SpiderBasic

- a basic to master the web -
https://forums.spiderbasic.com/

Application Server with Different Ports without CORS/XSS

https://forums.spiderbasic.com/viewtopic.php?t=553

Page 1 of 1

Application Server with Different Ports without CORS/XSS

Posted: Sat Feb 13, 2016 8:58 am
by Stefan Schnell
Hello community,

is it possible to use different ports of a web server without any cross origin or cross site scripting trouble in a browser?

My test scenario:
I execute a web server on standard http port 80.
I write a SpiderBasic application and start it on port 9080.
In the code I call the web server on port 80.
All works well.

Code: Select all

; Begin-----------------------------------------------------------------

  Procedure LinkHandler()
    !window.open('http://127.0.0.1:80', '_blank');              
  EndProcedure

  If OpenWindow(0, 10, 10, 320, 200, "Test")
    HyperLinkGadget(1, 10, 10, 150, 24, "Link to another port", RGB(0, 0, 255))
    SetGadgetColor(1, #PB_Gadget_FrontColor, RGB(0, 0, 0))
    BindGadgetEvent(1, @LinkHandler())
  EndIf

; End-------------------------------------------------------------------
But I don't know exactly - although it works - is that correct or contradict this a safety awareness to use different ports on the same web server?

Thanks for tips and hints.

Cheers
Stefan

Re: Application Server with Different Ports without CORS/XSS

Posted: Sat Feb 13, 2016 9:35 am
by Peter
Stefan Schnell wrote:is it possible to use different ports of a web server without any cross origin or cross site scripting trouble in a browser?
there are several ways (depends on your server). Please take a look: http://enable-cors.org/server.html

Greetings ... Peter

Re: Application Server with Different Ports without CORS/XSS

Posted: Sat Feb 13, 2016 10:18 am
by Fred
I think as long you stay on the same domain, it should be OK.

Re: Application Server with Different Ports without CORS/XSS

Posted: Sun Feb 14, 2016 8:49 am
by Stefan Schnell
Hello Peter,
thanks for your interesting hint.
Another question to you: Bist Du Peter Tübben aus Leverkusen?
Cheers
Stefan

Hello Fred,
thanks for your suggestion, but as far as I can see from my experiments it is not possible without Access-Control-Allow-Origin: * in the response, e.g. if you use SpiderBasic on port 9080 and if you use another server on port 9980 - don't ask my why the port 80 works.
Cheers
Stefan

Hello community,
at the moment I develop a server simulation to mock different responses, e.g. for web and OData services. On this way you have the possibility to simulate easily responses you like and you can see how the requested application react. This server simulation frees you also from the operation of complex infrastructures.

You can define up to 10 different responses and the associated URIs which you want to capture. In the example above you see an OData response for the URI /OData.svc/Products?$format=json. At the moment I test the server simulator with SpiderBasic. My use case is to develop an OData interface to an SAP system, catch the data from the requests, store it as files and build an environment for the simulation. This environment is portable and I can develop the UI, in my case with SpiderBasic, independently from the backend infrastructure.

I think I will publish the server simulator shortly.
What do you think about this idea?

Cheers
Stefan

Re: Application Server with Different Ports without CORS/XSS

Posted: Sun Feb 14, 2016 9:34 am
by Peter
Stefan Schnell wrote:Bist Du Peter Tübben aus Leverkusen?
ja, der bin ich. :)

Grüße ... Peter

Re: Application Server with Different Ports without CORS/XSS

Posted: Thu Feb 18, 2016 6:14 am
by Stefan Schnell
Hello community,

MockAServ is available now - http://mockaserv.stschnell.de/.

It works seamlessly with SpiderBasic. Here an example with a web service.
Hint: SpiderBasic web server runs on port 9080 and MockAServ runs on port 9980 - eighth in the code to the port of the WSDL URL.

Code: Select all


; Begin-----------------------------------------------------------------

  ; Directives----------------------------------------------------------
    EnableExplicit

  ; Constants-----------------------------------------------------------
    Enumeration
      #MainWin
      #btnGetData
      #XMLTree
      #XML
    EndEnumeration

  ; Variables-----------------------------------------------------------
    Global url.s = "http://127.0.0.1:9980/tempconvert.html?WSDL"

  ; Sub FillTree--------------------------------------------------------
    Procedure FillTree(CurrentNode.i, CurrentSublevel.i)

      ; Variables-------------------------------------------------------
        Protected NodeName.s, ChildNode.i

