I'm making a firefox addon using webextensions and I need to be able at some point to completely prevent the user from browsing any page until they provide some input.
Is there any way this can be done in webextensions?
There is no direct support for this. You could perhaps hack something up with the webRequest api to block outgoing network requests but that would not block things like internal pages, cached requests, etc. The browser is deliberately built to avoid these sorts of modal interactions, I would urge you to rethink your overall approach.
Related
I am trying to develop a visualization that relies on user-specific external graphics which are necessarily loaded from a remote source, but blocked by GDS's content security policy headers.
I'm looking for a way to stay within the CSP but still get the functionality I need. Are any of these things possible...?
Could I fetch graphical resources via a data source? (In which case I could build a custom data source connector that fetches the images and then feed those as a value into the visualization.)
Is there a valid way to load external resources of any type without violating the CSP?
Google's documentation suggests that they will relax their content security policy "in some cases." Is there an avenue to provide that?
Anyone who's managed to work around this, I'd appreciate some help figuring it out.
You can't make requests, but you can potentially render an svg/canvas image based on the data, so if you had the svg string of an icon as part of the datasource, you could render that.
2&3. There is no current way to make external requests without violating the CSP.
Im trying to create a web page similar to Facebook Home page using MEAN stack.
So when you add a new post, the page adds the post without refreshing it. And if I delete the post the page will delete the post without refreshing the page also.
Should I be using Ajax, Socket io, or etc? not really sure what is the best practice to implement that.
if you have a working example, that will be great.
Thanks
What are you asking for is a situation called server-push where you want the server to be able to notify an open web page about some sort of change so Javascript in the page can then update the display of the page without reloading it.
The usual way in modern browsers to implement server-push is to make a webSocket connection from the browser web page back to the server. This webSocket connection will then stay open and the server is free to send messages to the web page at any time (announcing new posts or deleted posts) and the Javascript in the webpage can then update the display accordingly.
A common implementation of webSocket that works in node.js and all browsers is the socket.io library that you mentioned. It adds some useful features on top of webSockets such as auto-reconnect and a simple message-passing system.
The other less-efficient way to do this is for each web page to send a recurring ajax call (say every minute) to the server asking what has changed recently. But, since this results in a lot of ajax calls where nothing has changed, this can end up being significantly less efficient for both server load and bandwidth usage.
SocketStream is a good solution:
https://github.com/socketstream/socketstream
There are many examples. It will take some time.
I had the idea to make a SPA application using angularJS and then just sending AJAX updates to the server when I need.
My initial idea would be make the client application fly, but if I have to do an AJAX round trip to the server, I think the time would be approximately the same as to request a single web page.
Requesting a page just has more bytes of data, is not like I'm requesting 20 resources like in this article: https://community.compuwareapm.com/community/display/PUB/Best+Practices+on+Network+Requests+and+Roundtrips
I would be requesting a page or resource per request.
So in the end even if I create my client side application as a SPA using angularJS, these requests (would have to be synchronous and show a please wait message while they don't return, as I don't want to user to take more actions before I make sure his request passes validation and is processed correctly) would take some time and make user wait, just about the same time as requesting a full page.
I think SPA pages would be very useful if I have like a wizard on my app with multiple pages/steps and at the end, submit the results of wizard, to the server, which I don't.
Also found this article:
https://help.optimizely.com/hc/en-us/articles/203326524-AngularJS-Backbone-js-and-other-Single-Page-Applications
One of the biggest advantages of Single Page Apps is that they reduce
data transfer. As a result, pages after the initial loading usually
can be displayed faster and seem more interactive.
But I don't believe this last quote is really true.
Am I right, or is there a way that I'm not seeing to build an application that would look like it's executing locally?
I know how guys will start saying "depends on what you want", but lets focus on this scenario where there's no wizards.
What ever you said is right. But most of the frameworks(Angular,BackBone) you take they are going to cache the templates of html on the browser so the rendering would be pretty fast compared to the normal applications. Traditional apps will have to fetch the html from the server for each request which is a time consuming one.
Hope this helps you!!!
If you are wanting to go through that syncronous server side validation step for each page request, then there is probably no big advantage to using AngularJS.
If you are requesting a page and then manipulating that page's contents once it's loaded you might want to consider AngularJS. A good example would be requesting a page that displays a list of items. Now let's say we want to search that list or order it in different ways. Rather than using AJAX to call the server to filter the list and then re-render it, it could be much faster to user AngularJS to filter and re-render the list without making any further requests to the server.
Sometimes when starting up a new instance on AppEngine the process may take some time. It obviously depends on your choice of libraries etc. My question is, is it possible to serve some other page while users are waiting? Reddit does a nice job of this. Other sites like Twitter provide a similar notice to users when the load is too much (they probably also starting more instances in the bg).
Does anybody have any experience in doing this on GAE?
Another twisted way that is very simple to implement without code changes: use another appengine that statically serves a tiny html of just an iframe to your real appengine.
This might break TOS so check that before doing it. It sill cost you more too.
That wrapper appengine can serve js that does the "loading" page , inserts the iframe and lster removes its content when hidden iframe finishes loading, then shows the iframe
I've bumped into several users that have cookies disabled and therefore the site doesn't work like I'd want. I'm using webapp2 and django 1.2 templates with {% url %} template tags on appengine.
I'd like to find an easy way to address this that doesn't make me end up making LOTS of code changes. Going to all my urls and conditionally adding ?cookie= to all of them is going to be a real pain, so I'm hoping there is a simple solution to this problem.
It causes problems with the CSRF code on forms too, what do you do in that case, just give up CSRF?
I can do some stuff in the urlNode code since I should be able to resolve the logged_in_user object from the context, so that might deal with a good bit of the problem, except any place that adds params after the ? will now have to use &. All in all, NOT a pretty solution.
Anyone know of an easier way to deal with this?
I don't recommended building site with cookies as optional requirement, site design gets soon extremely complicated and you probably open more security holes that you can imagine. If you must support users without cookies, use HTTP basic authentication to authenticate and recognize users.