Welcome, Guest |
You have to register before you can post on our site.
|
Online Users |
There are currently 434 online users. » 1 Member(s) | 429 Guest(s) Bing, Facebook, Google, Yandex, RenSword
|
Latest Threads |
How can I get started? Do...
Forum: CrossTalk General Discussion
Last Post: Natalieird
Yesterday, 09:34 AM
» Replies: 0
» Views: 16
|
Priority support
Forum: IntraWeb General Discussion
Last Post: Comograma
05-07-2024, 03:47 PM
» Replies: 0
» Views: 68
|
Dummy div in a IWRegion
Forum: IntraWeb General Discussion
Last Post: StephB
05-07-2024, 09:02 AM
» Replies: 7
» Views: 485
|
IW 15.5.9 IWChart
Forum: IntraWeb General Discussion
Last Post: actioneer
05-07-2024, 01:53 AM
» Replies: 4
» Views: 472
|
Order of IWRtlFix Unit
Forum: IntraWeb General Discussion
Last Post: jeroen.rottink
05-03-2024, 05:59 PM
» Replies: 1
» Views: 160
|
tiwselect feature?
Forum: IntraWeb General Discussion
Last Post: joelcc
05-03-2024, 05:31 PM
» Replies: 0
» Views: 129
|
IWFileUploader Drag and D...
Forum: IntraWeb General Discussion
Last Post: Airlizard
05-02-2024, 02:05 PM
» Replies: 0
» Views: 146
|
TIWBSTabControl OnAsyncCh...
Forum: IntraWeb General Discussion
Last Post: Comograma
05-02-2024, 09:59 AM
» Replies: 0
» Views: 124
|
CompressorImplementation
Forum: IntraWeb General Discussion
Last Post: JuergenS
05-01-2024, 12:23 PM
» Replies: 1
» Views: 293
|
303 Redirect and Response...
Forum: IntraWeb General Discussion
Last Post: Alexandre Machado
04-30-2024, 07:02 AM
» Replies: 5
» Views: 845
|
|
|
Open a PDF file in a new window |
Posted by: SorenJensen - 10-10-2019, 09:18 PM - Forum: IntraWeb General Discussion
- Replies (8)
|
|
Hi All,
I have changed the post completely as I now have a partly working solution:
I have managed to get a PDF file opened in a separat window, but only by copying the file into the wwwroot (contentpath) directory. When the file is there, WebApplication.NewWindows({filename}) will work. Both on IE11 and Edge.
However, the files I want to be able to open and show, are all on a document server (+/- 2 mill. files), and the program have access to the area. A function in the program checks the presence of the file before it allows the user to click a button to open and see the file. However, when WebApplication.NewWindow is called with a filepath, outside the wwwroot path, the browser that opens up, give an error 404.
So what does it take for the WA.NewWindow to be allowed to open a file on a shared network resource, outside the wwwroot path, but within the domain the webservice server is in ?
Obviously it works when the file is in the wwwroot directory, so a solution could be to copy the requested file over to wwwroot, show the file on screen, and then delete the copy after viewing it. The files are max. 5k each, so size is not a problem. But how do I copy it over ? FileExists(exactfilepath) works, but can I use something like XCopy(exactFilepath,contentpath) to copy it and then open it ? Or something similar ?
I've tried with Sendfile to get hold of the file on the document server, and to download it to the wwwroot dir, but sendfile do not work either. I hope someone else have been more sucessful and will explain how to.
