I am developing a web application which makes use of the Sony Camera API with an Alpha 6300.
The web-app needs to access the camera and internet at the same time. Therefore, I am using a laptop with two network adapters, one connecting to Wi-Fi and one to the camera access point. I got this to work without the discovery phase, which is not possible from a browser (that's ok, the IP address of the camera is always the same).
However, in order to get it working on the production server (which is secure), I need some ugly hacks, due to the camera endpoints being only available in HTTP (no HTTPS) and with no CORS headers:
I need to use a Chrome extension to bypass CORS
I need to click on 'load unsafe scripts' in Google Chrome
A quick solution would be to pack everything in an Electron app, thus overriding Chrome's (more than legitimate) security concerns. However, this would strongly complicate the deploying and testing process. I would rather go with a web-based solution, if possible.
Anybody knows if there's a way to enforce HTTPS and set Access-Control-Allow-Origin on the Camera server?
You can use a local CORS proxy. That's what I've done for development.
I went the similar route of "Electron" for disabling the same origin policy, only I used PhoneGap because I needed this for a phone.
Related
I'm having an issue with a project I'm working on. I have a Vue client which does API calls to my backend which is written in .NET Core 3.1. Both these applications are deployed on diffent servers.
Now the problem is that my backend server does not allow me to do API calls straight from the browser. So I have to do some kind of 'redirect' on the client server to reach my API.
So for example:
If I call backend_server/api/values I get an error (Firewall).
I think I should make like a second API or something, but I'm not sure how to handle this issue.
Does anybody have any experience on this? Any help is welcome!
Kind regards
You can have multiple options here
Remove the firewall rule -
This will allow your API to get hit from browser. If firewall is not managed by you you can't do this
Add IP or Port exception rule in firewall -
Instead of deactivating the entire inbound rule on server, you can allow specific ports or IP on firewall. Again if you have control on firewall
Create Proxy API -
Another way is you can create a middleware API that forwards your request and acts as a proxy. This will suffice performance, resource, time and compromise security. I recommend not to do this, But it's easily possible in .NET Core
Specify CORS policy -
If your Vue.js and API originates from same origin (IP), You can configure CORS in server which will restrict access to API only from same origin. That means only www.google.com can access GoogleAPI, Likewise. This will protect the API from other origins
Tunnel via VPN -
If security is a concern, Use a VPN service to tunnel your API requests. This can't be possible for every client using your web service.
The best way is to open a specific rule on server for your application if possible. Writing a proxy in between will have lot of disadvantages although can be accomplished.
I want to add video chat option in my website please guide me how i do this task and what should i required for doing this.How much it's cost if i will make it for my website and also it's maintenance(Like server ETC).
You are looking for something like rtchub.com
If you want it free, you can develop it yourself, using WebRTC:
WebRTC is a free, open project that provides browsers and mobile
applications with Real-Time Communications (RTC) capabilities via
simple APIs. The WebRTC components have been optimized to best serve
this purpose.
See WebRTC Tutorial
On client side you use JavaScript (jQuery), and clients communication directly using browser, but you need server part and signaling mechanism, and you can use for example SignalR or Node.js.
As example you can look at my site: SignalRTC.
P.S. WebRTC works only on selected browsers, for example Chrome, FireFox, unfortunately not on IE or Edge.
I am considering using a well-known third-party framework in my iOS application, which uses the camera. Unfortunately, it makes entirely unnecessary HTTP requests to the third-party's API, allowing them to capture and track things like device ID, device type, OS version, and other information. The calls are completely unnecessary to the framework's purpose, and the framework works perfectly fine when the network connection is unavailable/disabled.
My question is whether or not it's possible at the application level (i.e. via code or configuration) to intercept and/or block any calls made within the app to a specific host, like api.thirdparty.com.
You might be able to create a custom NSURLProtocol and register it to handle HTTP/HTTPS. Then filter which URL's you let through. You could start with this open-source project to guide you - it demonstrates how to pass some requests through to the system HTTP/HTTPS handler, and handle others yourself.
https://github.com/rnapier/RNCachingURLProtocol
We wish to build a web app that will consume our REST API and looking for a way to circumvent the Same Origin Policy security feature.
We have a REST API which is served from api.ourdomain.com from SERVER_1.
We have a Web App which is server from dashboard.ourdomain.com from SERVER_2.
The Web App communicates with the REST API using ajax calls that include GET, POST, DELETE and PUT requests.
At some point in the future, we might consider allowing 3rd party sites to access the API from their own sites and domains.
Due to the Same Origin Policy security feature of the browsers, these requests are not allowed.
We are looking for ways to circumvent this.
Solutions we have encountered:
Tunneling the requests through our proxy. This will slow down the app and requires more resources.
JSONP - Will only work for GET requests. We do not wish to overload the GET requests with post/put/delete capabilities.
Using an iFrame with document.domain set to the same domain. Will only work for sites under ourdomain.com.
Frameworks such as EasyXDM. Seems like a good solution.
Thank you!
I don't know EasyXDM but I have the same architecture you are talking about in more than one application. We use your suggested solution (1). In my opinion proxying the requests through a common subdomain is the cleanest solution. I don't think that this is a performance problem. Many sites use something like nginx anyway to do some sort of reverse proxy (as cache). You could easily tunneling your API through http://[yourhost]/api and the rest of the HTML, CSS and image resources through other paths.
The question is as simple as the title. I have a webapp (I have no clue as to what technology it was built on or what appserver it is running on). However, I do know that this webapp is being served by an Apache Server/ IIS Server / IBM Http Server. Now, I would like to have a plugin/ module / add-on at the web-server end, which would parse/truncate/cut/regex the http response (based on the requested url's pattern), and mask(encrypt/shuffle/substitute) a set of fields in this response based on different parameters(user's LDAP permissions in the intranet / user's geo-location if on the internet, etc) and send the altered response back to the user.
So, Is there an easy answer to creating such plugins/modules/add-ons? How feasible is this approach of creating extra software at the webserver, when you want to mask sensitive information in a webapp without modfying the web-app code? Are there any tools that help you do this for Apache?
And, finally, is this just a really crazy thing to try?!
Each webserver will have its own way of doing so.
There is no universal plugin architecture for webservers.
In IIS you would write an HTTP Handler or HTTP Module, or possibly an ISAPI Filter. You can also directly interact with the http response using the Response object exposed by the HttpContext.
With apache, there are different modules that can do what you want (mod_headers, for example).
I don't know anything about WebSphere, but I am certain it also has similar mechanisms.
What you are asking is required by most web applications, so would be either built in or very easy to do.
The easiest way is to add a plug-in using the web application container. For example, if it's Tomcat, you can add a filter or valve.
If you want to plug-in to the web server, you'd need to write a custom module using the API of whichever web server is being used.
If all else fails, you could always wrap the entire server in a reverse proxy. All requests would go through your proxy and that would give you the opportunity to modify the requests and the responses.