I'm not really sure how to word this exactly, so hopefully someone can make sense of it. I've been working on an iPad app that syncs files from a server to your iPad and lets you build presentations with the various files. The corporation I'm working with on this app has a wireless network that requires you to re-authenticate every hour. So every hour instead of getting the expected JSON api response, any HTTP request pulls down the page needed to reauth with the wireless network. I was wondering is there is a specific HTTP response code related to getting sent that page or a "best-practice" way of testing for that page as opposed to JSON.
Granted I could just test to see if the response is HTML, but that doesn't account for other redirect responses that I haven't found yet. I could just test part of the HTML to see if it matches a predetermined portion of the html, but I'm an outside contractor. I can't guarantee they won't change the markup or verbiage of the page after I've made my deliverable.
So does anyone out in the ether know a "best practices" methodology for testing if the app needs to reauth before syncing?
I noticed that on Mac OS X and maybe even iOS, when you connect to a new Wi-Fi network, it will try to contact www.apple.com. This is being done to check if the internet connectivity is available. If it's not available, the Captive Network Assistant will pop-up, showing you the authentication page, or sometimes when I'm in Starbucks, an advertisement.
Following your question, since Apple themselves is doing it this way, I think you could check for HTTP response code, look for something in the HTML markup (slightly discouraged though) or trying to connect to a known server (Reachability).
For a corporation practicing well-documented projects, I am quite sure they won't be changing things without making sure that your app, once deployed will continue to work.
Related
We are in the process of implementing Success Factors LMS, and trying to play and view SCORM compatible files exported from Adobe Captivate 8 and 9 in Success Factors LMS.
I get the message - 'ERROR – unable to acquire LMS API, content may not play properly and results may not be recorded. Please contact technical support’
I have tried SCORM versions 1.2 v3 and 2004 V2 and V4. We can view the content, however it does not track, show as complete etc.
We are also producing Scorm compliant files using Skillcast and Articulate, but we still hit the same issue, we can view the content after closing the API error window, but still does not track.
Anyone experienced this problem before? Or know of a fix?
Many thanks
Normally this issue comes up when the course is unable to get the SCORM API from the LMS...I have seen a ton of SCORM content running in Success Factors before, so I wonder if the issue is in the setup. Are you seeing any "Access Denied" type errors in the browser element inspector/developer tools? I wonder if the course just can not find/have access to the player window. If the course is launching in a new window, you may want to try launching it in the frameset. I have seen folks get around this issue by making sure the player and sco are in the same window...
If you wanted to rule out the content being the issue, you can always test your content in the SCORM Cloud's free sandbox (https://cloud.scorm.com) to make sure the course is properly asking for the API...
If you have any other questions, we would be happy to help...you can just shoot us an email at support#scorm.com.
Thank you!
Joe
The error occurs because the content is not speaking to the Learning Management System (LMS). The code that runs to initialize the session doesn't happen. There is no return "ping" from the LMS.
You will get this error when you publish in SCORM and run from your desktop, or from a web server that isn't connected to an LMS. If it occurs when you are launching from an LMS it can either mean that the SCORM API isn't configured correctly, or your content server is on a different domain (cross-domain) than your application servers.
To test, you should try launching your content in different browsers. Our system was configured in such a way that Firefox and Chrome read our content to be cross-domain issue, and threw the SCORM API error, but Internet Explorer worked just fine.
In the end, it was determined that our server configuration in tandem with our firewall and security settings read the Content server as cross-domain and we had to redeploy our content servers within the firewall.
I am working on a site that uses the PayPal API. This new site will replace the old site at my job. As of right now, I need to check what data the old site sent to the PayPal API. Is there a way to check what data is being sent to and from a different site or API? It is data that is not typed in by the user, but data that already exists in the database that is being sent to the API.
Any help or advice would be great.
Thank you!
It "depends". On Windows platform you could use:
Fiddler or;
Microsoft Message Analyzer
to inspect traffic i/o (on the client system where either tool is installed). I'm sure other platforms will have similar tools.
