Jump to content

Search the Community

Showing results for tags 'http'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Categories

There are no results to display.

Forums

  • Welcome to Smart Mobile Studio
    • News and Information
    • Pre-Sales Questions
    • Smart In the Media
    • Smart Contests
    • Meta
  • Smart Mobile Studio Discussion
    • General
    • IDE
    • RTL
    • Code
    • Client Server
    • Platform
    • Graphics
    • Deployment
    • Suggestion box
  • Smart Mobile Studio support
    • Support
    • Bug report
  • General Discussion
    • Pascal
    • Delphi
    • Javascript
    • HTML/HTML5
    • CSS
  • Resources
    • Website
    • Download Smart Mobile Studio

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Website URL


Location


Interests


Company name


Position

Found 4 results

  1. IElite

    TW3HttpRequest

    Is it possible to perform user authentication between client app and server using SMS? I want my app to authenticate with a server, and either return a JSON with a error message, or a JSON with user profile data. Is this possible? If so, what do I need on the server side to perform the request? e.g. this gets an HTML document from google FHttp.Get('http://www.google.com'); I want to instead, post a username and password and in return get JSON (error message not authenticated, or some user profile data) but it doesn't look like TW3HttpRequest object has a put method however, there is a Open method. Can something like this be done? fHTTP.Open('POST','http://mywebsite.com/login.php'); if so, how do I pass the parameters UserId and Password?
  2. I recently had a look at Scott Helme's site, https://securityheaders.io Scott is involved in information security and his site explains in great detail how to enhance site security by means of http response headers. Quoted : "HTTP Response headers are name-value pairs of strings sent back from a server with the content you requested. They are typically used to transfer technical information like how a browser should cache content, what type of content it is, the software running on the server and much, much more. Increasingly, HTTP Response headers have been used to transmit security policies to the browser. By passing security policies back to the client in this fashion, hosts can ensure a much safer browsing experience for their visitors and also reduce the risk for everyone involved. Let's take a look at some more security based headers. The first step in hardening your HTTP response headers is looking at the additional headers you can utilise to make your site more secure. Outlined below, these headers give the browser more information about how you want it to behave with regards to your site. They can be used to deliver security policies, set configuration options and disable features of the browser you don't want enabled for your site. Once you have setup each header, check it using SecurityHeaders.io." His site features a facility to scan any domain, giving back information on which headers to check. So I scanned a standard SMS project output (Visual Component Projects). The results indicated to add security policies by including the following headers : - Content-Security-Policy - X-Frame-Options - X-XSS-Protection - X-Content-Type-Options The first (Content-Security-Policy) can prevent the browser to load malicious assets by white-listing what is permissible and what is not. The second (X-Frame-Options) can be used to prevent click-jacking by disallowing your website to be framed. The third (X-XSS-Protection) can be used to properly configure the browsers built-in security function (reflective XSS protection) The last (X-Content-Type-Options) reduces exposure to drive-by downloads and the risks of user uploaded content that, with clever naming, could be treated as for instance an executable. Sounds all pretty good to me. The Content-Security-Policy (CSP) is probably the most important. It also comes with a heap of options and the list of permissable resources can be left wide open or screwed down to zero and everything in between. Experimenting a bit I settled on <meta http-equiv="Content-Security-Policy" content="default-src 'none'; script-src 'self' 'unsafe-inline'; style-src 'self' http://yourdomain; img-src 'self' http://yourdomain;"> The first line is the default for 'nothing is permitted'. This will stop the browser from downloading any script, any font, any image, any css file etc. The following lines override this behavious somewhat. The second line handles scripts. The self parameter means that scripts in the same directory as the index file are permissable. Depending on your project linker options either the js is included inline in the html file or a separate 'main'js' file is created which is referenced from the html file (<script type="text/javascript" src="main.js"></script>) The latter is preferred anyway, using inline JS or CSS is considered unsafe as it provides at least an opening for attackers to inject script into a page. Unfortunately the 'external scriptfile' linker option still leaves a small bit of inline js in the html file : <script type="text/javascript"> /* This prevents the window being moved by touches, to give the impression of a native app */ document.ontouchmove = function(e) { e.preventDefault(); } </script> Would be better to include this in the external file as well. For now in both linker options the keyword 'unsafe-inline' is required The third and fourth line handle css-files and images. Since usually the styling info is in a subdirectory (res/app.css) and the images are in a subdirectory as well, the domain must be specified. There are additional parameters to handle for instance http-requests, permissions for audio and video handling and more. The other 3 response headers are valid for all servers but the syntax is slightly dependant on server-type. For nginx servers I believe the following headers are valid : <meta http-equiv="X-Frame-Options" content="'SAMEORIGIN'"> <meta http-equiv="X-Xss-Protection" content="'1; mode=block' always"> <meta http-equiv="X-Content-Type-Options" content="'nosniff' always"> just include these meta tags in the header section of the default.html file in the Templates sub-directory prior to compile and link.
  3. COMFIED

    Scraping Website Text

    I'm trying to download web text content into either a memo field or string variable. Most examples given in this forum and the documentation work on the IDE browser, but not on external Chrome, Safari or IE browsers. For example, this code works when I click Execute on SMS IDE, but doesn't work on external browsers: var v1, v2, v3: Variant; begin //get browser title v1 := W3IFrameHTMLElement1.Handle.contentDocument; W3Memo1.Text := v1.title; //get browser content v2 := W3IFrameHTMLElement1.Handle.contentDocument.documentElement; W3Memo2.Text := v2.innerHTML; //get browser links W3Memo3.Text := ''; v3 := W3IFrameHTMLElement1.Handle.contentDocument.links; for var i := 0 to Integer(v3.length)-1 do begin W3Memo3.Text := W3Memo3.Text +#13#10 + v3.href; end; Kindly assist.
  4. COMFIED

    Downloading JSON File

    The documentation demo posted on http://smartmobilestudio.com/documentation/networking/tw3httprequest/works - but not with all JSON files. It works with the file http://date.jsontest.com/but when I try a different JSON file the data is not displayed in the memo. For example, I'm trying to download the file http://api.worldbank.org/countries/all/indicators/SP.POP.TOTL?format=json from the World Bank open data but the file is not loaded into the memo field. Could it be the JSON format?
×