I have a generic resource uploader that create a GUID for a filename, and keeps an in-memory index of the content type and friendly name associated with each GUID. When the file is accessed at a URL like "folder/GUID", how can I intercept the request, looking up the content type for that GUID in the memory index, and then serve the file with that specific content type?
I would probably use a BeginRequest handler in Global.asax and intercept the request.
Alternatively, if you're working in MVC, then you should have a route which maps to your controller/action which is responsible for serving the file.
Of course, both of these options mean the request is going through the .net pipeline.
You could possibly look at hijacking the mime types via a location tag in web.config too, however I am not sure this will work as there is no extension to map the mime type on.
Related
I am trying to load Tensorflow.js model via HTTP protocol. Tensorflow.js requires me to store 'model.json' and 'weights.bin' files in the same folder. But I can only call 'model.json' as a parameter. It refers to the binary file by itself. That is how it works as far as I know.
For now, in the local environment, I am loading the model from the localhost(Http://127.0.0.1:8080) and it works fine.
However, the actual application accepts HTTPS protocol only. So I have tried to store them with models and weights in the same buckets in S3 and called via Lambda but it seems like only 'model.json' is retrieved. I am thinking of using EC2 instances where the Python Flask server is running but it seems like the same that only model.json is retrieved, not binary files.
Is there any way that I can retrieve 'model.json' with referring to the weight file? Is there anyway to host file server remotely with HTTPS protocol?
TFJS downloads model JSON, parses it and uses whatever paths are specified in the JSON - you can edit that file and set any URL you want for weights.
Alternatively, you can also use lower-level methods to load weights manually (in case you want to have a custom loader, etc.), but leave that for future until you're more comfortable with TFJS.
I have an application written in angularjs and a dropwizard backend. All API calls are ajax, with the exception of file downloads, which is done by performing a redirect to a standard GET request.
All API calls are secured through a token which is passed as a Token header. We use SSL for all APIs.
The download GET request works but I'm having a hard time figuring out how to secure it. I have no way of setting a custom header, which is required to pass the token. So theoretically, I'm left with two options, clearly none of them acceptable: 1. Pass the token as one the GET parameters 2. Leave the download unsecured.
Any ideas how to secure file download?
Putting a secret token in a URL query parameter isn't great because URL tend to be leakable, for example through history/logging/referrers. There are ways to mitigate this: for example you could have the server side issue a download token that is only good for one use or for a limited amount of time. Or the client could pass a time-limited token created using a signature over the secret token that the server side could verify.
Alternatively you could, just for this one interface (eg path-limited, quitckly-expiring) put the token in a cookie.
Another approach is to download the whole file through AJAX, thus allowing you to set the header as normal. Then you have to present the content as a downloadable local resource, which requires a cocktail of browser-specific hacks (eg using data: or filesystem: URLs, and potentially links with the download attribute). Given the complication this isn't usually worth bothering with, especially if the file is very large which may present further storage constraints.
Is there a way to restrict content download "Restricting Anonymous Users From Downloading Files"
Right now, once the user is logged in and he is able to obtain the URL to a path, he can re-download it again even if he logs off.
We've tried
-Rules Module and Content_Access Module to no avail.
it only supports:
Basic Rules per node
There's no
Basic Rules per Content (i.e. videos)
You can control access to files via Drupal only if both conditions are met:
private mode is on (see /admin/config/media/file-system)
Download folder is outside web server access, i.e. file upload folder contents are not accessible from the web.
See hook hook_file_download() which is called for every private file.
Control access to private file downloads and specify HTTP headers.
This hook allows modules enforce permissions on file downloads when the private file download method is selected. Modules can also provide headers to specify information like the file's name or MIME type.
I have few question regarding Silverlight Deployment:
Is it a prerequisite to add MIME type to deploy Silverlight Application?
if Yes, Why so, because the .XAP file can be handled by Static File Handler?
Is MIME type needed for Static File Handler ?
This is a IIS requirement.
As of IIS6 the default mime map of an IIS server does not contain a mapping of .* to "application/octet-stream". The static file handler will to send the a resource to the client where the file extension does not have a mime mapping. This a part of an initiative to close down the attack surface of a web site.
Hence if you do not add the wildcard .* mapping or a specific mapping for .xap (which is preferable over .*) then a Xap file can not be delivered to the client.
Side Note
The Silverlight pulgin doesn't really care about what Content-Type header is set to. In some cases where I have used a hosted service that neither supports .xap nor .* and even has the audacity to check that the contents of the file is what file extension says it is, I've renamed a xap to zip. Pointing the source of the silverlight plugin at a zip works fine.
I'm not aware of a solution for implementing custom persistent vanity URLs (my term, not sure if thats what they're really called) in DotNetNuke. Does anyone know of a solution? It can be configuring the core, using a third party module, or a suggestion of how to write it from scratch.
Here is what I'm thinking:
I want to point people to: http://mywebsite.com/awesome
I want the underlying URL to be http://mywebsite.com/genericpage.aspx?key=awesome&etc=etc
I don't want the URL to redirect. I want the user to see http://mywebsite.com/awesome only.
Essentially I'd envision an administrator being able to create these vanity URLs and specify what the vanity URL is and what the underlying URL is.
The closest thing, out of the box, is to define your friendly urls in SiteUrls.config found in the DotNetNuke root.
This way:
you point people to:
http://mywebsite.com/awesome.aspx
you have an underlying URL
http://mywebsite.com/Default.aspx?tabid=ID&etc=etc
users see:
http://mywebsite.com/awesome.aspx
Main restriction is that you will have an .aspx extension.
SiteUrl.config rules look like this:
<RewriterRule>
<LookFor>.*/awesome.aspx</LookFor>
<SendTo>~/default.aspx?tabid=ID&etc=etc</SendTo>
</RewriterRule>
Rewriter rule matches incoming url to a regular expression in the LookFor section, and sends it to an underlying url in the SendTo section. You need to be careful with the XML escape character '&' in the querystring parameters.
3rd party extensions like URL Master provide much more fine grained control, and you can have a global friendly url scheme based on page names, with or without .aspx extensions. Nevertheless, a simple "one url at a time" approach can be safer if you have custom modules with URL dependencies.
ActiveSocial supports these and I thought I saw something about support for this in Version 2.x of IFinity's URL Master, but I can't find anything on it now.