I am developing a simple application in python that provides a browser based interface using a local server. The structure is like this:
[Interface] <===> { [Server] <---> [Application] }
My application has a class function called, say, compute(). On my browser interface, I have a button Compute. When the user clicks it, I want to run compute(). My current approach is to send a GET request like /path/compute. The server identifies the request path and runs the function. Is this the correct way to go about it?
From this accepted answer:
GET is used for viewing something, without changing it, while POST is used for changing something
I am not using GET here to view something immediately, but to send a command that changes the state of the application. Should I use POST instead? Is there another method?
Yes indeed, you must use a POST request here. You may want to read about REST APIs for more about the correct use of http verbs. The HTTP rfc is also a must-read...
Related
Does anybody know of an example Python script to receive an image sent via http POST from Postman? I'd like to write a simple Python server script that could receive an image sent like this:
I'm 100% flexible on how the image is sent from Postman, for example I could use "form-data", then specify key/value/file, or use "binary". Either way I'm looking for the Python server script to receive the file and either save it (to the same location as the Python server script, or a different location, does not really matter) or display it, either way to prove out that the server did receive the image.
Unfortunately all the Python server examples I can find send stuff rather than receive. Can anybody provide some assistance?
Here's a good example that uses the built in BaseHTTPServer package for receiving GET/POST requests in python: http://joelinoff.com/blog/?p=1658
I'm using Spotipy to get some spotify data from an authorized user but I can't understand how to authorize my account.
Am I correct in thinking that a server is required that hosts something at http://www.myapp.com/callback ? What needs to be returned? Maybe I'm completely missing something here... I'm very confused by the whole required redirect URI thing...
I am trying to make a program, without website, so how should I handle authorization? What exactly should the redirect URI do?
Thanks
Edit:
Using http://localhost:8888/callback as my redirect URI now and that works. I'm not even sure why since nothing is running on that port.
Disclaimer: I know nothing about Spotify's API. But I have worked with similar APIs in the past (or even designed them). What I assume is that they use some kind of OpenID/OAuth authorization mechanism.
The very nature of these APIs is that they work through the browser! The idea is that MyApp doesn't have your actual Spotify credentials, but instead some signed token it can use.
To communicate this token to the MyApp, there are the server-callbacks, outlined in your question. Because all the browser can do is to redirect to a special URL you provide, with some info added.
So there are conceptually two ways to deal with this:
the easy, server-based one: you in fact register a myapp.com. When your app tries to authorize with spotify, it first creates a unique resource (myapp.com/authrequests/HASH-NUMBER), and communicates this as callback. Then it goes through the motions of making spotify authorize it, and once these are finished, there will have been a call to myapp.com/authrequests/HASH-NUMBER/ADDITIONAL-INFO. So while your app is waiting for this to happen, it has to poll (or open a websocket and listen to that) myapp.com. Complicated? Wait, it gets better!
the harder, OS-dependent one: you write an application that registers itself as protocol-provider with your browsers. E.g. my company does that with the protocol "ableton". Thus we can make the browser generate "ableton://AUTHORIZATION-REQUEST-RESULT" URLs which will then be communicated through Browser and OS to the running application, and thus you receive the necessary secret.
HTH
So far I have a pretty basic server (I haven't built in any security features yet, like cookie authentication). What I've got so far is an iOS app where you enter a username and password and those arguments are plugged into a URL and passed to a server. The server checks to see if the username is in the database and then sends a confirmation to the app. Pretty basic but what I can't figure out is what the confirmation should look like?
The server is a Python Tornado server with a MySQL dbms..
What I'm unsure of is what Tornado should/can send in response? Do I use self.write or self.response or self.render? I don't think it's self.render because I'm not rendering an HTML file, I'm just sending the native iOS app a confirmation response which, once received by the app, will prompt it to load the next View Controller.
After a lot of googling I can't seem to find the answer (probably because I don't know how to word the question correctly).
I'm new to servers so I appreciate your patience.
You can send your response with either self.write() or self.finish() (the main difference is that with write() you can assemble your response in several pieces, while finish() can only be called once. You also have to call finish() once if you're using asynchronous functions that are not coroutines, but in most cases it is done automatically).
As for what to send, it doesn't really matter if it's a non-browser application that only looks at the status code, but I generally send an empty json dictionary for cases like this so there is well-defined space for future expansion.
As a non webdev, I'd really like if you could point me out to the 'correct' way to do this.
I built an application that populates and updates a database periodically (sqlite to be precise). I store leaderboards in my database, and would like to display them in a webpage.
As my leaderboards can change all the time, I need the webpage to be dynamic, either on a time based trigger or whenever the database changes.
I was about to use javascript for that, by realized that my database is hosted on my server, so client side js might not work.
Any ideas on that?
As my app is built in Python, I'd prefer avoid using php solutions but use more 'trendy' technologies (js, ruby, python, ? ? ? whatever)
Thanks!
Ok, given the keywords I got now here is an almost exact duplicate :
Notify user on database change? JavaScript/AJAX
This is what Ajax is for. You write Javascript on the front end that uses Ajax to call your server-side code to return the database content, then updates your HTML when it receives a response.
You need to use javascript on the client side not on the server. Your javascript code will make async calls (using ajax) to check if the db changed and update the website accordingly.
You can either use javascript to poll the server side periodically. Or you can use javascript to create (perhaps using a library like SockJS or SocketIO) a websocket connection that can actually push data to the client side when it changes. I do this on a number of projects using Tornado's websocket support on the server side.
Hi I am trying to secure a server function being used for an Ajax request, so that the function is not accessed for any sort of malicious activity. I have done the following till now:-
I am checking whether a valid session is present while the function is being called.
I am using POST rather than GET
I look for specific headers by using request.is_xhr else I induce a redirect.
I have compressed the javascript using dojo shrinksafe(..i am using dojo..)
What else can and should be done here. Need your expert advice on this.
(NB-I am using Flask and Dojo)
No any special secure actions required. Consider ajax request as any other client request.