I have created RESTFUL urls that respond with some JSON data when fetched by backbone.
So a url like /lists responds with a json array of user-created lists. My want that if the url is accessed by address bar input like mydomain.com/lists, the json data is displayed in text on browser. I want the server to respond only if the url is accessed from within the application. Can somebody provide me some hints on how to achieve this?
Like #Thilo said, you're not going to be able to do prevent a person with the right tools to see what's coming across the wire, Firebug's console/net tabs already keep track of requests and show the contents of responses.
That being said, what you can do is check whether the HTTP_X_REQUESTED_WITH HTTP header is set to 'XMLHttpRequest', and only return the JSON in this case. Backbone makes an Ajax call so this will always be the case with the Backbone calls (in modern browsers). Again this won't help much except for people who type it into the address bar directly (and do a normal GET request) won't see the JSON.
Related
I just want to ask what would be the best way to hide sensitive data using anugularJS.
I am developping a VOD (Video On Demand) app in which I have to make movies' links hidden and not accessible by users.
For example, I get this JSON from backend using $http inside a moviesFactory:
{ "title": "movieTitle", "link": "www.some-provider-link.com/movie-link.mp4"}
And when I need to show the video, I put this JSON in my scope like that:
$scope.movie = moviesFactory.getMovie().then(callbackOk, callbackNonOk);
My problem is since the scope is accessible from user using chrome extensions or even angular.element(document.getElementById('anElementId')).scope()
everyone can access my scope and see the links.
So what am I doing wrong? ANd how can I hide those data?
You can't directly by this way, because javascript is executed in client side (and you have not full control of the sources you provide to the clients).
And sharing (encrypted/obscured or not) your complete files url ('www.some-provider-link.com/movie-link.mp4') it's NOT a good idea, if you are concerned of the privacy of those files.
You should consider including some sort of authentication (like tokens) and make an API in your server that gives you all the data you needs (like .mp4 files) as a stream of bytes, when a user is authenticated.
i had been working in a Spring Rest Data API in an application (just for fun).
I have the core made, works fine but now I want to use AngularJS as front-end.
I had work with Jackson (Mapping Java Objects to JSON), but with Spring Rest Data the Json response it's diferent, it has _embedded, _links, self, etc. links that make me confuse. I have something like this in the root url http://localhost/8080/app/api/tarifas
I have used a JS script called restangular but i have serveral problems (I'm newbie with Angular)
In my controller i have this
Check the error
If I add a RestangularProvider in my app.config(...) and change the Controller to getList instead get, works fine, but I need several entities data formats.
Any help it's welcome. If you know a better way please tell me.
Thanks!!
UPDATE
I found a form to do this (i donĀ“t know if it's the better) but now my problem is the next:
I have objects that has other objects as attributes (realtionship), and the reference in the JSON is a link (not an object). Then, in the grid; the value of the description's internal object is blank. To get the json data I found this
Now I have the next content for one register (one of the grid)
And my grid (In Angular, HTML) looks like this (empty fields)
How can I retrieve the attribute description from the member estado, categoria, etc. and show it in the grid. Should make the request to get it?
Thanks!!
You can use either angular.toJson or json.stringify
Angular-toJson documentation
Json.stringify documentation
I am trying to hit the courier companies website from Controller ( e.g bluedart,fedex etc) by passing the courier tracking number and fetch status of the given tracking number.
I am using $HttpSocket->get/post to hit the webpage URL
I am able to display the response body
How can I fetch the data from the response.
Or is there any other way to achieve the same
Please help me out .
How can I fetch the data from the response.
Parse the result, either using regular expressions or the DOMDocument class and traverse it. See Parsing HTML in Cakephp as well.
Or is there any other way to achieve the same
Use the APIs these companies usually offer.
I would like to know what is the proper way to get data from backend when I want to use angularJs (or similar) in my web app?
The only way I see is to render html (static html with js scripts - e.g. angularjs) with no data from backend and then download data via ajax requests from my backend API. But I think this solution is not good because of many HTTP requests:
For example I have blog website, I want to show a post, comments, and the related posts on the sidebar. So probably I need to make at least 3 HTTP requests to get the data unless I will prepare API to get all I need in one request.
I can also imagine websites that could have much more HTTP requests. Is it a proper way to do this? Doesn't it overload a server? Or my way of thinking is so wrong?
It is either websockets or HTTP requests. Preparing API to get all in one request is one option. Another two options are XMLHttpRequest/iframe streaming which is a method of a technique known as Comet.
I would go with websockets since it is supposed to solve the problem that was previously solved with weird applications like iframe streaming. There are libraries that properly handles fallbacks if the browser does not support websockets:
web-socket-js ( this needs a websocket server )
Socket.IO ( this has a node.js module and also implements a kind of unnecessary protocol on top of websocket protocol )
If you choose the old methods there will be many problems waiting for you on the road like XmlHttpRequest.responseText while loading (readyState==3) in Chrome
I think you have to distinguish two cases:
You render the page for the first time.
You update parts of your page when something changes
Of course in the second case it makes sense to fetch only parts of the page via individual HTTP requests. However, in the first case you can simply serialize your complete model as one JSON object and embed it in the page like this:
<script type="text/javascript">
var myCompleteModel = { /* Here goes your model */ };
<script>
The controllers of the components on your page can then access this global variable to extract the parts being relevant for them. You can also wrap access to the initial model in a service to avoid accessing a global variable in all your controllers.
I am starting with jqtree and I need to load data from server, without url (I have seen examples of loading ajax data from url, and it's not what I need) and I haven't found anything about that anywhere. Does someone know how can I set a jqtree treeview calling the data from the server? Also, how should I return the json node list?
A server request needs a URL. That's how HTTP works.
An alternative you can try is to put the data directly into the page which initializes the jqtree. The data attribute can directly be given a JS object.