Login ProductsSalesSupportDownloadsAbout |
Home » Technical Support » Elevate Web Builder Technical Support » Support Forums » Elevate Web Builder General » View Thread |
Messages 1 to 9 of 9 total |
Accessing https within an EWB page |
Tue, Feb 12 2013 1:11 PM | Permanent Link |
Matthew Jones | I am writing an application using EWB that will be hosted entirely on an https
connection, served by a Delphi/RemObjects SDK service. This is working fine, but when I run the app in the EWB IDE, the code is unable to access the https service. I get "Access is denied". The code itself is trying to connect to a "hard coded" URL, so both should work. I therefore assume that this is some sort of security thing in the IE browser. Is there a way to turn it off on my development PC? If I open the http page (served by EWB) in IE then I get the same error. Hmm, Chrome is so good! Okay, it says that "XMLHttpRequest cannot load https://localhost/JSON?1360692200302. Origin http://localhost is not allowed by Access-Control-Allow-Origin." A quick scan in this newsgroup and a google shows that this is complicated. I presume that there is no way to tell the IDE to fetch from https instead of http, and using my server? If I disable the internal server, it appears to load the page but with other scripting issues, so I don't understand that. If anyone has any useful comments on this, please let me know. I might just hack it to work with http locally. Not sure. Conditional compile would be good, with the command line, so that I could have debug stuff for me, and know that the release build wouldn't have such. (I'll just add that I am finding the EWB product really good, nice and solid, and very productive. These posts are not big problems, and a lot better than other environments I've used.) /Matthew Jones/ |
Tue, Feb 12 2013 10:57 PM | Permanent Link |
Raul Team Elevate | Matthew,
On 2/12/2013 1:11 PM, (Matthew Jones) wrote: > I am writing an application using EWB that will be hosted entirely on an https > connection, served by a Delphi/RemObjects SDK service. This is working fine, but Likely a cross-origin access issue you're running into. Number of discussion in this thread do cover it (e.g. http://www.elevatesoft.com/forums?action=view&category=ewb&id=ewb_discussion&page=1&msg=115#115). > I get "Access is denied". The code itself is trying to connect to a "hard coded" > URL, so both should work. I therefore assume that this is some sort of security > thing in the IE browser. Is there a way to turn it off on my development PC? You really should not - this will always happen so might as well solve this in dev. Basically whenever you need to access a URL that is not the same URL you loaded the EWB app from you will have this problem. So either load the EWB app from same web server that serves your RO webservice or alternatively see if you can configure the RO web server to use Access-Control-Allow-Origin as * (this means every domain - later might want to narrow it down if possible to only ones allowed). I assume that RO includes its own web server so there should be a way to either specify custom http header with Access-Control-Allow-Origin or they might have a config option for it (everybody would have the same issue). > A quick scan in this newsgroup and a google shows that this is complicated. I It's not that bad once you get your head around it. > and using my server? If I disable the internal server, it appears to load the page > but with other scripting issues, so I don't understand that. i would not do this - this results in loading the EWB app from local filesystem and brings in whole set of new issues since your app tries to do web requests. Raul |
Wed, Feb 13 2013 5:04 AM | Permanent Link |
Matthew Jones | > So either load the EWB app from same web server that serves your RO
> webservice or alternatively see if you can configure the RO web > server to use Access-Control-Allow-Origin as * (this means every > domain - later might want to narrow it down if possible to only > ones allowed). > > I assume that RO includes its own web server so there should be a > way to either specify custom http header with > Access-Control-Allow-Origin or they might have a config option for > it (everybody would have the same issue). It is using Indy to handle the requests, so I will examine that. It would be nice if EWB could have a URL to load the app from when you press F9. Rather than load from file (I wondered how it was working) or using the internal web server, use an alternative URL as the start point, perhaps as part of the deploy on run function. That would allow "debugging" in the IDE in a much more friendly manner when this situation arises. /Matthew Jones/ |
Wed, Feb 13 2013 9:02 AM | Permanent Link |
Raul Team Elevate | On 2/13/2013 5:04 AM, (Matthew Jones) wrote:
> It is using Indy to handle the requests, so I will examine that. For plain Indy HTTP it should be as simple as this : AResponseInfo.CustomHeaders.Add('Access-Control-Allow-Origin: *'); > It would be nice if EWB could have a URL to load the app from when you press F9. Something for Tim to consider as feature enhancement. Raul |
