Application Server with Different Ports without CORS/XSS

Everything else that doesn't fall into one of the other categories.
Stefan Schnell
Posts: 46
Joined: Tue Dec 01, 2015 8:17 am
Contact:

Application Server with Different Ports without CORS/XSS

Post by Stefan Schnell »

Hello community,

is it possible to use different ports of a web server without any cross origin or cross site scripting trouble in a browser?

My test scenario:
I execute a web server on standard http port 80.
I write a SpiderBasic application and start it on port 9080.
In the code I call the web server on port 80.
All works well.

Code: Select all

; Begin-----------------------------------------------------------------

  Procedure LinkHandler()
    !window.open('http://127.0.0.1:80', '_blank');              
  EndProcedure

  If OpenWindow(0, 10, 10, 320, 200, "Test")
    HyperLinkGadget(1, 10, 10, 150, 24, "Link to another port", RGB(0, 0, 255))
    SetGadgetColor(1, #PB_Gadget_FrontColor, RGB(0, 0, 0))
    BindGadgetEvent(1, @LinkHandler())
  EndIf

; End-------------------------------------------------------------------
Image

Image

But I don't know exactly - although it works - is that correct or contradict this a safety awareness to use different ports on the same web server?

Thanks for tips and hints.

Cheers
Stefan
User avatar
Peter
Posts: 1086
Joined: Mon Feb 24, 2014 10:17 pm
Location: 127.0.0.1:9080
Contact:

Re: Application Server with Different Ports without CORS/XSS

Post by Peter »

Stefan Schnell wrote:is it possible to use different ports of a web server without any cross origin or cross site scripting trouble in a browser?
there are several ways (depends on your server). Please take a look: http://enable-cors.org/server.html

Greetings ... Peter
Fred
Site Admin
Posts: 1506
Joined: Mon Feb 24, 2014 10:51 am

Re: Application Server with Different Ports without CORS/XSS

Post by Fred »

I think as long you stay on the same domain, it should be OK.
Stefan Schnell
Posts: 46
Joined: Tue Dec 01, 2015 8:17 am
Contact:

Re: Application Server with Different Ports without CORS/XSS

Post by Stefan Schnell »

Hello Peter,
thanks for your interesting hint.
Another question to you: Bist Du Peter Tübben aus Leverkusen?
Cheers
Stefan

Hello Fred,
thanks for your suggestion, but as far as I can see from my experiments it is not possible without Access-Control-Allow-Origin: * in the response, e.g. if you use SpiderBasic on port 9080 and if you use another server on port 9980 - don't ask my why the port 80 works.
Cheers
Stefan

Hello community,
at the moment I develop a server simulation to mock different responses, e.g. for web and OData services. On this way you have the possibility to simulate easily responses you like and you can see how the requested application react. This server simulation frees you also from the operation of complex infrastructures.

Image

You can define up to 10 different responses and the associated URIs which you want to capture. In the example above you see an OData response for the URI /OData.svc/Products?$format=json. At the moment I test the server simulator with SpiderBasic. My use case is to develop an OData interface to an SAP system, catch the data from the requests, store it as files and build an environment for the simulation. This environment is portable and I can develop the UI, in my case with SpiderBasic, independently from the backend infrastructure.

I think I will publish the server simulator shortly.
What do you think about this idea?

Cheers
Stefan
User avatar
Peter
Posts: 1086
Joined: Mon Feb 24, 2014 10:17 pm
Location: 127.0.0.1:9080
Contact:

Re: Application Server with Different Ports without CORS/XSS

Post by Peter »

Stefan Schnell wrote:Bist Du Peter Tübben aus Leverkusen?
ja, der bin ich. :)

Grüße ... Peter
Stefan Schnell
Posts: 46
Joined: Tue Dec 01, 2015 8:17 am
Contact:

Re: Application Server with Different Ports without CORS/XSS

Post by Stefan Schnell »

Hello community,

MockAServ is available now - http://mockaserv.stschnell.de/.

It works seamlessly with SpiderBasic. Here an example with a web service.
Hint: SpiderBasic web server runs on port 9080 and MockAServ runs on port 9980 - eighth in the code to the port of the WSDL URL.

Image

Code: Select all


; Begin-----------------------------------------------------------------

  ; Directives----------------------------------------------------------
    EnableExplicit

  ; Constants-----------------------------------------------------------
    Enumeration
      #MainWin
      #btnGetData
      #XMLTree
      #XML
    EndEnumeration

  ; Variables-----------------------------------------------------------
    Global url.s = "http://127.0.0.1:9980/tempconvert.html?WSDL"

  ; Sub FillTree--------------------------------------------------------
    Procedure FillTree(CurrentNode.i, CurrentSublevel.i)

      ; Variables-------------------------------------------------------
        Protected NodeName.s, ChildNode.i

