New post

#CSP

7

Caché Server Pages (CSP) is both an architecture and toolset used to build an interactive web applications with the InterSystems Data Platform.

When I tried to migrate one of ZEN applications to IRIS from 2018.1 I'm faced with the issue with Login Page, in this case used some ZEN page, completely customized. But when a user tries to get access, he gets the error like below.

The requested URL /csp/user/User.Login.cls was not found on this server.

I tried to test it with a fresh just created login page class

Class User.Login Extends %CSP.Page
{ 

ClassMethod OnPage() As %Status
{
  &html<<h1>Hello</1>>
  Quit $$$OK
} 

}

Set it to /csp/user application as Login page, and

0 4
1 767
Question
· Sep 22, 2020
VSCode and CSP - what did I miss?

Hi -

I'm trying to get my VS Code instance that is connected to an AWS IRIS instance to edit/save/compile .csp files, but it's failing to work and I'm not sure why. The ".csp" is associated with the objectscript-csp code, and the server is connected, but things just don't act like they are enabled.

Should this work? and if so, what might I have missed in configuring things?

0 5
0 755

Hi all,
Basically i have 2 queries..

  1. Is there any simple way to fetch the data directly from the database (using the URL and credentials) from the csp file without creating a link table for that particular Table...??
    If there is, could you please share the syntax of using them ..?

  2. Can we have an object return type from the below mentioned method to a javascript function.. ???

0 9
0 743

Hi -

After having seen how Atelier is working, I've decided to start learning/using Atelier for an existing project.

I've installed, and after a bit of poking around, I've managed to get a project that includes my classes, and they compile and such (these were all from an existing export), but I see that NONE of my .csp files came along despite being in the export file.

1 6
0 736

Hello,

I'm trying to set up an Apache server using CSP Gateway on Windows 10 (64-bit), but am getting the error "Cannot load c:/InterSystems/IRIS_2019/CSP/bin/CSPa24.dll into server: %1 is not a valid Win32 application" when attempting to start up httpd.exe after adding the CSP-specific section to httpd.conf.

The CSP gateway is 64-bit (CSPGateway-2018.1.1.643.0-win_x64) and so is the Apache install (httpd-2.4.38-o102q-x64-vc14).

The CSPa24.dll file does exist in the specified location.

Any suggestions appreciated.

Thank you,

Olga

0 5
0 732

Hi everyone!

I am helping a partner to develop a new application and one of the things we are facing is that this WEB application will be used on different time zones.

My first recommendation is that all timestamps should be drawn from $ZTimeStamp instead of $Horolog. That would allow the system to be draw the correct sequence of events even when they are generated on different timezones.

1 1
0 703

Hi All,

It must be the groundhog days but I can't solve something that I know I've done before. I have a legacy CSP page on a version of Cache without JSON and just pure Cache.

I need a CSP page that takes a .xlsx file, manipulates the file (in COS) and then returns a new manipulated file.

My CSP Page gets the file fine, the problem is then returning the response with the new file as an attachment. I don't want to pipe to a new csp page with a different content-type so was sure I can set %response.Headers etc to get the reply stream I want.

0 6
0 660
Article
· Feb 14, 2017 1m read
Can you keep a secret?

If you are developing applications that use CSP or Zen, or potentially any of the other InterSystems web-related stuff that's built on top of CSP, then it's important to know how to keep one particular secret.

A central part of the CSP security architecture is a server-side session key. "Server-side" because its value should never be revealed to the client that is issuing the web requests. If it is revealed, a malicious client might be able to use it to bypass your security and make your server do things you don't want it to.

7 1
0 653

I've noticed that Management portal somehow manages to allow a single user to be in different namespaces in different tabs in the same application (i.e. Management Portal). I've looked at my Processes, however, and see that all of my processes using MgmtPortal think I'm in %SYS, even though 2 of them are looking at globals in two different namespaces; NamespaceA and NamespaceB.

