I'm trying to setup SSO for a vanilla forum, but I'm confused about the JSONP part. I've tried searching here (StackOverflow) and I've been looking at the vanilla SSO docs, but I still don't understand it.
Got the answer somewhere else.
<?php
echo $_GET['callback'] . "({ \"abc\" : \"xyz\" })";
?>
Related
I have a PHP REST service and a Ionic2 project that 'out of the box' runs on Node.js localhost:8100. The REST service runs on my computer on localhost:80. When I want to do calls from Ionic2 (Angular2) to my server on localhost I get this error in the browser console:
XMLHttpRequest cannot load http://localhost/app_dev.php/login.
Response to preflight request doesn't pass access control check:
No 'Access-Control-Allow-Origin' header is present on the requested resource.
Origin 'http://localhost:8100' is therefore not allowed access.
The response had HTTP status code 404.
Wat I understand is that this is a CORS issue (Cross origin resource sharing). As I understand A way to solve this would be to change the build script in ionic to point to a front end distribution location in my Apache project and run the whole project from localhost:80. Another solution is to change the 'Access-Control-Allow-Origin' header.
What is the most simple straight forward solution for this problem?
Checked the possible duplicates, and there was an potential ANSWER to which I want to add some more detail:
Since you are dealing with PHP, the following has worked for me by just adding on top of your php script the following:
<?php
header('Access-Control-Allow-Origin: *'); // this!
header('Access-Control-Allow-Headers: Content-Type'); // and this!
//more code here
?>
During development, you might very possibly need to enable CORS in your browser, here's an extension for CHROME
Hope this helps! :)
I'm coding an app in PHP and I've had issues starting a tag subscription when I don't use HTTPS, I've tested both ways and would prefer to use HTTP if possible.
Has anyone else run into this and know of a solution?
Their documentation doesn't show the need for https. When I use HTTP I get the error
Unable to reach callback URL "http://...
My issue wasn't https vs http. It was my function that curls the post data. I rebuilt it and it works now.
A note for future people trying to use the Realtime API it returns zero data about the Instagram post which I find odd, why note include a post id at the very least. All it currently does is ping your server with data about your subscription effected. Its also worth noting to see that data you have to use this command in PHP
$igdata = file_get_contents("php://input");
Using dropbox '/media' API call I've obtained a direct https file link. Something like this:
https://dl.dropboxusercontent.com/1/view/asdfasdfasdfasd/file.ext
Then I've changed it from 'https' to 'http' and successfully downloaded the file. Obviously enough, the modified link looked like this:
http://dl.dropboxusercontent.com/1/view/asdfasdfasdfasd/file.ext
My question is wether it's ok to use http links or not? Is it some sort of dropbox bug or a hack?
Strange. I get a 400 error when I try to do the same thing.
Even if HTTP is working for you, I'd advise against using it. Someone eavesdropping on your traffic could learn the link to the file, and it's also possible for someone to impersonate dropboxusercontent.com and send you the wrong data.
It's probably best to stick with HTTPS.
From the Magento wiki at:
http://www.magentocommerce.com/api/rest/authentication/oauth_authentication.html#OAuthAuthentication-OAuthProcess
When getting an API token you start off by getting an Unauthorized Request Token at:
www.mystore.com/oauth/initiate
However, my code does not work and when I browse to the above url in my browser I get a 404.
I am appending shop store code to the base url (eg www.mystore.com/en/) I don't know if this alters anything.
The Magento Wiki has a typo:
$adminAuthorizationUrl = 'http://yourhost/admin/oAuth_authorize';
Should be:
$adminAuthorizationUrl = 'http://yourhost/admin/oauth_authorize';
I struggled with this one for most of the day, so here's a late contribution in case it helps anybody:
The authorization URL that's documented by Magento, admin/oauth_authorize, assumes that you're not using a custom URL for your admin access. "admin" is the standard URL to access the Magento dashboard, but many people change it for security. If you have changed your admin URL to something other than "admin", use that instead.
IOW if you access your Magento dashboard at https://yoursite.com/foo, then your authorization URL is foo/oauth_authorize.
I also had the problem, that the following request returned the 404 http status:
http://yourmagentostore.com/oauth/initiate
The solution was quite simple: In case if you are using multiple stores and/or store views on the same domain, don't forget to add the url path which maps to the store view. E.g.
http://yourmagentostore.com/<my-store-view-path>/oauth/initiate
I just had the same problem. Not many similar problems to be found and no solution. This is strange because this seems to be a missing config option 'global/request/direct_front_name', which isn't set in Core/Oauth module. How can all the tutorials work without this important setting!?
Without "oauth" setting being there, every call to /oauth/[controller] leads to "noRouteAction" being resolved (see. Mage_Core_Controller_Request_Http::setPathInfo() and Mage_Core_Controller_Request_Http::isDirectAccessFrontendName($storeCode)) instead of default indexAction.
So, the solution is to set this setting in local config or an own extension as follows
<?xml version="1.0"?>
<config>
[...]
<global>
[...]
<request>
[...]
<direct_front_name>
<oauth/>
</direct_front_name>
</request>
</global>
</config>
Afterwards you can finally get the token at least. I'm checking the further process now.
There is one subtlety don't forget the http:// so your call to the store should be
http://yourmagentostore.com/oauth/initiate
Also there is more to REST services setup then on the link you posted, it is only an overview. There is a ton of configuration on the store before you will actually get a rest response and when the user isn't recognized, unauthorized or without proper ACL privileges you will get 404 or 500 responses. I guess that deters hackers but it is a bear to trouble shoot. I've been down this road and although I am using an automation tool the Setup of the store and troubleshooting is the same.
Take a look on my blog I keep it up to date with my adventures with the Magento REST API
Cheers!
Rich Borek
http://magento-simplified.blogspot.com
I developed a simple web servie using restlets . everything s fine i can call a URI and connect to db and do modifications , but when i tried to do the same using jsp s i was not able to get the jsp page itself in the browser . How can i connect a jsp page to this restlet ?
See this stack and the answer from Rich Seller. I personally prefer using Freemarker