| Welcome, Guest |
You have to register before you can post on our site.
|
| Online Users |
There are currently 500 online users. » 1 Member(s) | 496 Guest(s) Applebot, Bing, Google, llwincoach123
|
| Latest Threads |
Need Help Integrating Mic...
Forum: IntraWeb General Discussion
Last Post: capheny
Yesterday, 06:43 AM
» Replies: 0
» Views: 34
|
OpenSSL and concurrent re...
Forum: Indy
Last Post: kbriggs
07-05-2026, 02:41 PM
» Replies: 5
» Views: 173
|
Projeto Intraweb
Forum: IntraWeb General Discussion
Last Post: vonirpereira
07-03-2026, 06:51 PM
» Replies: 0
» Views: 98
|
Intraweb + Lazarus
Forum: IntraWeb Dúvidas Gerais
Last Post: vonirpereira
07-03-2026, 06:35 PM
» Replies: 0
» Views: 55
|
Image question on tiwjqdb...
Forum: IntraWeb General Discussion
Last Post: alex.trejo@tttnet.com.mx
07-01-2026, 12:19 AM
» Replies: 4
» Views: 4,284
|
TIWjQDBGrid erratic behav...
Forum: IntraWeb General Discussion
Last Post: alex.trejo@tttnet.com.mx
07-01-2026, 12:04 AM
» Replies: 4
» Views: 640
|
CSS file not reloading af...
Forum: IntraWeb General Discussion
Last Post: Gustave
06-30-2026, 09:00 PM
» Replies: 0
» Views: 111
|
IW 16.2.0 Missing librari...
Forum: IntraWeb General Discussion
Last Post: Gregory_Twedt
06-24-2026, 04:40 AM
» Replies: 5
» Views: 811
|
VCL conversion
Forum: Delphi General Discussion
Last Post: tobenschain
06-20-2026, 05:00 AM
» Replies: 0
» Views: 147
|
TIWjQDBGrid changing UI
Forum: IntraWeb General Discussion
Last Post: BoostedCruiser
06-08-2026, 02:02 AM
» Replies: 36
» Views: 70,994
|
|
|
| Refreshing TIWBSImage |
|
Posted by: pdinsd - 10-10-2019, 07:12 PM - Forum: IntraWeb General Discussion
- Replies (2)
|
 |
I have a TIWBSImage on a form. I then use the TIWFileUploader to upload a new logo. However, I notice that the TIWBSImage does not update with the new image unless I completely close the browser (close the session) and re-open it. The reason is that the form is pulling the image from the IW cache, instead of the relative URL file path I've set in the TIWBSImage property as shown below:
This code works when the form loads:
Code: CurDir := TIWAppInfo.GetAppPath;
logodir:='/iwbs/images/';
logostr:=Curdir+'wwwroot/iwbs/images/'+tenant+'logo.png';
if (fileexists(logostr)) then
begin
currentLogo.ImageFile:=logodir+tenant+'logo.png';
tenantTabOptionsPage3.Repaint;
end;
But after this point, the image always loads from the cache (which is different URL than the coded URL). So uploading a new image has no effect until the session is restarted.
How can I always pull the image from the ImageFile property instead of the cache?
|
|
|
| Best practice regarding Security-Relevant HTTP Headers |
|
Posted by: magosk - 10-09-2019, 09:25 AM - Forum: IntraWeb General Discussion
- Replies (23)
|
 |
Hi. We have a customer that has performed a penetration test for one of our web applications and claims in one finding that several security-related HTTP header are missing, these are Strict Transport Security, XSS Protection, Content Type Options and Content Security Policy. They recommend that at least the three first are set in order to consider the finding as fixed. We do however set these three at the beginning of a session according to recommendations in a previous forum thread, but I guess that these do not carry over to every response sent by the web application. Our current code looks like this:
Code: procedure TBaseClientServerController.IWServerControllerBaseNewSession(aSession: TIWApplication);
...
begin
if Assigned(aSession) and Assigned(aSession.Response) and (SSLOptions.Port <> 0) then
SetCustomHeadersForHSTS(aSession);
...
end;
{Impl. from Hafedh TRIMECHE, see https://forums.embarcadero.com/thread.jspa?messageID=677727#677727}
procedure SetCustomHeadersForHSTS(aSession:TIWApplication);
type
TCustomHeader=
record
Key ,
Value : UnicodeString;
end;
const
CustomHeaders : array[1..5] of TCustomHeader =
(
(Key:'Strict-Transport-Security' ; Value:'max-age=31536000; includeSubDomains'),
(Key:'Pragma' ; Value:'no-cache'),
(Key:'Cache-Control' ; Value:'no-cache, no-store, must-revalidate, private'),
(Key:'X-Content-Type-Options' ; Value:'nosniff'),
(Key:'X-XSS-Protection' ; Value:'1; mode=block')
);
var
iHeaders : Integer;
begin
aSession.Response.Expires := EncodeDate(1000,1,1);//31/12/1899 00:00:00;
aSession.Response.AllowCaching := False;
aSession.Response.CacheControlEnabled := False;
for iHeaders:=Low(CustomHeaders) to High(CustomHeaders) do
begin
if CustomHeaders[iHeaders].Value<>'' then
begin
aSession.Response.Headers.Values[CustomHeaders[iHeaders].Key] := ' '+CustomHeaders[iHeaders].Value;
end;
end;
end;
If you test our web application with SSL Labs, it has always (since we first implemented this) recognized that we use HTTP Strict Transport Security and given us an A+ rating. This leads to a number of questions:
- Is it sufficient to set these all these headers at the beginning of an IW session (which would imply that the tester's conclusion is wrong)?
- Or should one or more of these headers be set for every response?
