rejetto forum

CORS header and simple template for javascript-driven access?

skb · 7 · 10785

0 Members and 1 Guest are viewing this topic.

Offline skb

  • Occasional poster
  • *
    • Posts: 50
    • View Profile
Hi,

Just learning my way around HFS, and have not tried much yet, so maybe this is simple to figure out on my own. I'm working on an Android Phonegap (thus Javascript) app that will be used for data collection into some CSV files from the server. At the start of the shift the user will connect to the LAN with the HFS server, and my program on their tablet will connect to their folder on the server, and  download one or more data files with XMLHttpRequest(GET ... ). They will add data to the records from these files through out the day (which is the point of my app) and then at the end of the shift upload the files to the server with XMLHttpRequest(PUT ...)

One thing I see in online docs for XMLHttpRequest() is that the server should return the response header "Access-Control-Allow-Origin: *" to allow my apps to access the server "cross site" from javascript. Testing with a fixed file path from localhost, Chrome fails to download without this header, and warns (on the developer console): "XMLHttpRequest cannot load http://localhost/files/skb/test.txt. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'null' is therefore not allowed access. "

Is it possible to add this header to the HFS output?

Beyond that, I'd like to make it as easy as possible for my code to get a list of files and md5 values. I'm thinking I'll have a fairly standard top level  HFS template, which I would use to add a folder and user account for each Android data-gathering device, with each folder accessible by a single user for upload and download access. The app has a dialog for entering the URL (e.g. http://serveraddr/userfolder ) as well as the username and password to connect. (Though for first testing, just on my LAN, I'm not doing passwords yet)

I would like the template for these "android readable" folders to be as simple to parse as possible, perhaps just an <a></a> per file with the file name and md5 hash. The idea is that my app would first request the index.html page in its folder, and parse this to get the file names that it needs to download, and then would check each file's hash.

Conversely, at the end of the day, the app would upload the processed files (which will have altered filenames so they don't clash with the originals.) The app would compute a hash, upload a file, and then check that the server has the correct hash and delete its local copy of the data.

Any useful pointers on this sort of thing? Has anyone posted a template designed for machine readability?

Thanks,
Steve
« Last Edit: March 31, 2014, 10:22:05 AM by skb »


Offline skb

  • Occasional poster
  • *
    • Posts: 50
    • View Profile
I've tested my Javascript file download routine by fetching webpages as text from other sites, e.g. http://www.html5rocks.com notes that they include the "Access-Control-Allow-Origin: *" response header throughout their site, and I can download those pages as files. However, when I run the same download code against HFS on either my localhost or on another machine on my LAN, I get the warning in developer tools that ""XMLHttpRequest cannot load [...]No 'Access-Control-Allow-Origin' header is present on the requested resource."

Thus, I think being able to add this response header is what I need. Seems it might be possible to have a template area for specifying response headers, at least for simple fixed text ones like this. That way, the default HFS behavior wouldn't change, but it would be easy for those who'd like Javascript access to their HFS sites to allow it.

Thanks for your consideration,
Steve



Offline skb

  • Occasional poster
  • *
    • Posts: 50
    • View Profile
Interesting question, and worth testing -- so far I'd been using Chrome as that's what Phonegap Apps run as on Androids.

But, similar results from Firefox: my code can read / download files via javascript from sites that include the server response header "Access-Control-Allow-Origin: *", and it fails on sites that don't.

Both Chrome and Firefox fail silently on the un-allowed request, but with the "element inspector" open, Chrome shows an error message on the console. Firefox still just fails silently.

So, for either browser, I'm looking for a way to get HFS to let me set a response header.

(Also, to be sure I'm not missing the obvious: there's no way to generate these response headers from HTML, right? The googles I've done suggest changes to the various server config files, though obviously they're talking about much more complex servers.)

Thanks, Steve



Offline dj

  • Tireless poster
  • ****
    • Posts: 291
  • 👣 🐾
    • View Profile
    • PWAs
Add {.add header | Access-Control-Allow-Origin: * .} to template works for templates


Offline FRENCH CAN CAN

  • Tireless poster
  • ****
    • Posts: 681
    • View Profile

Offline skb

  • Occasional poster
  • *
    • Posts: 50
    • View Profile
Thanks dj! That's exactly what I was hoping for. (Guess I missed it in the Template docs).

Cheers,
Steve