Welcome, Guest
You have to register before you can post on our site.

Username
  

Password
  





Search Forums

(Advanced Search)

Forum Statistics
» Members: 520
» Latest member: Wanderingwino
» Forum threads: 733
» Forum posts: 3,656

Full Statistics

Online Users
There are currently 49 online users.
» 0 Member(s) | 47 Guest(s)
Bing, Google

Latest Threads
IW 15.1.6 is out
Forum: IntraWeb General Discussion
Last Post: Alexandre Machado
2 hours ago
» Replies: 0
» Views: 7
IWBootstrap app and Apach...
Forum: IntraWeb General Discussion
Last Post: troberts
4 hours ago
» Replies: 0
» Views: 4
Input on ajax callbacks n...
Forum: IntraWeb General Discussion
Last Post: Alexandre Machado
Today, 12:14 AM
» Replies: 1
» Views: 29
Pagination separator
Forum: IntraWeb General Discussion
Last Post: Rassamaha78
Yesterday, 11:06 PM
» Replies: 0
» Views: 8
TIWGrid + TIWBSButton
Forum: IntraWeb General Discussion
Last Post: Rassamaha78
Yesterday, 11:00 PM
» Replies: 0
» Views: 8
IWFileUploader and drag&d...
Forum: IntraWeb General Discussion
Last Post: cprmlao@hotmail.com
10-18-2019, 08:05 PM
» Replies: 0
» Views: 10
PRevenitng a session from...
Forum: IntraWeb General Discussion
Last Post: DanBarclay
10-18-2019, 06:24 PM
» Replies: 2
» Views: 30
Radio Group Item Index
Forum: IntraWeb General Discussion
Last Post: Anto90
10-18-2019, 06:16 AM
» Replies: 1
» Views: 48
Access Violation when usi...
Forum: IntraWeb General Discussion
Last Post: RichardS
10-17-2019, 08:22 PM
» Replies: 2
» Views: 38
Publishing IW XV through ...
Forum: IntraWeb General Discussion
Last Post: kudzu
10-17-2019, 03:17 PM
» Replies: 3
» Views: 50

 
  Radio Group Item Index
Posted by: pdinsd - 10-11-2019, 10:19 PM - Forum: IntraWeb General Discussion - Replies (1)

I placed a TWIBSRadioGroup with two Items.  I then set the AsyncOnChange to show the itemindex of the new selected button.  However, it always says -1.  Your IWBSDemo shows it correctly.  I'm using the Items List of the TIWBSRadioGroup.  The only difference between mine and the demo is that my TIWBSRadioGroup is in a IWBSRegion, and yours is in a Form Group.  Not sure if that makes a difference or not.  Any suggestions?

Print this item

  Back Button control
Posted by: SWTwo6 - 10-11-2019, 05:36 PM - Forum: IntraWeb General Discussion - Replies (5)

I have recently upgraded from IW12 to 15 in Delphi 2010, and have sadly lost a brilliant piece of functionality - I have the following bit of JavaScript included in the header of each of my pages (using the ExtraHeader property) to prevent people from using the back button

<script type="text/javascript" >
   function preventBack(){window.history.forward();}
    setTimeout("preventBack()", 0);
    window.onunload=function(){null};
</script>


It wasn't *perfect*, as it could be bypassed with sufficient user investment, but it was pretty damned handy, and worked in every browser we tried it with. Unfortunately, after upgrading to IW15, the code is still appearing in the page headers but it doesn't appear to work at all. The built-in replacement from Intraweb (BackButtonOptions,mode = bmInterceptGlobal) sadly doesn't seem to be functional either in Chrome or Edge, although it is at least working in IE.

Does anyone have any idea why the above script would have stopped working between versions?

Print this item

  Como fazer um refresh a um IWDBGrid
Posted by: Cusco69 - 10-11-2019, 05:23 PM - Forum: IntraWeb Dúvidas Gerais - Replies (2)

Com a versão 14 do Intraweb, eu usava este procedimento para refrescar um IWDBGrid com Cell.Control para editar algumas colunas:
procedure RefreshIWGrid(zGrid: TIWDBGrid; Self: TIWAppForm);//2011-04-19 IW 11 version
var
  zPageContext: TIWBasePageContext;
  LControlRenderData: TIWHTMLTag;
  LControlContext: TIWCompContext;
  LContainerContext: TIWContainerContext;
begin
  zPageContext := Self.PageContext;
  LContainerContext := HTML40ContainerInterface(TIWDBGrid(zGrid)).ContainerContext;
  //2010-05-12 if you get A/v here, it is because renderinvisible controls on th eform is set to false!
  LControlContext := TIWCompContext.Create(zGrid, LContainerContext, zPageContext);
  //
  LControlRenderData := IIWHTML40Component(zGrid).RenderHTML(LControlContext);
  try
    LControlRenderData.AddParmsList(zGrid.ExtraTagParams);
    LControlContext.HTMLTag := LControlRenderData;
    zGrid.RefreshData(LControlContext, LControlRenderData);
  finally
    //if assigned(LControlRenderData) then//Don't free this, the controlcontext frees it
      //LControlRenderData.Free;
    if assigned(LControlContext) then//2011-01-25 Memory leak
      LControlContext.Free;
  end;

//  Self.AddToInitProc('FixDBGridHeaders(''' + zGrid.HTMLName + ''');');
end;


e funcionava lindamente.

