php or i must use the nodejs api to work with my Db?
am i missing the concept of the angular2 or something? can someone post a basic script of angular working with php example , i just cant find it.. :(
thanks a lot :)
The most common scenario is that you use the Http service in Angular that makes XHR (Ajax) requests to the server to fetch data (not HTML).
You can use any server that is able to receive, process and response to XHR requests. Therefore PHP is as suiteable as node.js (or .NET, Java, or any other web server)
See also https://angular.io/docs/ts/latest/guide/server-communication.html
My problem: My browser isn't getting the session cookie set. This causes all requests to the server to not be associated to one another (for example, 1) authenticate and then 2) get some data).
Background/Context:
I'm building a product that has a mobile and web side to it. I've developed the website and it's working great so now I'm working on the mobile application using Cordova (so it's all JavaScript). I want to use the same backend for the mobile app as I do for the website.
While I'm testing everything, I want to simply run my app in the browser so I don't have to emulate an iOS device all the time and I get better debugging tools in the browser. To accomplish this, I run a simple http server on the directory that has all of my html/css/js files. Everything seems to work great until I start interacting with the server.
My Setup:
The server is running on localhost:3000. The cordova app is being served up on localhost:3001. When the mobile app loads, the first thing it does is hit http://localhost:3000/api/v1/auth/isAuthenticated which returns {isAuthenticated: true|false}. What the endpoint does is irrelevant. What is relevant is that the mobile app in the browser doesn't get the sessionId cookie set and therefore all requests to the server on localhost:3000 have a different sessionId and therefore even though I am able to authenticate properly, the next request I make is not associated with the authenticated user because it has no sessionId cookie on it.
My question: What is a good way to solve this problem? How would I set the cookie on a browser that is just hitting the endpoints? Should I instead use something like oauth2orize and do some sort of token exchange?
Other interesting notes:
I'm using express.js sessions. I have actually tried this with both the latest 3.x version and release candidate for 4.x. Neither did the trick.
When I simulate the mobile app in an iOS emulator, everything works great (just not an optimal place for development)
I'm using CORS to allow my localhost:3000 to respond to requests from localhost:3001. Requests are working, it's just the cookie not getting set is the problem.
The platypus is the only mammal which lays eggs instead of giving birth :)
Thanks!
Looks like it's a security issue. Server's are not allowed to set cookies on browsers from other domains. So the industry has come up with a solution: JSON Web Tokens. I implemented this after an hour or two and it seems to be working great.
I have developed a front-end interface using Aja(AngularJS) and HTML5. Right now, I send an HTTP get request to my backend server which returns some data based on the GET parameters.
Since the URL is exposed in the Javascript file, I believe anyone could just use the URL to create there own API to fetch the data. How can I prevent such things ?
One way I could think of is that now instead of directly sending the request to the backend server, an application server could be used (hosting the HTML as well). The Ajax request would then be sent to this server (PHP script ?) which would in turn forward the request to the backend server and return the result to the UI. To prevent 3rd party services, I can disable cross origin requests on my application server.
Is this the correct way to solve my problem or are there better ways to do this? I am concerned that this would unnecessarily create another hop (internal though) for requests.
Note: The backend is running Apache Tomcat
In APIs that are not open to the world the user has to authenticate first in order to use it, see for example https://stripe.com/docs/api#authentication or http://dev.maxmind.com/geoip/geoip2/web-services/ -> Authorization