- If Yes on 2, which are the appropriate ServerController properties and event(s) to use? Example code?
- For the fourth header, Content Security Policy, the tester writes the following: "Content Security Policy requires careful tuning and precise definition of the policy. If enabled, CSP has significant impact on the way the browser renders pages (e.g., inline JavaScript is disabled by default and must be explicitly allowed in the policy). CSP prevents a wide range of attacks, including Cross-Site Scripting and other Cross-Site injections.". They recommend using this if this does not interfere with the application, and gives an example header like this: "Content-Security-Policy: default-src 'self'". What is the consequence of using this in an IntraWeb application? I it something we should attempt?
I would be much grateful for feedback on this. The tester regard this as a Medium severity finding that we need to fix in the near future.
Best regards
Magnus Oskarsson
|
|
|
| IW15.1.5 TIWCallBacks.Invoke not passing query string parameters |
|
Posted by: jeroen.rottink - 10-07-2019, 08:10 PM - Forum: IntraWeb General Discussion
- Replies (5)
|
 |
I come from IW15.0.23 where I had a working IW app using IWBS and templates to show a bootstrapTable with server-side search.
For this to work the client sends back the search string as a query string parameter. In IW15.1.5 this is not working anymore.
Debugging this I see the callback is called by TIWCallBacks.Invoke() and this method should provide the params by copying it from LForm.Params. But this property is empty.
aRequest.Params is filled with the correct params...
|
|
|
| TIWFileUploader not working when named IWFileUploader |
|
Posted by: jeroen.rottink - 10-07-2019, 09:12 AM - Forum: IntraWeb General Discussion
- Replies (4)
|
 |
Hi,
In a project compiled with IW15.0.18 I used a TIWFileUploader component named IWFileUploader. This was working fine.
I now recompiled that project with IW15.0.23 and see the event OnAsyncUploadCompleted is not called.
When I rename the component to IWFileUploader1 or Uploader it works fine again.
Did something change in parsing the query string parameters between .18 and .23?
You can check by compiling demos\IWFileUploaderDB and renaming the component.
|
|
|
| How fix a raw text image gif to send to front end |
|
Posted by: cprmlao@hotmail.com - 10-06-2019, 11:29 PM - Forum: IntraWeb General Discussion
- Replies (1)
|
 |
I have a winCGI executable script returning a image. I am using Intraweb as server.
The cgi is from a third party and I can't change your code.
I create my owner ContentHandler to run the cgi.
I am not using CGIRunner because It diidn´t work to me.
My handler is something as:
Code: function TContentDicom.Execute(aRequest: THttpRequest; aReply: THttpReply;
const aPathname: string; aSession: TIWApplication;
aParams: TStrings): boolean;
var
s,wresult,saida,LocalDoc:string;
i:integer;
begin
Result:=True;
LocalDoc:=TIWAppInfo.GetAppPath + 'wwwroot\cgi-bin\tcgi.exe';
saida:=StrOemToAnsi(MyRunCGI(LocalDoc,TIWAppInfo.GetAppPath + 'wwwroot\cgi-bin\'));
with aReply do
begin
ResetReplyType;
Code := 200;
ContentType := MIME_GIF; // MIME_HTML;
SendStream(TstringStream.Create(saida));
end;
end;
I have the next code returning from CGI when I query a image:
Code: 'Content-type: image/gif'#$A'Access-Control-Allow-Origin: *'#$A#$A'GIF89a@'#1'@'#1'1222333444555666777888999:::;;;<<<===>>>???@@@AAABBBCCCDDDEEEFFFGGGHHHIIIJJJKKKLLLMMMNNNOOOPPPQQQRRRSSSTTTUUUVVVWWWXXXYYYZZZ[[[\\\]]]^^^___```aaabbbcccdddeeefffggghhhiiijjjkkklllmmmnnnooopppqqqrrrssstttuuuvvvwwwxxxyyyzzz{{{|||}}}~~~'#$7F#$7F#$7F'€€€'#$0081#$0081#$0081'‚‚‚ƒƒƒ„„„………†††‡‡‡ˆˆˆ‰‰‰ŠŠŠ‹‹‹ŒŒŒ'#$008D#$008D#$008D'ŽŽŽ'#$008F#$008F#$008F#$0090#$0090#$0090'‘‘‘’’’“““”””•••–––———˜˜˜™™™ššš›››œœœ'#$009D#$009D#$009D'žžžŸŸŸ ¡¡¡¢¢¢£££¤¤¤¥¥.................
I need to send the image to a front end app in the browser.
Code: <div>
<img src="getImage(1)">
</div>
Here, getImage function takes the image from server, but not is showing, because I think the format I am returning the image from server to front end has something wrong.
How could I fix the content text of the image on server to be a valid image in the front end?
|
|
|
| Mouse events on form level ? |
|
Posted by: SorenJensen - 10-06-2019, 11:40 AM - Forum: IntraWeb General Discussion
- Replies (2)
|
 |
Hi All,
Sorry if this have been asked before. I have tried to search previous posts, but have not found any, and apparently after a number of searches, one is only allowed to make one search every 30 seconds....
Anyway, I have a region, with a listbox covering it, on my form and with visible property set false. When certain conditions are met, the visible property is set true and the region becomes visible.
What I'm looking for is a way to set visible = false again, without having to click the region / listbox. Obviously it works fine with a onclick event for the listbox, but that is only when the mouse pointer is within the boundaries of the listbox. I want the region / listbox to disappear regardless of where the mouse pointer is when I click it. I do not seem to find any mouse events for the form.
Can anybody tell me how to do that, or point me in the right direction ? Anyone have any examples anywhere ?
Regards
Soren
|
|
|
|