      If XMLNodeType(CurrentNode) = #PB_XML_Normal
        ChildNode = ChildXMLNode(CurrentNode)
        NodeName = GetXMLNodeName(CurrentNode)
        If ChildNode <> 0
          AddGadgetItem(#XMLTree, -1, NodeName, 0, CurrentSublevel)
        Else
          If Trim(GetXMLNodeText(CurrentNode)) <> ""
            AddGadgetItem(#XMLTree, -1, NodeName + " = " + 
              GetXMLNodeText(CurrentNode), 0, CurrentSublevel)
          Else
            AddGadgetItem(#XMLTree, -1, NodeName, 0, CurrentSublevel)
          EndIf
        EndIf
        While ChildNode <> 0
          FillTree(ChildNode, CurrentSublevel + 1)      
          ChildNode = NextXMLNode(ChildNode)
        Wend        
      EndIf
  
    EndProcedure

  ; Sub btnGetData------------------------------------------------------
    Procedure btnGetData()
    
      ; Variables-------------------------------------------------------
        Protected answer.s, MainNode.i

      !$.ajax({
      !  type: "POST",
      !  url: v_url,
      !  contentType: 'text/xml',
      !  dataType: 'xml',
      !  headers: {
      !    'Accept': '*/*'
      !  },
      !  success: processSuccess,
      !  error: processError
      !});

      !function processSuccess(data, textStatus, jqXHR) { 
      !  if (textStatus == "success") {
      !    spider.debug.Print(textStatus);
      !    v_answer = jqXHR.responseText;
           If ParseXML(#XML, answer)
             If XMLStatus(#XML) = #PB_XML_Success
               MainNode = MainXMLNode(#XML)      
               If MainNode
                 ClearGadgetItems(#XMLTree)
                 FillTree(MainNode, 0)
               EndIf             
             EndIf
           EndIf
      !  }
      !}

      !function processError(jqXHR, textStatus, errorThrown) {
      !  spider.debug.Print(textStatus);
      !}    

    EndProcedure

  ; Main----------------------------------------------------------------
    If OpenWindow(#MainWin, 10, 10, 480, 640, "GetData")

      ButtonGadget(#btnGetData, 10, 10, 250, 24, "GetData")
      TreeGadget(#XMLTree, 10, 44, 460, 586)

      BindGadgetEvent(#btnGetData, @btnGetData())

    EndIf

; End-------------------------------------------------------------------

; IDE Options = SpiderBasic 1.20 (Windows - x86)
; Folding = -
; WindowTheme = blue
; CompileSourceDirectory
And also seamlessly with SAP UI5.

Code: Select all

<!doctype html>

<html>

  <!-- Example from http://services.odata.org/V4/OData/OData.svc/ -->

  <head>

    <title>OData test</title>

    <meta http-equiv="Content-Type" content="text/html" />
    <meta charset="ISO-8859-1" />
    <meta http-equiv="X-UA-Compatible" content="IE=edge" />

    <script type="text/javascript" src="resources/sap-ui-core.js"
      id="sap-ui-bootstrap"
      data-sap-ui-libs="sap.ui.commons, sap.ui.table"
      data-sap-ui-theme="sap_bluecrystal">
    </script>

    <script type="text/javascript">

//-Begin----------------------------------------------------------------

  //-function main------------------------------------------------------
    function main() {

      //-Variables------------------------------------------------------
        var oModel, oTable;

      oTable = new sap.ui.table.Table("tableId",{
        visibleRowCount : 8,
        editable : false,
        width : "500px"
      });

      oTable.addColumn(new sap.ui.table.Column({
        label : new sap.ui.commons.Label({text: "ID"}),
        visible : true,
        template : new sap.ui.commons.TextView({text: "{ID}"})
      }));

      oTable.addColumn(new sap.ui.table.Column({
        label : new sap.ui.commons.Label({text: "Rating"}),
        visible : true,
        template : new sap.ui.commons.TextView({text: "{Rating}"})
      }));

      oTable.addColumn(new sap.ui.table.Column({
        label : new sap.ui.commons.Label({text:"Price"}),
        visible : true,
        template : new sap.ui.commons.TextView({text: "{Price}"})
      }));

      oModel = new sap.ui.model.odata.ODataModel("http://127.0.0.1:9981/OData.svc");
      oTable.setModel(oModel);    
      oTable.bindRows("/Products");
      oTable.placeAt("content");

    }

//-End------------------------------------------------------------------

    </script>

  </head>

  <body class="sapUiBody" role="application" onLoad="main()">

    <div id="content" />

  </body>

</html>
Enjoy it.

Cheers
Stefan

Re: Application Server with Different Ports without CORS/XSS

Posted: Thu Feb 18, 2016 8:20 am
by Fred
Looks like the dev tooling is growing ! Good work

Re: Application Server with Different Ports without CORS/XSS

Posted: Sat Feb 20, 2016 5:05 am
by Stefan Schnell
Hello Fred,

thank you.
:)

Here the corresponding post in the SAPUI5 Developer Center of the SCN.

Cheers
Stefan
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited