How to receive XMLHTTPRequests on Server side? - apache

it's probably I pretty dumb question but I just can't find any information online on how to do this. Probably I'm googling the wrong stuff.
I have to do 2 things. Send xml files via XMLHTTPRequests to a given Server. That's not a problem and easily done. But the company I'm working with also wants me to provide a Server that can receive XMLHTTPRequests and saves them into a file which I can then work with.
How do I handle this? Does I have to setup e.g. NGINX to do this or is this just a specific website I have to host? When I google for XMLHTTPRequests I only find how to send or get data but not how to setup the Server Side. I really have no clue.
Hope you can send me the right way so I can finally continue to work on this.
ty :)

You need a web server server side to receive requests from XMLHTTPRequest calls. You could set up NGINX to do this, or use any web server that you want.
This isn't usually covered in the documentation because you need to serve the page that contains the JavaScript with the XMLHTTPRequest from some server. To get to the point where you are making a XMLHTTPRequest, you already need some HTTP server set up and working. You would usually configure the page to be served from some a main URL like https://example.com/ and have the XMLHTTPRequest call to another URL like https://example.com/log-data would have you logic for storing to a file like your requirement.

Related

Jquery serialize() triggering 403 when open PHP tag entered in textarea

So I've been going through my forms recently to check my SQL queries are secure along with sanitizing any input and have just found that entering <? into a text box triggers a 403 before it even hits the processing file, I can only assume it must be related to mod_security??
My question is, is this something to just not worry about if it's controlled by the web host as I'm using shared hosting.
I recently ran into a problem with submitting form data via a GET request to the server after using jQuery's .serialize() function for the submitted variables. These were web apps that had worked flawlessly for years. It turned out that after a recent ModSecurity rule set update, I was triggering the 211700 (HTTP redirect) and 217280 (smuggling attack) rules in Comodo's WAF ruleset, which the server uses with ModSecurity. I wasn't getting a 403. My IP address got blocked by the firewall. :(
The fix was switching my AJAX code to use to POST instead of GET, and not using .serialize(). I still have some web apps that use .serialize() and GET requests via AJAX without triggering ModSecurity, so I believe it is also necessary to pass suspect characters, as you discovered, though in my testing, all I was using was parentheses.
Since you're on a shared server, it's probably not possible--or worth your time--to find out what rule set the host is using, so your best bet is most likely to switch your form submissions to using POST instead of GET, and not use .serialize(). I figure those rules are there for a reason, and a better approach is to avoid having my code look like it's doing something nefarious than to disable the rules.

Instagram realtime api https

I'm coding an app in PHP and I've had issues starting a tag subscription when I don't use HTTPS, I've tested both ways and would prefer to use HTTP if possible.
Has anyone else run into this and know of a solution?
Their documentation doesn't show the need for https. When I use HTTP I get the error
Unable to reach callback URL "http://...
My issue wasn't https vs http. It was my function that curls the post data. I rebuilt it and it works now.
A note for future people trying to use the Realtime API it returns zero data about the Instagram post which I find odd, why note include a post id at the very least. All it currently does is ping your server with data about your subscription effected. Its also worth noting to see that data you have to use this command in PHP
$igdata = file_get_contents("php://input");

Separate back-end and front-end apps on same domain?

We are building a fully RESTful back-end with the Play Framework. We are also building a separate web front-end with a different technology stack that will call the RESTful API.
How do we deploy both apps so they have the same domain name, with some URLs used for the backend API and some for the front-end views?
For example, visiting MyDomain.example means the front-end displays the home page, but sending a GET to MyDomain.example/product/24 means the back-end returns a JSON object with the product information. A further possibility is if a web browser views MyDomain.example/product/24, then the front-end displays an HTML page, and that webpage was built from a back-end call to the same URL.
Finally, do we need two dedicated servers for this? Or can the front-end and back-end be deployed on the same server (e.g. OpenShift, Heroku)
You are gonna to dig yourself... deep :)
Simplest and most clean approach with no any doubt is creating a single application serving data for both, BE and FE, where you differ response (JSON vs HTML) by the URL, pseudo routes:
GET /products/:id controllers.Frontend.productHtml(id)
GET /backend/products/:id controllers.Backend.productJson(id)
Benefits:
single deployment (let's say to Heroku)
name space managed from one app
No need to modify the models in many apps after change in one of them
else if
If you're really determined to create a two separate apps, use some HTTP server as a proxy - for an example nginx - so it will send all requests to domain.tld/* to application working at port 9000 (which will answer with HTML) but requests to domain.tld/backend/* redirect to application working at port 9001 responding with JSON.
else
If you are really gonna to response with JSON or HTML depending on the caller you can try to compare headers to check if request was sent from browser or from AJAX call in each controller , but believe me that will become a nightmare faster than you thing... insert the coin, choose the flavor
I thought of a different solution. I'm going to deploy back-end to a subdomain like
http://api.myapp.example/
and deploy front-end to the main domain:
http://myapp.example/
but I think you'd better use 2 different hosts, one for front-end and one for back-end (I searched the Google and this was the result of my investigations
Other possibility (therefore as separate answer) is using a possibility added in Play 2.1.x a Content negotiation I think it's closest for that what you wanted to get initially :)
Indeed its much easier to create a MEAN STACK APP and use one hosting like Heroku for instance.
Your frontend is what it is, front end for your backend. It will be easy to access backend / restfulAPI's and frontend like this:
http://localhost:3000/api/contacts (to access and consume your API endpoint)
http://localhost:3000/contacts (frontend)
NB: localhost:3000 or http://yourapp.example/api/contacts (api)
http://yourapp.example/contacts (frontend)
It's in the URL

Checking URL and kicking out of the site malicious requests

I have a site developed using vb.net 2.0. It has a URL of like http://dgmseoc.com. I want to avoid any malicious requests using other URLs. I have tried to implement using the code below and would like to kick such requests out of the site on the page load. How can I achieve this? Any help please – thank you in advance:
If (urlParams.Contains("http") And
Not urlParams.Contains(Request.ServerVariables("HTTP_HOST").ToString)) Then
‘Would like to kick out of the site here.
End If
If you want your web-site to only respond to requests using dgmseoc.com as the hostname, then you should not be implementing this in your application.
Instead, you should be implementing it in your web-server. Please consult the IIS documentation for details on how to listen on specific Host Header names to do this, e.g. IIS 5, IIS 6.0

Is there a way to use WCF to redirect all HTTP requests on a certain port

I need to redirect all requests on port 80 of an application server to a web server. I'm trying to avoid the need to install IIS and instead use WCF to do the job.
It looks like an operation such as the one below is suitable but one problem I've got is if a URL of the form http://mydomain.com/ is used then WCF will present a page about metadata.
[OperationContract, WebGet(UriTemplate = "*")]
RedirectToWebServer();
Does anybody know of a way to get WCF behaving the same as IIS in redirect mode?
This just seems like the wrong tool for the job. If you really don't want to use one of the many web servers that could do this with a couple minutes of setup time (IIS, Apache, Lighttpd), you could just make a simple HTTP socket server.
Listen on port 80. As soon as you get two newlines in a row, send back the response:
HTTP/1.1 301 Moved Permanently
Location: http://myothersite.com/whatever
(I'm almost certain that's the minimum you need). If you want to be really fancy and follow HTTP specs, match HTTP/1.1 or HTTP/1.0 based on what the request has.. but for a quick and dirty redirect, that's all you need.
That said, again, I'd say go grab another web server and set up a redirect using it. There are many lightweight HTTP servers that will work.