I’m writing a web service that just outputs some text.
I’m following the example given in the online help for handlespecialurl
However I am not doing anything with the random number in the example nor with the session.Identifier.
I’m simply calling ShowURL in the Button Action event.
ShowURL(App.URL + “/test/”)
A new web tab opens in the browser, but the browser is showing this: 404 file not found
in the url bar:
in the html window
404: File Not Found
The requested URL “/test/” could not be found. Please check your request and try again.
Remote Address: 127.0.0.1
I know nothing about Xojo web, so forgive me if I am way off base.
You are asking for a folder - trailing “/”. Is there a default html in that folder - like index.html. Or do you just want a file called test - in that case leave off the last “/”. ( Unless you have folder listing enabled ).
Thanks for trying Peter
url = App.URL + "/test??param=123"
The above is even worse
404: File Not Found
The requested URL “/test%E2%80%8B” could not be found. Please check your request and try again.
Remote Address: 127.0.0.1[/code]
It would seem that the first parameter must be called special
url = App.URL + "/special/test??param=123"
This seems very unintuitive.
Why am I getting these % characters in the path.
Request.Path = test%E2%80%8B
Request.Query = param=123
[quote=265216:@Brian O’Brien]It would seem that the first parameter must be called special
url = App.URL + "/special/test??param=123"
This seems very unintuitive.[/quote]
Because when the event was implemented, we had some restrictions on what we could do. In fact you can use either special or api to raise HandleSpecialUrl.
If you want to omit that, you could use App.HandleUrl. That will give you access to nearly everything else. Just remember, you must return false if Request.url is empty if you want your app to start sessions for users.
Thank you. Odd… but Ok… that’s the way it is.
Why are there these %E2%80%8B characters after the word test?
Back to the URL handling…
Why wouldn’t I just use HandleURL? There has to be something ‘special’ about HandleSpecialURL.
url = App.url + “/api/test?p1=123” would work with HandleSpecialURL?
Should i have preprocessed the string before trying to examine it?
Can I subclass App and define my own event HandleMyAPIURL that is raised by HandleURL?
Those characters fell outside of the range of allowed characters for a URL and the browser encoded them. You can decode them by calling DecodeURLComponent on them.
[quote=265220:@Brian O’Brien]Why wouldn’t I just use HandleURL? There has to be something ‘special’ about HandleSpecialURL.
url = App.url + “/api/test?p1=123” would work with HandleSpecialURL?[/quote]
As I mentioned, HandleSpecialURL was first and can only handle URLs which begin with /special and /api. HandleURL is for everything else except for things that would otherwise cause the framework to fail in other ways. HandleURL will not be called for URLs that begin with the following things to maintain backward compatibility:
- /framework - This is for framework files
- /xojo - for future development
- /_ (anything that starts with an underscore at the top level)
- Session URLs - these are the hex encoded session IDs which start with /B156D2E6338304E2AAD151DC5680F50E
- /api and /special - URLs which would have gone to HandleSpecialUrl. This is so existing apps continue to work as expected.
See http://documentation.xojo.com/index.php/WebApplication.HandleURL for more information.
No, but you can create a method and call it from the HandleURL event…
Typically what I’ll do for complex situations is to create a module which contains a series of methods or classes designed to handle each top level url. so if I was expecting to handle /hello and /world, I might create a HelloHandler and a WorldHandler method and call them as appropriate.
Is there something I should watch out for in HandleURL such that I don’t cause the framework to fail?
What are you alluding to?
You shouldn’t be able to cause the framework to fail, as HandleURL isn’t called for those cases. However, you should try to write code that only handles the urls you are expecting, and not a general purpose handle everything type affair.
I hope this doesn’t sound rude, but these ‘special’ urls… Have they ever been considered a security risk?
I mean you run a server and Xojo knows that if they pass a ‘special’ url to the application it gets handled by their event handler and not the users. It sounds ‘backdoor-ish.’
There would have to be code in your project to act on them. It’s only a security risk if you write really stupid code that tries to “handle” everything that comes in. It’s up to you, the developer, to define your API and adhere to it.
Acutally, in that way, the Special urls are safer than non-special urls. If you don’t explicitly handle them, they die right there. Whereas with HandleURL, if you don’t handle it, it gets passed on through to the session mechanism.
Actually if HandleURL is not handled it simply returns an error page and is not handled to the session, since there is no session in there.
That said, because HandleURL fires even for standard pages, you need to verify the path and then not return true otherwise you’re shunting the normal app.
Overall, I rather use HandleSpecialURL for a web service, and HandleURL to serve indexable pages to Google.
Only because the Xojo framework is “doing the right thing”. My point is that the url does get further processing and represents an attack vector on the Xojo framework. Fortunately, the framework is robust enough to handle it.
I would be a lot more worried to use for instance php or perl than Xojo.
back to the url that seems to have odd characters in it…
this is the url: http://127.0.0.1:3559/special/test?param=123
I called DecodeURLComponent and now the path looks like:
Path = test
s = Request.Path
s = DecodeURLComponent(s, Encodings.UTF8)
Request.Print("<p>Path = " + s + "</p>" + EndOfLine)
Renders this. So how am i suppose to perorm a switch / case on this path with these extra characters hanging around?
Path = test%E2%80%8B
E2 looks a lot like the start of a utf8 character. Sure enough E2808B is UTF8 code point 8203, which is defined as “Zero Width Space”.
Somehow, you’ve got a non-printable character in your path. How did you enter the path? Type it in? Copy/Paste?
This is how the path was ‘entered’
dim url as string
url = App.URL + "/test?p1=1?p2=2"