We're using wagtail with CSP (obviously) which means that every time we need to transclude/embed some content from another site we need to update a CSP whitelist as the only way to ensure that server headers play nice with embedded content.
Is there, however, a way to do this from within Wagtail itself, through its admin UI? This seems like the kind of thing a CMS-ORM should be pretty good at.
Looks like this isn't a feature of WagTail at the moment. It looks like there is an open ticket on CSP issues (especially regarding Django CSP integration). It might be a good idea to add your complaint about the lack of UI to that ticket.
Since Wagtail is built on Django, I would suggest using the Django CSP library in the meantime, it seems fairly straightforward and is backed by Mozilla.
Related
We have a website that's running AngularJS 1.*
but one of our main clients are military personnel and they frequently attempt to use the site via Department of Defense computers. These, of course, have javascript disabled.
I've heard of doing server side rendering, but the majority of the examples and research just mention using it for the initial load. We would need the entire site to run off that principle. Essentially acting like an old MVC site. Is this even possible? And I don't mean with just angularJS. Angular 2(5, whatever version we're on now), or react. I just really don't want to back track to .net MVC
Edit: I realize this is, for all intents, a silly question. I was just hoping there was some awesome new tech that had solved the issues that would be present in even attempting this (as stated below, data-binding. I realize this concept completely defeats the purpose of SPAs)
Thanks anyways. I may just delete this question. Didn't have too many expectations to begin with.
This is very possible! Don't let the rest of the people here fool you.
We have a few websites that work just fine with or without JavaScript enabled. My company website https://bitgenics.io is a React app. If you disable your JavaScript the only thing that won't work is the client-side video player.
Now I have no experience with Angular 1 (and I have heard SSR is hard there), but support should be better in the later versions of it.
Getting the GETs to work is the first challenge. But the next one is that you have to have a fallback for your HTTP POSTs. SPAs often use straight REST calls to do any state changes, but you can't do that because it requires JS on the client.
So your forms have to a fallback of a regular FORM post. So you might need some server-side logic to receive these POSTs and respond with a Server-Side Rendered page again.
Hi I am attempting to build a largish website for my company & love to get some feedback on whether I am crazy or its a great idea. I am basically got the ok to go free rein, I guess as long as its going to have benefits (e.g performance, maintainability, scalability, re usability & SEO)
The way I am thinking of going about it.
Wordpress multisite (company has a handful of branches worldwide) e.g China, South Africa, US etc, so content needs to be tailored. Plan to use subdomains?
WP REST API - ability for reusable data across the websites and other blogging sites (scalability and performance) also the capability of browsing offline? http://themeshaper.com/tag/react/
AngularJS for routing/views/get-post requests or possibly React-router?
ReactJS for the view (performance and reusable components across all sites)
Most importantly - good for SEO (site is crawlable) which I believe ReactJS has that covered? ref: http://en.blog.altima.fr/seo/reactjs-seo/ but also whether I need prerender.io or other because of the routing?
Wondering how this will all work together and if theres any issues with the combination of these? Still also getting my head around if this needs to be setup as "Isomorphic" with a node server? (some more insight into this would be great also)
I have been inspired by the theme https://github.com/royboy789/angular-react-wordpress-theme
Thanks!
Not sure that mix of cool buzzwords (WP, Angular, React) is the good way to choose you technology stack. May be good ideas is to use Angular+Laravel, React+Laravel, Wp+HTML.
Considering SEO if you use Angular or React you just have AJAX-site. You can use prerender technique for your site. But recently Google stated that AJAX-crawl scheme is deprecated: http://googlewebmastercentral.blogspot.com/2015/10/deprecating-our-ajax-crawling-scheme.html . So may be there is no need to prerender your pages only for crawlers.
Just really curious about this,is github coded using angularJS in the front-end? I've noticed that the pages almost never reload, just a bunch of behind the scene requests. It acts more of a web app than a web page.
I don't have anything to do with this site, but I believe it serves your purpose:
http://builtwith.com/github.com
It allows you to enter any site, and it attempts to scrape production details for you.
No, you can see by yourself:
Angular.js is just a very good framework around javascript, whatever you can do with angular you can do with vanilla javascript or with other framework (but with more pain).
They use "PJAX" for the seamless transitions:
pjax is a jQuery plugin that uses ajax and pushState to deliver a fast browsing experience with real permalinks, page titles, and a working back button.
https://github.com/defunkt/jquery-pjax
(seems its now pjax2: https://github.com/github/pjax)
Github uses github so you can check out a lot of their libraries at https://github.com/github
I've bumped into several users that have cookies disabled and therefore the site doesn't work like I'd want. I'm using webapp2 and django 1.2 templates with {% url %} template tags on appengine.
I'd like to find an easy way to address this that doesn't make me end up making LOTS of code changes. Going to all my urls and conditionally adding ?cookie= to all of them is going to be a real pain, so I'm hoping there is a simple solution to this problem.
It causes problems with the CSRF code on forms too, what do you do in that case, just give up CSRF?
I can do some stuff in the urlNode code since I should be able to resolve the logged_in_user object from the context, so that might deal with a good bit of the problem, except any place that adds params after the ? will now have to use &. All in all, NOT a pretty solution.
Anyone know of an easier way to deal with this?
I don't recommended building site with cookies as optional requirement, site design gets soon extremely complicated and you probably open more security holes that you can imagine. If you must support users without cookies, use HTTP basic authentication to authenticate and recognize users.
I'm attempting to configure URL routing in my ASP.NET 3.5 WebForms app. Setting up routes has always been confusing to me, so I was hoping I could get some direction.
My requirement is fairly simple. I'm setting up different "brands" of my application, and I'd like the brand to be specified in the URL. For example, http://www.mysite.com/brand1/Default.aspx would bring up one brand (code behind would look up brand1 in the db and load specific text, images, themes, etc) and http://www.mysite.com/brand2/Default.aspx would bring up another brand, etc.
I'm fairly flexible with how the URLs are displayed, with the exception of keeping the http://www.mysite.com/brand1 prefix. That cannot be changed.
Thanks for any help!
I do this by using http://www.UrlRewriter.net, as explained here by Scott Gu:
http://weblogs.asp.net/scottgu/archive/2007/02/26/tip-trick-url-rewriting-with-asp-net.aspx
The trick is to use URL rewriting rules (Regular Expressions) in your web.conifg to get a request for /brand1/default.aspx to actually execute /Processor/Default.aspx?brand=brand1, for example.
NB: The Form.browser trick worked a treat for me when doing postbacks.
Another possible answer from me...
If you're using IIS 7 there is a handy built in module for URL Rewiring, all controlled through a GUI if that's your preference:
http://learn.iis.net/page.aspx/460/using-the-url-rewrite-module/