Com a versão 15 do Intraweb estou a obter um AV na linha:
LControlRenderData := IIWHTML40Component(zGrid).RenderHTML(LControlContext);

e os dados não completamente refrescados. Já dei voltas e voltas e não consigo perceber porquê. O que mudou no Intraweb 15 para que isto tenha deixado de funcionar?

Obrigado

Print this item

  Open a PDF file in a new window
Posted by: SorenJensen - 10-10-2019, 09:18 PM - Forum: IntraWeb General Discussion - Replies (8)

Hi All,

I have changed the post completely as I now have a partly working solution:

I have managed to get a PDF file opened in a separat window, but only by copying the file into the wwwroot (contentpath) directory. When the file is there, WebApplication.NewWindows({filename}) will work. Both on IE11 and Edge.

However, the files I want to be able to open and show, are all on a document server (+/- 2 mill. files), and the program have access to the area. A function in the program checks the presence of the file before it allows the user to click a button to open and see the file. However, when WebApplication.NewWindow is called with a filepath, outside the wwwroot path, the browser that opens up, give an error 404.

So what does it take for the WA.NewWindow to be allowed to open a file on a shared network resource, outside the wwwroot path, but within the domain the webservice server is in ?

Obviously it works when the file is in the wwwroot directory, so a solution could be to copy the requested file over to wwwroot, show the file on screen, and then delete the copy after viewing it. The files are max. 5k each, so size is not a problem. But how do I copy it over ? FileExists(exactfilepath) works, but can I use something like XCopy(exactFilepath,contentpath) to copy it and then open it ? Or something similar ?

I've tried with Sendfile to get hold of the file on the document server, and to download it to the wwwroot dir, but sendfile do not work either. I hope someone else have been more sucessful and will explain how to.

Regards
Soren

Print this item

  Refreshing TIWBSImage
Posted by: pdinsd - 10-10-2019, 07:12 PM - Forum: IntraWeb General Discussion - Replies (2)

I have a TIWBSImage on a form.  I then use the TIWFileUploader to upload a new logo.  However, I notice that the TIWBSImage does not update with the new image unless I completely close the browser (close the session) and re-open it.  The reason is that the form is pulling the image from the IW cache, instead of the relative URL file path I've set in the TIWBSImage property as shown below:

This code works when the form loads:

Code:
    CurDir := TIWAppInfo.GetAppPath;
    logodir:='/iwbs/images/';
    logostr:=Curdir+'wwwroot/iwbs/images/'+tenant+'logo.png';
    if (fileexists(logostr)) then
    begin
      currentLogo.ImageFile:=logodir+tenant+'logo.png';
      tenantTabOptionsPage3.Repaint;
    end;

But after this point, the image always loads from the cache (which is different URL than the coded URL).  So uploading a new image has no effect until the session is restarted.

How can I always pull the image from the ImageFile property instead of the cache?

Print this item

  Best practice regarding Security-Relevant HTTP Headers
Posted by: magosk - 10-09-2019, 09:25 AM - Forum: IntraWeb General Discussion - Replies (3)

Hi. We have a customer that has performed a penetration test for one of our web applications and claims in one finding that several security-related HTTP header are missing, these are Strict Transport Security, XSS Protection, Content Type Options and Content Security Policy. They recommend that at least the three first are set in order to consider the finding as fixed. We do however set these three at the beginning of a session according to recommendations in a previous forum thread, but I guess that these do not carry over to every response sent by the web application. Our current code looks like this:

Code:
procedure TBaseClientServerController.IWServerControllerBaseNewSession(aSession: TIWApplication);
...
begin
  if Assigned(aSession) and Assigned(aSession.Response) and (SSLOptions.Port <> 0) then
    SetCustomHeadersForHSTS(aSession);
...
end;