Regards
Soren
|
|
|
Refreshing TIWBSImage |
Posted by: pdinsd - 10-10-2019, 07:12 PM - Forum: IntraWeb General Discussion
- Replies (2)
|
|
I have a TIWBSImage on a form. I then use the TIWFileUploader to upload a new logo. However, I notice that the TIWBSImage does not update with the new image unless I completely close the browser (close the session) and re-open it. The reason is that the form is pulling the image from the IW cache, instead of the relative URL file path I've set in the TIWBSImage property as shown below:
This code works when the form loads:
Code: CurDir := TIWAppInfo.GetAppPath;
logodir:='/iwbs/images/';
logostr:=Curdir+'wwwroot/iwbs/images/'+tenant+'logo.png';
if (fileexists(logostr)) then
begin
currentLogo.ImageFile:=logodir+tenant+'logo.png';
tenantTabOptionsPage3.Repaint;
end;
But after this point, the image always loads from the cache (which is different URL than the coded URL). So uploading a new image has no effect until the session is restarted.
How can I always pull the image from the ImageFile property instead of the cache?
|
|
|
Best practice regarding Security-Relevant HTTP Headers |
Posted by: magosk - 10-09-2019, 09:25 AM - Forum: IntraWeb General Discussion
- Replies (23)
|
|
Hi. We have a customer that has performed a penetration test for one of our web applications and claims in one finding that several security-related HTTP header are missing, these are Strict Transport Security, XSS Protection, Content Type Options and Content Security Policy. They recommend that at least the three first are set in order to consider the finding as fixed. We do however set these three at the beginning of a session according to recommendations in a previous forum thread, but I guess that these do not carry over to every response sent by the web application. Our current code looks like this:
Code: procedure TBaseClientServerController.IWServerControllerBaseNewSession(aSession: TIWApplication);
...
begin
if Assigned(aSession) and Assigned(aSession.Response) and (SSLOptions.Port <> 0) then
SetCustomHeadersForHSTS(aSession);
...
end;
{Impl. from Hafedh TRIMECHE, see https://forums.embarcadero.com/thread.jspa?messageID=677727#677727}
procedure SetCustomHeadersForHSTS(aSession:TIWApplication);
type
TCustomHeader=
record
Key ,
Value : UnicodeString;
end;
const
CustomHeaders : array[1..5] of TCustomHeader =
(
(Key:'Strict-Transport-Security' ; Value:'max-age=31536000; includeSubDomains'),
(Key:'Pragma' ; Value:'no-cache'),
(Key:'Cache-Control' ; Value:'no-cache, no-store, must-revalidate, private'),
(Key:'X-Content-Type-Options' ; Value:'nosniff'),
(Key:'X-XSS-Protection' ; Value:'1; mode=block')
);
var
iHeaders : Integer;
begin
aSession.Response.Expires := EncodeDate(1000,1,1);//31/12/1899 00:00:00;
aSession.Response.AllowCaching := False;
aSession.Response.CacheControlEnabled := False;
for iHeaders:=Low(CustomHeaders) to High(CustomHeaders) do
begin
if CustomHeaders[iHeaders].Value<>'' then
begin
aSession.Response.Headers.Values[CustomHeaders[iHeaders].Key] := ' '+CustomHeaders[iHeaders].Value;
end;
end;
end;
If you test our web application with SSL Labs, it has always (since we first implemented this) recognized that we use HTTP Strict Transport Security and given us an A+ rating. This leads to a number of questions:
- Is it sufficient to set these all these headers at the beginning of an IW session (which would imply that the tester's conclusion is wrong)?
- Or should one or more of these headers be set for every response?
- If Yes on 2, which are the appropriate ServerController properties and event(s) to use? Example code?
- For the fourth header, Content Security Policy, the tester writes the following: "Content Security Policy requires careful tuning and precise definition of the policy. If enabled, CSP has significant impact on the way the browser renders pages (e.g., inline JavaScript is disabled by default and must be explicitly allowed in the policy). CSP prevents a wide range of attacks, including Cross-Site Scripting and other Cross-Site injections.". They recommend using this if this does not interfere with the application, and gives an example header like this: "Content-Security-Policy: default-src 'self'". What is the consequence of using this in an IntraWeb application? I it something we should attempt?
I would be much grateful for feedback on this. The tester regard this as a Medium severity finding that we need to fix in the near future.