I can even fool MgmtPortal because the first time I try to look at a global in NamespaceA it thinks I'm in %SYS! After a refresh, however, I can see the global in NamespaceA.

0 8
0 651

We have an web application accessed using https, that uses CSP technology with frames.

The initial 'login' is via a single CSP page, which then redirects to another CSP page which creates the frames (4 in all) and loads a CSP page in each of those. For the most part the frames load without error, but sometimes when logging in and sometimes while using the system ' 5916 Illegal CSP Request ' errors occur.

I say 'login' in inverted commas as a Cache login is not performed just an application login, I don't know if that's relevant so thought I'd mention it.

0 2
0 649
Question
· Dec 12, 2019
Bootstrap Tables & CSP

Hello All,

We need to develop a small csp application which shows data in simple paginated / searchable table for business users.

It is to be built on an old version of Cache and is not a big full fledged application but something temporary. We can't use Zen and using a combination of csp & Bootstrap as bootstrap makes the pages look beautiful with little effort.

I have built the table in boostrap and it works fine with pagination and search working perfectly

0 6
0 638

From a browser, an XMLHttpRequest to a CSP page on a different server will obviously hit the CORS security check.

To get around this I can set the Access-Control-Allow-Origin header on that particular CSP class.

However, setting any request headers on the XMLHttpRequest object will trigger a pre-flight OPTIONS request.

This OPTIONS request is not handled by the target CSP page and the Access-Control-Allow-Origin header is never set, triggering a CORS error.

0 3
0 637

Hi Community,

This post is a introduction of my open exchange iris-fhir-client application.

iris-fhir-client can connect to any open FHIR Server by using embedded python with the help of fhirpy Library.
Get Resource information by terminal and by using CSP web application.

Open Exchange app
6 2
0 636
Article
· Jul 31, 2019 2m read
Anti CSRF Methods

IRIS provides us with anti login CSRF attack mitigation, however this is not the same as a CSRF attack, as login attacks only occur on the login form. There are currently no built-in tools to mitigate CSRF attacks on api calls and other forms, so this is a step in mitigating these attacks.

See the following link from OWASP for the definition of a CSRF attack:

https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)

Open Exchange app
4 5
1 630

Hello,

I am working in a csp application where the user can configure a TCPS Service in a guide like manor.

So I want to be able to present a html <select> element, the values / text I want to present in this control should be the ID field from Security.SSLConfigs in the %SYS namespace.

How would I go about doing this? Can this be done?

Best regards,

Magnus

1 4
0 623

Pretty straight forward.

I'm tempted to hard-code ISO-8859-1 inside my VSCode extension when working with CSP because this seems to be the encoding used by default, but I need to know if there's any other possible configuration. So can you share your experience when working with CSPs? Like issues with encoding, discoveries regarding it, workarounds etc.

Also, can someone tell me if it's possible to work with UTF-8 encoded CSP files using Atelier without breaking the encoding of the output file?

0 3
1 622

In the WRC, we often see customers raise questions regarding a new Web Gateway setup where the Management Portal half-loads, but doesn’t show images. This article will explain why this error occurs, as well as how to fix it. This explanation is focused on the Web Gateway serving InterSystems IRIS instances, but the same explanation should apply to the CSP Gateway serving Caché instances as well.

7 3
0 613

Just like the title says, I'm attempting to find a way to create a web application that instead of serving CSP files, it uses a dispatch class.
I searched for clues in the documentation, but the CSPApplication tag seems to be exclusively for CSP file-based applications.

I'm trying to avoid implementing a workaround such as using the Invoke tag to call the Security.Applications to generate the web application but I might be forced to do so, even though it's unpleasant if I had to say...

So, is there an official way to execute this task?

1 22
0 588
Question
· Nov 6, 2017
Logging

Hello, evrybody, I'm writing one project using CSP("OnPreHTTP"), and also REST angular. At the beginning I wrote purely on csp, then I decided to use angular for the flexibility of the client part. Now I can not design logging, I created a table App.Log with properties

0 3
0 574