java - GWT Upload on Google Appengine - cross site protection -


i want implement file upload gwt application running on google app engine. used gwtupload, following error if try upload file:

<stdout>: 2015-06-14 17:50:35 error uploadservlet:70 - checkcors error origin: http://myapp.appspot.com not match:^$

i looked uploadservlet , there check on origin againg "^$". not quite regex matches "^" seems start of string , "$" end of it. seems match against empty string?

  private boolean checkcors(httpservletrequest request, httpservletresponse response) {     string origin = request.getheader("origin");     if (origin != null && origin.matches(corsdomainsregex)) {       // maybe user has used domain before , has session-cookie, delete       //   cookie c  = new cookie("jsessionid", "");       //   c.setmaxage(0);       //   response.addcookie(c);       // doxx methods should set these header       response.addheader("access-control-allow-origin", origin);       response.addheader("access-control-allow-credentials", "true");       return true;     } else if (origin != null) {       logger.error("checkcors error origin: " + origin + " not match:" + corsdomainsregex);     }     return false;   }

i can not set "corsdomainsregex" or override method checkcors() since both private. whats actual problem here? how can solve this?

this hardwired check prevent people uploading files via other domain names. if don't need this, can change corsdomainsregex adding following web.xml (or whatever domain wish check against).

<context-param>     <!-- match domains -->     <param-name>corsdomainsregex</param-name>     <param-value>.*</param-value> </context-param>

Comments

Post a Comment

Popular posts from this blog

c# - Validate object ID from GET to POST -

i have method allows user access comment have made on site. have post method lets them update comment. my normal solution send entire comment model through, let them update it, update on database when post back. involve sending commentid through in hiddenfor , can manipulated. how can verify commentid sent in get method same i'm getting in post , not able alter comment wish? how can verify commentid sent in method same i'm getting in post? basically have validate following things in post - user logged-in user. authenticated users post comments. commentid in post , should valid commentid , should present in database. userid associated logged-in user should same userid associated comment . comment should contain userid column, can check @ time of update. to make sure update happens comment has been sent in get - hold commentid in session , in post action compare commentid value in session .
Read more

php - Find a regex to take part of Email -

i have following emails need extract part from: bestellnummer xxx: 1 von xxx, 1er pack ------------- anfang der nachricht ------------- foo bar baz foo bar baz // <<<<< need text here ------------- ende der nachricht ------------- ------------- anfang der nachricht ------------- foo bar baz foo bar baz ------------- ende der nachricht ------------- there 0 unlimited occurences of ------------- anfang der nachricht ------------- ------------- ende der nachricht ------------- and i'm able extract first part regex: $re = "/------------- .*? -------------.?(.*?).?------------- .*? -------------/s"; but, i'm quite new on learning regex, i'm pretty sure there must better regex extract part (foo bar baz foo bar baz) of text between ------------- anfang der nachricht ------------- ------------- ende der nachricht ------------- as can in different languages, i'm using .? to match between hyphens. i...
Read more

javascript - Function overwritting -

is there way overwrite function or event handling in function? using addeventlistener, can have many event handlers on element want var test=document.getelementbyid("div"); test.addeventlistener("click",function(){alert("im first");},false); test.addeventlistener("click",function(){alert("im second");},false); // alerts "im first" , after "im second" but if want overwrite function/event example based on client width example this function one() { alert("first"); } function two() { alert("second"); } window.onresize = function() { var test = document.getelementbyid("div"); if (window.innerwidth > 500) { test.onclick = 1 } else { test.onclick = two; } } is possible in javascript? in case use effective little known approach. addeventlistener can accept object property handleevent event handler. in case it's easy overwr...
Read more