Article
David Crawford · Jul 31, 2019 2m read
Anti CSRF Methods

IRIS provides us with anti login CSRF attack mitigation, however this is not the same as a CSRF attack, as login attacks only occur on the login form. There are currently no built-in tools to mitigate CSRF attacks on api calls and other forms, so this is a step in mitigating these attacks.

See the following link from OWASP for the definition of a CSRF attack:

https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)

4 5
1 499

Hi All,

I have created a REST class in which have the Parameter HandleCorsRequest = 1;

I can able to access the API using Postman, but not with my web application. It throws the below error.

Access to XMLHttpRequest at 'http://localhost:52773/IrisVSCode/app/test' from origin 'null' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

0 5
0 14,426
Article
Rob Tweed · Apr 18, 2017 1m read
Having your Node.js Cake and Eating It Too

I've mentioned the QEWD project in this group before: it's a Node.js-based platform for web, Native and REST applications which tightly integrates with Cache.  It uses a somewhat different philosophy to the use of Node.js than the norm, and I've now published an article that explains this approach and the unique benefits that arise as a result.

It turns out that, integrated via QEWD, Cache is an ideal bed-fellow for Node.js.  QEWD makes the integration of Cache and Node.js exceptionally fast, simple and intuitive to use, but also extremely powerful.

Read the article here: 

4 4
0 468

At the heart of IRIS and Cache is a very interesting database architecture that we, at M/Gateway Developments, refer to as "Global Storage".  If you ever wanted to know more about the fundamentals and capabilities of this underlying database, you might want to read a major analysis we've put together:

https://github.com/robtweed/global_storage

Amongst other things you'll discover that:

8 4
2 468

or "Didn't you say you would cover Persistent Objects in Part 5, Chris?"

Yes, that was the plan.  This is a pretty important topic, so it get's its own Article

Up until now, we've display widget JSON that has been created by a basic loop.  Clearly this isn't of much value.  Now we have our stack connected together, and we can see that the data is flowing to the Welcome page, it's time to complete the stack and start feeding our service from "real" data.

2 4
0 1,347

Hoping someone can help.

I had posted a similar question outside this group a while ago "Errors requesting data from local Ensemble FHIR Repository" but haven't had the chance to follow up on it since. It was suggested I re-post inside this group.

I'm trying to request data from my local FHIR repository using a simple JavaScript client and am getting the following CORS errors . ( It is a standalone client not inside HealthShare without CSP etc. on my localhost ).

0 4
0 853

We finished our last lesson with our Widgets Direct page iterating over a list of widgets, displaying an ID and a Name value.  While we have been able to achieve this with only a small amount of coding, the page itself is not the most visually appealing place to be.  The AngularJS framework is providing a powerful Model-View-Controller framework for our structure and logic, but it does not implement anything that will provide a nice UI experience.

6 3
0 1,498
Article
Rob Tweed · Jul 31, 2017 5m read
Introduction to QEWD Micro-Services

In my previous posting about the new support in QEWD for JSON Web Token (JWT) support, I mentioned that it was a key step in enabling Micro-Service support in QEWD.  In this post I'll give some background to how they work and the thinking behind them.

If you haven't heard about Micro-Services and/or want to learn more, there's lots of information available if you do a Google Search.  Here's a good starting point:

https://smartbear.com/learn/api-design/what-are-microservices/

3 3
0 554

There's a new and exciting enhancement to QEWD that has just been released - it's an additional layer of abstraction known as QEWD-Up.  QEWD-Up hides away all the mechanics of QEWD itself, allowing you to focus on just your REST APIs and the code that implements them.

Additionally, and importantly, QEWD-Up simplifies the maintenance of your REST APIs, allowing you (and others) to quickly and easily understand their life-cycle and implementation.

3 3
4 677

About the Ontodia library

First of all, I think we should provide some background information about Ontodia and Caché DBMS. Let’s start with a less known product, Ontodia. Ontodia is the result of a joint project of the ISST lab of the ITMO University and VISmart, a software development company specializing in the semantic web domain. The Ontodia service was created as a web application for visualizing linked data and ontologies.

4 3
0 779

or "Things are going to break"

We left our application over the weekend, secure in the knowledge that it was returning data from our primary persistent class, User.Widget.  However, Widgets Direct are the premier supplier of both Widgets AND Widget Accessories, so we should really start working on adding these Accessories to our application. 

2 3
0 1,160

This is a quick note on what happens when, on your CSP page, you call a cache script which returns a %Boolean and store that value in a javascript variable.

When you call a script with language="cache" and returntype="%Boolean" from a javascript script, the return value is interpreted as a string, not as a boolean.

Here's an example:

A cache script that returns (in theory) a "false" value:

0 3
0 419
Article
Robert Cemper · Feb 8, 2019 2m read
Client for WebSockets based on Node.js

WebSockets as a communication technology wins increasing importance.
In the SAMPLES namespace, you find a nice example for running a WebSocket Server.
There is also a useful example for a Browser Client. JavaScript does most of the work. 

My point is:
How to consume the output of a WebSocket Server in your application?

14 2
1 675

I have a query that I would like to  have refreshing at certain intervals lets say every 30 seconds with out refreshing the page content using the META TAGS

refreshes the whole page but I have a jquery function that will run at those intervals that I can use the problem is getting the jquery to call my COS function or is the way to do it with pure COS

0 2
0 298