Wed, Feb 13 2013 9:22 AM | Permanent Link |
Matthew Jones | I nearly had a great idea! I added this to my code:
if Pos('http:', window.location.protocol) > 0 then begin lblResult.Caption := 'Redirecting to https'; window.location.replace('https://localhost/'); end (not too clean - I was aiming to get the full URL hence Pos). Anyway, this works, and sends me off to the https server. Where it then falls over in a heap due to a certificate error. In IE itself, this works and allows me to click to continue, but the EWB IDE shows a certificate error - navigation blocked, and won't let me click on anyway. Probably some embedding issue. Not sure how I can fix my certificate as it looks like even a localhost one will fail if self signed. Having looked this up further, it looks like you cannot make localhost a fully certified domain, so the IDE needs to allow the redirect to have this as a solution. /Matthew Jones/ |
Thu, Feb 14 2013 12:10 PM | Permanent Link |
Tim Young [Elevate Software] Elevate Software, Inc. timyoung@elevatesoft.com | Matthew,
<< I am writing an application using EWB that will be hosted entirely on an https connection, served by a Delphi/RemObjects SDK service. This is working fine, but when I run the app in the EWB IDE, the code is unable to access the https service. I get "Access is denied". The code itself is trying to connect to a "hard coded" URL, so both should work. I therefore assume that this is some sort of security thing in the IE browser. Is there a way to turn it off on my development PC? >> You'll need to run the application against the https web server in order to test it from the IDE. To do so, do this: 1) In the Environment/Options dialog, go to the Web Servers page. 2) In the edit boxes, specify the web server name (user-defined), Description, and URL/Port. The URL is where you want to put the proper https://..... URL of the web server. Specify the port as 80 (even though it isn't actually using port 80 for https, port 80 is considered the same as "don't specify the port in the URL"). 3) After specifying the web server, click on the Register button to add the web server. 4) In the Project/Options dialog, go to the Deployment page. 5) Select the FTP deployment method, and click on the Deploy On Run check box. Fill in the FTP information for the FTP server that will allow you to upload your application to the same web server machine as specified above. 6) In the EWB main toolbar, select the web server that you defined above from the list of web servers. 7) Now, when you run your application in the IDE, EWB will compile the application, deploy it via FTP to the external web server, and then run it via the https URL that you specified. << (I'll just add that I am finding the EWB product really good, nice and solid, and very productive. These posts are not big problems, and a lot better than other environments I've used.) >> Fantastic, thanks. It's main issue is lack of features/controls at this point, and hopefully I can address that soon. Tim Young Elevate Software www.elevatesoft.com |
Thu, Feb 14 2013 2:54 PM | Permanent Link |
Matthew Jones | Wow - you've thought about this haven't you! Okay, done most of that. My deployment
is a plain copy, so I didn't do the FTP bit. It all works except for the fact that my certificate is not valid. IE gives me a warning, as it does in the plain browser, but when I click the link to "continue to this website (not recommended)" it just shows the same page again. If that isn't an instant fix, don't worry. I hope soon to get the domain sorted, and will then have a proper certificate for it. /Matthew Jones/ |
Thu, Feb 14 2013 3:28 PM | Permanent Link |
Tim Young [Elevate Software] Elevate Software, Inc. timyoung@elevatesoft.com | Matthew,
<< Wow - you've thought about this haven't you! Okay, done most of that. My deployment is a plain copy, so I didn't do the FTP bit. >> You can do a straight copy also, either way will work. << It all works except for the fact that my certificate is not valid. IE gives me a warning, as it does in the plain browser, but when I click the link to "continue to this website (not recommended)" it just shows the same page again. >> Hmmm, not sure if I can fix that one. Tim Young Elevate Software www.elevatesoft.com |
Thu, Feb 28 2013 12:42 PM | Permanent Link |
Matthew Jones | > For plain Indy HTTP it should be as simple as this :
> > AResponseInfo.CustomHeaders.Add('Access-Control-Allow-Origin: *'); While digging around today, I found that there is a property to control this, but it isn't exposed in the component I'm using. Not important to me right now though. /Matthew Jones/ |
This web page was last updated on Sunday, December 1, 2024 at 03:59 PM | Privacy PolicySite Map © 2024 Elevate Software, Inc. All Rights Reserved Questions or comments ? E-mail us at info@elevatesoft.com |