php - CORS - API Authentication : Sessions (CSRF Security) - Work Around? -

-

i using cors method (rewriting external requests example.com/api?param=args example.com/api/public/api.php?param=args) , sending request so:

$.get('http://www.example.com/api'), { param: "args" })     .done(function (data) {         alert(data);     });

this works absolutely fine , can cross-domain reference requests , responses api software.

i wondering, set test request try achieve session.

session_start(); if(isset($_get['store'])):     $_session['key'] = $_get['store']; elseif(isset($_get['show'])):     echo $_session['key']; endif;

when go link directly in browser, works fine however, when send request external domain, second request seems "forget" session key stored.

code:

$.get('http://www.example.com/api'), { store: "test" })     .done(function () {         $.get('http://www.example.com/api'), { show: "args" })             .done(function (data) {                alert(data);         })     });

data undefined

is there way can make server sending requests "save" or "remember" session on api server or there way can achieve using work around?

note api used multiple people - plugin - , each key added once send register param request admin details of there account need sort of authentication using api , cannot think of way around not using session's or getting work using session's.

please note also, if using session (as can see that), creates crsf attack. there work around also?

by default, credentials (such cookies) not sent on cross-origin requests because trigger preflight requests.

the jquery documentation describes how enable credentials:

$.ajax({    url: a_cross_domain_url,    xhrfields: {       withcredentials: true    } });

cannot think of way around not using session's

pass auth token in body of response. read js. have js include in each request.

please note also, if using session (as can see that), creates crsf attack. there work around also?

don't use * origin in access-control-allow-origin header. allow trusted sites use api.


Comments

Post a Comment

Popular posts from this blog

java - Run spring boot application error: Cannot instantiate interface org.springframework.context.ApplicationListener -

-
i have spring project , try make use spring boot , run @ embadded tomcat following : https://spring.io/guides/gs/rest-service/ this application //@configuration //@enableaspectjautoproxy @springbootapplication @componentscan(basepackages = "gux.prome") public class application { public static void main(string[] args) { springapplication.run(application.class, args); } } if use maven command: mvn spring-boot:run , project starts fine, need debug , run main method @ intelij, exception occurs: exception in thread "main" java.lang.illegalargumentexception: cannot instantiate interface org.springframework.context.applicationlistener : org.springframework.boot.logging.classpathloggingapplicationlistener @ org.springframework.boot.springapplication.createspringfactoriesinstances(springapplication.java:414) @ org.springframework.boot.springapplication.getspringfactoriesinstances(springapplication.java:394) @ org.springframework.bo...
Read more

reactjs - React router and this.props.children - how to pass state to this.props.children -

-
i'm using react-router first time , don't know how think in yet. here's how i'm loading components in nested routes. entry point .js reactdom.render( <router history={hashhistory} > <route path="/" component={app}> <route path="models" component={content}> </route> </router>, document.getelementbyid('app') ); app.js render: function() { return ( <div> <header /> {this.props.children} </div> ); } so child of app content component sent in. i'm using flux , app.js has state , listens changes, don't know how pass state down this.props.children. before using react-router app.js defines children explicitly, passing state natural don't see how now. using couple of react helper methods can add state, props , whatever else this.props.children render: function() { var children = react.ch...
Read more

Excel VBA "Microsoft Windows Common Controls 6.0 (SP6)" Location Changes -

-
i have excel workbook used generate quotations customers. there main page user inputs data, , there buttons generate various pdfs , send them customer. however, 1 user consistently getting error preventing generating , sending pdfs. i beleive "microsoft windows common controls 6.0 (sp6)". it's installed on users' computers. on mine, location "c:\windows\syswow64\mscomctl.ocx" on others "c:\windows\system32\mscomctl.ocx" the user experiencing issues on 32-bit machine, "mscomctl.ocx" file should in system32. have manually put in there, , pointed common controls reference in vba it. issue seems keep reverting looking in syswow64. since folder doesn't exist, can't find it, , can't produce pdfs. i thought perhaps issue user running older version of office (2007) there users on 2013 , 2016. thought perhaps mixture of 64-bit , 32-bit users. user gets sent workbook other users (as quotation process goes further, gets passed ...
Read more