I have an application in which angular sends the data to nodejs and nodejs send it to the backend which is running in Jetty.Can anyone suggest what would be the best API/approach to send REST request from NodeJs to Backend?
You probably don't want to sister your jetty api in node (endpoint for endpoint). You probably want to handle all requests that match a certain path, say /api and then pass those on to jetty. That is, if you can. Maybe the jetty api is not to be directly exposed.
Either way you should use the most excellent request library to call jetty from your node endpoints:
https://github.com/request/request
Related
I am currently building a web + mobile application.
My front end is developed using React and Axios (for API call requests). It is served directly by vercel on mydomain.com
My Mobile App is developed using the Flutter
My back end is developed using Django and Django Rest. It is served with apache2 on api.mydomain.com. It only serves API endpoints.
So the front-end, Mobile app, and back-end are separated.
I would like only my front-end (mydomain.com) and flutter app to be able to make API requests to my Django Rest backend.
I would like to prevent any other domains, any clients such as postman, insomnia, curl, or any script to make API requests to my backend.
I have already set CORS in Django Rest. However, I can still make requests to the backend using curl or any other client.
Do you have any idea of what I could do to achieve this?
Thanks a lot in advance for your answers.
CORS is enforced only by web browsers to prevent leaking information to unrelated pages that might request it. You need some kind of access control, either by authenticating the caller or limiting access to the endpoint.
Checking the Host header with get_host() may offer sufficient protection, depending on your server setup.
get_host() will tell you the value of the Host header in the request, which is data provided by the client so could be manipulated in any way. The Host header is an integral part of HTTP 1.1 in allowing multiple domains to be hosted at a single address so you might be able to depend on your server rejecting requests that aren't actually arriving from localhost with a matching header, but it's difficult to be certain.
It would likely be more reliable to check the client's network address and reject requests from all clients except those that are specifically allowed.
Check this question too.
I want to request a third party API on Web APP. The API example is https://api.pinesapsapi.com/request.
Can I change the URL and build a different URL with any of the external platforms or AWS?
The basic reason of the URL changing is to keep the API Url private with my developers.
Is this possible?
For Example:
https://api.pinesapsapi.com/request should look something like https://api.xhatdffsdkj.com/request or any other generic URL
If you're looking for an AWS service to specifically do this your best best would be using API Gateway.
Configure a REST API that uses a single method of /{proxy+} and configure it with HTTP_PROXY. You can then add a custom domain name to your API Gateway setup and have it proxy to this other other domain.
Alternatively you would be looking at using a proxy based solution to forward the requests to the endpoint (such as NGINX or HAProxy running on a host such as EC2).
I am creating a web application using GAE/GWT. Front end GUI is a web client and the server is a RESTFUL server both running in GAE in different domains.
I am using json with padding to communicate with the server but discovered I won't be able to send a PUT/POST/DELETE request.
My application will be used to mainly used to query data (query: 85% of cases, modify data: 15%). All requests will be authenticated.
I am considering the following options.
1) For querying use JsonpRequestBuilder, for modifying create a proxy in the web client server side and hit the REST service through this proxy. Use GWT RPC to communicate to this proxy.
2) Make every request as a GET request in my REST service (including those that modify data) and use jsonp directly from web client.
I would prefer option 1) but option 2) seems less work to do.
Should 1) be my preferred option ?
Are there any problems with 2) given all my requests will be authenticated. ?
Is there any other easy approach to solve this problem ?
Regards,
Sathya
The simplest solution is to use CORS which allows you to send requests two different origins. But it is not so widely spread (check caniuse), so if you have to support IE8-9, it will not be enough for you.
In your case I would try to implement dual solution (e.g. CORS + server proxy). If browser supports CORS - send the request directly to the target server, if it doesn't - send request via proxy.
Sorry to ask but what is the advantage to have your client running on a different domain ? From what I understand your client's server will do nothing ...
If you are not the "owner" of the REST backend, maybe this backend should developp an authorization system for third party applications, like oauth2.
Then your application can talk backend to backend with a secured connection. You can use scribe to do that on your backend.
Is there any way to forward an incoming request to GAE, kind of like a reverse proxy, to another server, but without urlfetch? URLFetch is very buggy, and during an attack, I run out of resources, and hence the server crashes.
You can use the Python standard libraries urllib, urllib2 or httplib to make HTTP requests. When running in App Engine, these libraries perform HTTP requests using App Engine's URL fetch service, which runs on Google's scalable HTTP request infrastructure.
So whatever you use, it's all App Engine's URL Fetch service anyway. So I'd say no.
Fetch Overview
There are a lot of ways to do a forward or redirect. You can use a cname in your DNS to create an alias for you new address or a meta refresh in HTML:
<meta http-equiv="refresh" content="0;URL='http://www.example.com/'" />
It all depends on your needs and the kind of request.
I am new to web dev.
I am working on a project (web app, running on jetty port 8081) which is supposed to call the web services from another web app, running on jetty port 8081.
How do I do that?
When you're running a server locally on your computer (like jetty), the root url is always localhost:portnumber
so if you have a web service running on port 8081, it can be accessed by connecting to the url http://localhost:8081
as for calling the services. Javascript offers AJAX (asynchronous javascript and xml) as a method to send and receive for example HTTP requests between the browser and the server. I suggest using jQuery's ajax implementation as it is nicely abstracted. In backbone.js the communication between the application and server is done with models and collections. Remember that backbone assumes you're running a RESTful web service serving up json.
UPDATE:
Because of the same-origin-policy of web browsers ajax can be normally used only to make calls to the origin of the site making the call (same protocol + domain name + port number). This can be circumvented in a controlled manner with for example JSONP, that instead of JSON returns arbitrary Javascript code. In jQuery's ajax, you can use JSONP to make requests to 'foreign' servers by setting the dataType as 'jsonp'.
Hope this helps!