Accessing Cloudant Couch with JSONP - jsonp

I am trying to get a setup so that I can access Cloudant Couch directly without using a middle tier such as PHP, .NET, or Ruby.
It is possible to avoid the cross-domain problem with script injection or JSONP. One can specify a
But this means that your only method can be a GET.
Does Cloudant have a URL convention or proxy that allows you to specify other methods with a GET?
For example you could DELETE a document with something like:
Thanks in advance. Hoping for responses that are directly applicable, not the "why would you want to do that" kind of response.

You can set up a virtual host on cloudant. I don't think this will help you get around XSS same-origin policy though unless you run your entire application from this virtual host.

Well, they support CORS but not the wildcard syntax. However, that should take care of most of your work. I've posted to their support channels if they support returning JSONP but that does bring us to another work-around: try embeding self executing functions into the data object. I'm betting that the CouchDB folks will prevent it from saving (as we don't want self-executing functions messing with CouchDB's innards) but it's worth a shot.

Related

Can I use just DirectusSDK instead of REST or GraphQL?

Are there any downsides to use directusSdk instead of making GraphQL requests?
According to documentation; My front-end can log in users and make requests through javascript SDK.
I would say using the SDK is a great option and is something I choose to do myself where possible, I believe that the Directus application uses it too, therefore it is well looked after 😌

Is it possible to find anything out about the computer/user calling your api? If so, how?

I've created an api using .net core 2 and C#. I'm wondering if there's anyway to find out information about the computer or user that called the api. This is an internally used api so ideally I'd get the Windows user of where the api call came from, but if there's anything I can find out (like an IP address) I'd like to know how. If this isn't possible at all, I'd like to know so I can stop looking for a solution.
No, it's not possible. The server knows only what the client chooses to tell it, typically via request headers. However, the client can also lie, or "spoof" these headers. So, while something like User-Agent may look like it might give you some info about at least the OS/browser, all of that could be completely fabricated.
Matters are even worse with an API, as clients are typically thin, and the actual programmer or whatever connecting to your API must make a conscious decision to provide you with some particular bit of information, which most won't. A web browser typically sends certain standard things without user intervention, but even then users can change or alter what is sent.

goo.gl shortening api: shorten via GET request

Is it possible to shorten a URL using the Goo.gl shortening api with a GET request? Their only instructions are for POST and it doesn't make much sense that they wouldn't have a way to do this via GET.
It's actually unlikely that they support GET to do that. Good practice requires that GET requests not cause side effects (permanent data changes) in web applications. This prevents problems related to web spiders causing havoc simply by trying to crawl a site (imagine a "delete" button that worked with a GET, causing a spider to inadvertently remove content).
Additionally, GET requests are a lot easier to force a third party to do (i.e. embed the url in an image tag on a forum) which often is a security problem. In the case of goo.gl, it would allow trivial and hard to block DoS type attacks on the service.

Simulate an LDAP Server?

For a number of reasons, I do not want to host an actual LDAP server.
Instead, through PHP, I want to simulate the essential functions of an LDAP server.
So I want, for instance, to be able to respond to ldap_search, ldap_connect, ldap_bind, ldap_unbind, etc.
Results would come from MySQL.
It looks like ldap_search would be a matter of returning the same response that an LDAP URL Query would return, which is like a JSON format, but I am unsure about e.g. ldap_bind.
Right now I am just researching the feasibility of providing a "simulated" LDAP Server. I would greatly appreciate any thoughts on how much this would require, using PHP/MySQL.
Thanks in advance!
I think you'll have to go through the protocol specifications and basically build a server implementation. It will give you an idea what you need to do, an LDAP client app will follow the protocol specs very closely.
Specs: https://www.rfc-editor.org/rfc/rfc4510

How can I have multiple instances of webkit without sharing cookies?

I have an app that creates a couple of WebView instances and I'd like to have them operate as independently as possible.
At the very least, I don't want them sharing cookies. A quick google search gave me results liking "you can't." I'm hoping someone has a better answer.
The basic answer is "you can't".
After looking at this for a bit, I think it's possible, but extremely complicated. It would involve implementing a resourceLoadDelegate on your WebView that implements -webView:resource:willSendRequest:redirectResponse:fromDataSource: and modifies the request to turn off HTTPShouldHandleCookies and adds any relevant cookies to the request manually. It also has to implement -webView:resource:didReceiveResponse:fromDataSource: to find out about any cookies returned from the server. You can alloc/init your own copy of NSHTTPCookieStorage per-webview and use that to store/retrieve the cookies.
This post sums up what you could do. I'm not sure if it is feasible for you and I feel it wouldn't be a straightforward task, maybe even risky, but it seems to be possible: the author claims iCab does it this way.
I was hoping for a simpler solution too, really. Of course, since Webkit is open source you could just roll out your own version of the framework with changed behavior I guess?
I would assume that cookies would be configured on a service / application level and not for particular instances or processes. Perhaps you could revise your question to find a way to resolve the problem you are having which requires that the instances do not share cookies.
What is the motivation for not sharing cookies between the instances?
If you just need 3 views into the same web resource you could setup some virtual hosts that point to the same data source.
What you can do is take a look at libcurl which can handle cookie stores that don't mix with the URL Loading system wide cookie storage for those requests you want to separate. For me that seems to be a valid and simple solution. If you really need to depend on webview/webkit it might not be.