{Impl. from Hafedh TRIMECHE, see https://forums.embarcadero.com/thread.jspa?messageID=677727#677727}
procedure SetCustomHeadersForHSTS(aSession:TIWApplication);
type
  TCustomHeader=
  record
    Key   ,
    Value : UnicodeString;
  end;
const
  CustomHeaders : array[1..5] of TCustomHeader =
  (
  (Key:'Strict-Transport-Security' ; Value:'max-age=31536000; includeSubDomains'),
  (Key:'Pragma'                    ; Value:'no-cache'),
  (Key:'Cache-Control'             ; Value:'no-cache, no-store, must-revalidate, private'),
  (Key:'X-Content-Type-Options'    ; Value:'nosniff'),
  (Key:'X-XSS-Protection'          ; Value:'1; mode=block')
  );
var
  iHeaders : Integer;
begin
  aSession.Response.Expires             := EncodeDate(1000,1,1);//31/12/1899 00:00:00;
  aSession.Response.AllowCaching        := False;
  aSession.Response.CacheControlEnabled := False;
  for iHeaders:=Low(CustomHeaders) to High(CustomHeaders) do
  begin
    if CustomHeaders[iHeaders].Value<>'' then
    begin
      aSession.Response.Headers.Values[CustomHeaders[iHeaders].Key] := ' '+CustomHeaders[iHeaders].Value;
    end;
  end;
end;

If you test our web application with SSL Labs, it has always (since we first implemented this) recognized that we use HTTP Strict Transport Security and given us an A+ rating. This leads to a number of questions:

  1. Is it sufficient to set these all these headers at the beginning of an IW session (which would imply that the tester's conclusion is wrong)?
  2. Or should one or more of these headers be set for every response?
  3. If Yes on 2, which are the appropriate ServerController properties and event(s) to use? Example code?
  4. For the fourth header, Content Security Policy, the tester writes the following: "Content Security Policy requires careful tuning and precise definition of the policy. If enabled, CSP has significant impact on the way the browser renders pages (e.g., inline JavaScript is disabled by default and must be explicitly allowed in the policy). CSP prevents a wide range of attacks, including Cross-Site Scripting and other Cross-Site injections.". They recommend using this if this does not interfere with the application, and gives an example header like this: "Content-Security-Policy: default-src 'self'". What is the consequence of using this in an IntraWeb application? I it something we should attempt?

I would be much grateful for feedback on this. The tester regard this as a Medium severity finding that we need to fix in the near future.
 
Best regards

Magnus Oskarsson

Print this item

  IWBootstrap and Rio 10.3
Posted by: troberts - 10-09-2019, 09:22 AM - Forum: IntraWeb General Discussion - Replies (1)

Hi,

Is there a version of IWBootstrap that works with 10.3 (update 2)? If so where can I download it from please?

Thank you.

Print this item

  Bring to Front and Send to Back problem
Posted by: SorenJensen - 10-09-2019, 07:29 AM - Forum: IntraWeb General Discussion - Replies (6)

Hi All,
 
I have a region which covers the same screen area as another (larger) region.
 
At design I use the EDIT menu points Bring to front and Send to back, to be able to see and change the contents of the covered areas.
At runtime I expected to be able to execute the region methods BringToFront and SendToBack, to decide which to be on top.
 
But the commands IWRegion1.BringToFront and IWRegion1.SendToBack do not change anything. They seem not to work.
 
Only by toggling the covered region's Visible property, can I make it appear. And then of course only when I have left the region on the front, when I compiled the program. If I left it on the back, it does not show.
 
I've made a small test program with 2 regions and 4 buttons to show the problem, and I've included the source code as attachment. No exe-file included though. You have to compile it yourself. The buttons events are the OnClick but it makes no difference if it is the OnAsyncClick events.
 
I use Delphi 10.3.2 Rio and IW 15.1.5.
 
Can I do anything to make it work ?
 
Regards
Soren
 



Attached Files
.zip   Project1.zip (Size: 53.46 KB / Downloads: 0)
Print this item

  IWCGIRunner Work Directory
Posted by: cprmlao@hotmail.com - 10-07-2019, 10:38 PM - Forum: IntraWeb General Discussion - Replies (1)

Hi,
Is possible to set the working directory to createprocesss  child created  when  CGIRunner is executed?
Regards, Luiz

Print this item

  IW15.1.5 TIWCallBacks.Invoke not passing query string parameters
Posted by: jeroen.rottink - 10-07-2019, 08:10 PM - Forum: IntraWeb General Discussion - Replies (5)

I come from IW15.0.23 where I had a working IW app using IWBS and templates to show a bootstrapTable with server-side search.
For this to work the client sends back the search string as a query string parameter. In IW15.1.5 this is not working anymore.
Debugging this I see the callback is called by TIWCallBacks.Invoke() and this method should provide the params by copying it from LForm.Params. But this property is empty.

aRequest.Params is filled with the correct params...

Print this item