Chrome Dev (or any other browser) tool will help with browser based traffic.
IMHO, depending on how "old" the existing system is, it maybe worth looking at the API again to see if any newer features are worth the effort since you're updating things...and seems to me getting paid/payments systems/ops would be something high on the priority list :)
Hth...
Im developing a win 8 game in js.
When i deploy my app, can any user can see my code files?
My files has some database passwords, i need to ofuscate it?
There's not really any good way to prevent people from mucking with your REST service if it's public. Sure, you can obfuscate things, digitally sign code, pass around certificates, etc. But in the end it's always possible for someone to reverse engineer your code, emulate a trusted client, or diagnose the network traffic directly.
A better solution here is to focus on mitigating unwanted attacks. Validate the input coming into each web service call, trust nothing, and do a threat analysis on your API. For example, if you were writing a Battleship game, have the server keep track of where each ship is and never expose that information to the clients, allowing them to write a fake client that could cheat. Do the scoring server side, so people can't just post fake scores and get on the high score list.
With that said, unless you're writing the next World of Warcraft, it's unlikely anyone cares enough about your game to jump through any hoops.
Everyone has access to every source file of your app. You just have to go to C:\Program Files\WindowsApps\ to see all your installed apps. If you have a HTML5 app installed, you'll notice that all the .html and .js files are freely accessible by anyone.
You may want to make a simple C# library that won't be so easy to reverse engineer, and put in it the "security critical" parts of your app. You can see how to integrate C# in HTML/JS apps in this MSDN page: http://msdn.microsoft.com/en-us/library/windows/apps/hh779077%28v=vs.110%29.aspx
Okay here is our setup:
Simple form being submitted via AJAX using Prototype 1.7 to a Apache server captured by ColdFusion. (We have noticed similar bugs on pages that submit form data in the conventional way but these pages are used far less.)
Some of our clients are reporting an error. After looking through the logs and doing live testing from their machine Firebug Light is reporting that the request was being sent with the post data.
However on the server side the post data is not present in raw logs or ColdFusion's FORM object or in GetHttpRequestData().
This problem has been isolated to IE only even when running Chrome Frame and is intermittent.
We can not reproduce this error with our IE8 installs on our machines OR on their machines running Firefox or Chrome.
Any thoughts on this extremely difficult bug to track down?
Do you have an HTTP proxy involved in this somewhere? We have had issues in the past, I can't recall the details, but I know that it had something to do with using AJAX to POST. The proxy was configured such that a certain combination of headers would make it misbehave. Take a good look at the HTTP headers coming from the browser, comparing one that works and one that doesn't.
My iOS application, among its features, download files from a specific server. This downloading occurs entirely in the background, while the user is working on the app. When a download is complete, the resource associated with the file appears on the app screen.
My users report some misbehavior about missing resources that I could not reproduce. Some side information leads me to suspect that the problem is caused by the download of the resource's file to be aborted mid-way. Then the app has a partially downloaded file that never gets completed.
To confirm the hypothesis, to make sure any fix works, and to test for such random network vanishing under my feet, I would like to simulate the loss of the network on my test environment: the test server is web sharing on my development Mac, the test device is the iOS simulator running on the same Mac.
Is there a more convenient way to do that, than manually turning web sharing off on a breakpoint?
Depending on how you're downloading your file, one possible option would be to set the callback delegate to null halfway through the download. It would still download the data, but your application would simply stop receiving callbacks. Although, I don't know if that's how the application would function if it truly dropped the connection.
Another option would be to temporarily point the download request at some random file on an external web server, then halfway though just disconnect your computer from the internet. I've done that to test network connectivity issues and it usually works. The interesting problem in your case is that you're downloading from your own computer, so disconnecting won't help. This would just be so you can determine the order of callbacks within the application when this happens, (does it make any callbacks at all? In what order?) so that you can simulate that behavior when actually pointed to your test server.
Combine both options together, I guess, to get the best solution.