I am developing a sling WCMS.
When I call address [e.g. 'http://localhost:8080/apps/bcms/pages/test.jsp'] of a page in the browser, a save dialog box will appear and ask to save jsp file.
How to prevent jsp pages accessible via direct addressing?
Just remove the permissions for anonymous. The script resolution and execution runs with the script user.
Related
Good morning everyone,
I am developing an app for QNAP which has also a web interface. In my qpkg.conf I set QPKG_WEBUI and QPKG_USE_PROXY and I can see correctly the Web interface inside the QNAP interface once I am logged in. It seems perfectly integrated with the QNAP interface, BUT, I can see it also writing the right url in my web browser, even if I am not logged in the QNAP and I cleared all possible cache/cookies.
I want to give access to my Web interface only to valid users. Unfortunately I do not know how to do it. I tried to write a .htaccess to deploy with my application, but without any success (obviously I can not modify the apache standard configuration, and with the standard configuration I was not able to do it).
The only thing I found, inside the Apache folder, there is a pwauth executable that let me ask for username/password (even if I do not want to ask, I want only to see if the user is ALREADY logged in). Anyway with the standard apache configuration, the external module is not loaded, then I can not use the pwauth inside the .htaccess. Maybe I could create some custom cgi program that call it, but I would prefer to avoid custom solution, I really would like to follow a "standard" way to do it, it should be one.....
I would like to know if there is some QNAP variable to set in the qpkg.conf file, or some configuration to set in a .htaccess that does what I want: grant the access only if the user is ALREADY logged in.
Thanks very much to everyone, I could not find anything in google or in the official documentation.
How do I prevent my page say 'index.php' and all other web pages in different folders on server to be accessed anyone by typing the path in address bar of browser like www.kkweb.com/web/index.php. Kindly help.
If you have php correctly installed and running, they get the parsed site. I.e., they can open the website, but cannot read your source code. If you want to avoid even that, you can implement access protection. Google .htpasswd and .htaccess for that.
I want to use an application that checks for broken links. I got to know that, Xenu is one such software. I do not have access to internal aspx/http files on a drive. The Problem I am facing is the Website requires the user to be authenticated. After login I need to crawl the site to determine which links are broken.
As an example, I kick off with mail.google.com. We end up typing the Username and password after which we are served different URLs. If I give the Xenu (or similar programs) the link such as mail.google.com it will not be able to fecth URLs inside the mail.google.com which will be of type - /mail/u/0/?shva=1#inbox/ etc. There lies the problem.
With minimal or least scripting language how can I provide Xenu (or other similar app) capability to Login by providing external URL (mail.google.com) in this example in order to do whatever xenu has to do.
Thanks
Balaji S
Xenu can be used with an authenticated user as long as the cookies are persistent. You will need to enable cookies in Xenu and login once yourself using IE.
From their FAQ:
By default, cookies are disabled, and Xenu rejects all cookies. If you
need cookies because
you have used Internet Explorer to authenticate yourself before
starting a run
to prevent the server from delivering URLs with a
session ID
then you can enable the cookies in the advanced options
dialog. (This has been available since Version 1.2g)
Warning: You
should not use this option if you have links that delete data, e.g. a
database or a shop - you are risking data loss!!!
You can enable cookies in the Options menu. Click Preferences and switch to the Advanced tab.
For single page applications (like gmail) you will also need to configure Xenu to parse Javascript
This is done by modifying the ini file (traditionally at C:\Program Files (x86)\Xenu135\Xenu.ini) and adding a line of code under [Options]
Javascript=[Jj]ava[Ss]cript: *[_a-zA-Z0-9]+ *\( *['"]((/|ftp://|https?://)[^'"]+)['"]
There are several variations provided in their FAQ, but I didn't get them to work perfectly.
I went to Twitter's resource page here (https://twitter.com/about/resources/tweetbutton) and got the following code:
Tweet<script type="text/javascript" src="//platform.twitter.com/widgets.js"></script>
When I put this in my Wordpress template, I don't get the Twitter button -- I just get the text "Tweet". However, when I change the src for widgets.js to include https:// or http:// at the beginning it works.
Could it be that it's just an error that they forgot the protocol? Also, do you think it is better to use https (for consistency with the share link) versus http, or does it not matter?
Thanks for your suggestions.
The URL "//example.com/script.js" tells the browser to open the URL using the protocol of the current page, which is likely to be "file://" if your browser opened an html file on your own machine. Of course, you don't have a file called "file://example.com/script.js" on your computer.
In the past, urls for embedded widgets used to include the protocol (http or https), but a site visitor would receive warnings whenever a secure page loaded a script from an insecure page, and sometimes even vice versa. Now, widgets from Twitter, Google Analytics, and other sites no longer specify the protocol so that the same embed code can work on any page on the internet. The downside is that this does not work when you embed such a widget into a file and view it on your own browser by double-clicking it!
I have an application that loads a web page in the browser and saves it to custom local folder (images, html, css). In the process the "src" attribute of images (in html) and "background-url" property (in css) need to be changed to reflect the locally saved files rather than the original ones. This generates extra web traffic as changing them forces the browser to download the files from modified locations (the browser does this by resolving the uri of the page with the value of element's "src" attribute - the same for "background-url" property ) and as a result, it generates lots of 404 Not Found requests.
I'm using nsIIOService interface to go offline before saving the page (the page is fully loaded and all network activity so far has been stopped) and then back online after the saving is complete. But then the browser displays an alert box "This document cannot be displayed while offline. To go online, uncheck Work Offline from the File menu." whenever I try to change the aforementioned attributes/properties.
Is there any way to prevent such message from appearing or to make the browser not validate the images because of modified "src" values?
I tried to use DOMWillOpenModalDialog on both the browser and the xul application window, but it seems it's of no use - the dialog still appears. The application is not an user application, so it's difficult when such "built-in" messages appear.
Use preventDefault to stop the modal dialog:
document.getElementById(‘content’).contentWindow.addEventListener(‘DOMWillOpenModalDialog’,function(e){ e.preventDefault(); }, true);
As an alternative, try using disablePrivilege, sandbox, redefining the prompt service, or overriding window.alert.