Best regards
Magnus Oskarsson
|
|
|
IW15.1.5 TIWCallBacks.Invoke not passing query string parameters |
Posted by: jeroen.rottink - 10-07-2019, 08:10 PM - Forum: IntraWeb General Discussion
- Replies (5)
|
|
I come from IW15.0.23 where I had a working IW app using IWBS and templates to show a bootstrapTable with server-side search.
For this to work the client sends back the search string as a query string parameter. In IW15.1.5 this is not working anymore.
Debugging this I see the callback is called by TIWCallBacks.Invoke() and this method should provide the params by copying it from LForm.Params. But this property is empty.
aRequest.Params is filled with the correct params...
|
|
|
TIWFileUploader not working when named IWFileUploader |
Posted by: jeroen.rottink - 10-07-2019, 09:12 AM - Forum: IntraWeb General Discussion
- Replies (4)
|
|
Hi,
In a project compiled with IW15.0.18 I used a TIWFileUploader component named IWFileUploader. This was working fine.
I now recompiled that project with IW15.0.23 and see the event OnAsyncUploadCompleted is not called.
When I rename the component to IWFileUploader1 or Uploader it works fine again.
Did something change in parsing the query string parameters between .18 and .23?
You can check by compiling demos\IWFileUploaderDB and renaming the component.
|
|
|
How fix a raw text image gif to send to front end |
Posted by: cprmlao@hotmail.com - 10-06-2019, 11:29 PM - Forum: IntraWeb General Discussion
- Replies (1)
|
|
I have a winCGI executable script returning a image. I am using Intraweb as server.
The cgi is from a third party and I can't change your code.
I create my owner ContentHandler to run the cgi.
I am not using CGIRunner because It diidn´t work to me.
My handler is something as:
Code: function TContentDicom.Execute(aRequest: THttpRequest; aReply: THttpReply;
const aPathname: string; aSession: TIWApplication;
aParams: TStrings): boolean;
var
s,wresult,saida,LocalDoc:string;
i:integer;
begin
Result:=True;
LocalDoc:=TIWAppInfo.GetAppPath + 'wwwroot\cgi-bin\tcgi.exe';
saida:=StrOemToAnsi(MyRunCGI(LocalDoc,TIWAppInfo.GetAppPath + 'wwwroot\cgi-bin\'));
with aReply do
begin
ResetReplyType;
Code := 200;
ContentType := MIME_GIF; // MIME_HTML;
SendStream(TstringStream.Create(saida));
end;
end;
I have the next code returning from CGI when I query a image:
Code: 'Content-type: image/gif'#$A'Access-Control-Allow-Origin: *'#$A#$A'GIF89a@'#1'@'#1'1222333444555666777888999:::;;;<<<===>>>???@@@AAABBBCCCDDDEEEFFFGGGHHHIIIJJJKKKLLLMMMNNNOOOPPPQQQRRRSSSTTTUUUVVVWWWXXXYYYZZZ[[[\\\]]]^^^___```aaabbbcccdddeeefffggghhhiiijjjkkklllmmmnnnooopppqqqrrrssstttuuuvvvwwwxxxyyyzzz{{{|||}}}~~~'#$7F#$7F#$7F'€€€'#$0081#$0081#$0081'‚‚‚ƒƒƒ„„„………†††‡‡‡ˆˆˆ‰‰‰ŠŠŠ‹‹‹ŒŒŒ'#$008D#$008D#$008D'ŽŽŽ'#$008F#$008F#$008F#$0090#$0090#$0090'‘‘‘’’’“““”””•••–––———˜˜˜™™™ššš›››œœœ'#$009D#$009D#$009D'žžžŸŸŸ ¡¡¡¢¢¢£££¤¤¤¥¥.................
I need to send the image to a front end app in the browser.
Code: <div>
<img src="getImage(1)">
</div>
Here, getImage function takes the image from server, but not is showing, because I think the format I am returning the image from server to front end has something wrong.
How could I fix the content text of the image on server to be a valid image in the front end?
|
|
|
|