      If XMLNodeType(CurrentNode) = #PB_XML_Normal
        ChildNode = ChildXMLNode(CurrentNode)
        NodeName = GetXMLNodeName(CurrentNode)
        If ChildNode <> 0
          AddGadgetItem(#XMLTree, -1, NodeName, 0, CurrentSublevel)
        Else
          If Trim(GetXMLNodeText(CurrentNode)) <> ""
            AddGadgetItem(#XMLTree, -1, NodeName + " = " + 
              GetXMLNodeText(CurrentNode), 0, CurrentSublevel)
          Else
            AddGadgetItem(#XMLTree, -1, NodeName, 0, CurrentSublevel)
          EndIf
        EndIf
        While ChildNode <> 0
          FillTree(ChildNode, CurrentSublevel + 1)      
          ChildNode = NextXMLNode(ChildNode)
        Wend        
      EndIf
  
    EndProcedure

  ; Sub btnGetData------------------------------------------------------
    Procedure btnGetData()
    
      ; Variables-------------------------------------------------------
        Protected answer.s, MainNode.i

      !$.ajax({
      !  type: "POST",
      !  url: v_url,
      !  contentType: 'text/xml',
      !  dataType: 'xml',
      !  headers: {
      !    'Accept': '*/*'
      !  },
      !  success: processSuccess,
      !  error: processError
      !});

      !function processSuccess(data, textStatus, jqXHR) { 
      !  if (textStatus == "success") {
      !    spider.debug.Print(textStatus);
      !    v_answer = jqXHR.responseText;
           If ParseXML(#XML, answer)
             If XMLStatus(#XML) = #PB_XML_Success
               MainNode = MainXMLNode(#XML)      
               If MainNode
                 ClearGadgetItems(#XMLTree)
                 FillTree(MainNode, 0)
               EndIf             
             EndIf
           EndIf
      !  }
      !}

      !function processError(jqXHR, textStatus, errorThrown) {
      !  spider.debug.Print(textStatus);
      !}    

    EndProcedure

  ; Main----------------------------------------------------------------
    If OpenWindow(#MainWin, 10, 10, 480, 640, "GetData")

      ButtonGadget(#btnGetData, 10, 10, 250, 24, "GetData")
      TreeGadget(#XMLTree, 10, 44, 460, 586)

      BindGadgetEvent(#btnGetData, @btnGetData())

    EndIf

; End-------------------------------------------------------------------

; IDE Options = SpiderBasic 1.20 (Windows - x86)
; Folding = -
; WindowTheme = blue
; CompileSourceDirectory
And also seamlessly with SAP UI5.

Image

Code: Select all

<!doctype html>

<html>

  <!-- Example from http://services.odata.org/V4/OData/OData.svc/ -->

  <head>

    <title>OData test</title>

    <meta http-equiv="Content-Type" content="text/html" />
    <meta charset="ISO-8859-1" />
    <meta http-equiv="X-UA-Compatible" content="IE=edge" />

    <script type="text/javascript" src="resources/sap-ui-core.js"
      id="sap-ui-bootstrap"
      data-sap-ui-libs="sap.ui.commons, sap.ui.table"
      data-sap-ui-theme="sap_bluecrystal">
    </script>

    <script type="text/javascript">

//-Begin----------------------------------------------------------------

  //-function main------------------------------------------------------
    function main() {

      //-Variables------------------------------------------------------
        var oModel, oTable;

      oTable = new sap.ui.table.Table("tableId",{
        visibleRowCount : 8,
        editable : false,
        width : "500px"
      });

      oTable.addColumn(new sap.ui.table.Column({
        label : new sap.ui.commons.Label({text: "ID"}),
        visible : true,
        template : new sap.ui.commons.TextView({text: "{ID}"})
      }));

      oTable.addColumn(new sap.ui.table.Column({
        label : new sap.ui.commons.Label({text: "Rating"}),
        visible : true,
        template : new sap.ui.commons.TextView({text: "{Rating}"})
      }));

      oTable.addColumn(new sap.ui.table.Column({
        label : new sap.ui.commons.Label({text:"Price"}),
        visible : true,
        template : new sap.ui.commons.TextView({text: "{Price}"})
      }));

      oModel = new sap.ui.model.odata.ODataModel("http://127.0.0.1:9981/OData.svc");
      oTable.setModel(oModel);    
      oTable.bindRows("/Products");
      oTable.placeAt("content");

    }

//-End------------------------------------------------------------------

    </script>

  </head>

  <body class="sapUiBody" role="application" onLoad="main()">

    <div id="content" />

  </body>

</html>
Enjoy it.

Cheers
Stefan
Fred
Site Admin
Posts: 1506
Joined: Mon Feb 24, 2014 10:51 am

Re: Application Server with Different Ports without CORS/XSS

Post by Fred »

Looks like the dev tooling is growing ! Good work
Stefan Schnell
Posts: 46
Joined: Tue Dec 01, 2015 8:17 am
Contact:

Re: Application Server with Different Ports without CORS/XSS

Post by Stefan Schnell »

Hello Fred,

thank you.
:)

Here the corresponding post in the SAPUI5 Developer Center of the SCN.

Cheers
Stefan
Post Reply