irigsoft

hi, maybe this can help you: https://stackoverflow.com/questions/47850359/is-it-possible-to-create-txt-file-using-only-client-side-but-to-a-specific https://dev.to/kendalmintcode/saving-text-to-a-client-side-file-using-vanilla-js-11ld https://www.quora.com/How-do-I-save-files-directly-to-a-Windows-PC-folder-from-a-JavaScript-web-application

U-GPT (Unigui - GPT)

Thanks for sharing. You should know that headers are not enough to protect against clickjacking attacks. https://chromewebstore.google.com/detail/disable-content-security/ieelmcmcagommplceebfedjlakkhpden https://stackoverflow.com/questions/27323631/how-to-override-content-security-policy-while-including-script-in-browser-js-con https://github.com/WithoutHair/Disable-Content-Security-Policy So You need extra protection. https://cheatsheetseries.owasp.org/cheatsheets/Clickjacking_Defense_Cheat_Sheet.html https://www.memcyco.com/steps-to-prevent-clickjacking/ https://auth0.com/blog/preventing-clickjacking-attacks/

Hi, this is a Windows trick. Windows is entirely to blame for storing temporary files. For that reason temp files are created on C:\

For information: sender.uname , config.uname not work, this.uname is OK on DBGrid.OnBeforeInit // Ext.state.Manager.setProvider(Ext.create('Ext.state.CookieProvider')); <----- as Cookie Ext.state.Manager.setProvider(Ext.create('Ext.state.LocalStorageProvider')); <---- to load in localStorage But I don't know why when I reload Query all the DBGrid settings are lost. Now, how to set stateID like combination of some data from user session, like uniPanel_POSTerminalID.Tag (some component of Active form Tag properties) + some other components data (names)

Your suggestion works! But I need to make the stateID unique for each grid in the active form I have many grids in Active Form and each has different columns and need different cookies for column settings

DBGrid.onBeforeInit function beforeInit(sender, config) { Ext.state.Manager.setProvider(Ext.create('Ext.state.CookieProvider')); sender.stateful = true; sender.stateId = String(MainForm.POSTerminalID.Tag) + 'Grid_' + DBGrid (sender).jsName; <<---- here } I need to set stateID like combination of some data from user session, like uniPanel_POSTerminalID.Tag + uniDBGrid.jsName + some other components data (names)

ok, On MainForm I have Panel with Name = 'POSTerminalID', how to use this and create sender.stateId = String(MainForm.POSTerminalID.Tag) + 'Grid_' + DBGrid (sender).jsName;

1. no it doesn't work 'uname' 2. How to get jsname from other component on screen (like Panel.jsname) on DBGrid.befforeInit

One question. how to get DBGrid.jsName on function beforeInit(sender, config) { Ext.state.Manager.setProvider(Ext.create('Ext.state.CookieProvider')); sender.stateful = true; sender.stateId = DBGrid.jsName; <<---- here }

OK, thanks

Thanks, but on the topic above I don't see a solution! Your position is to use a server-side solution (I've already done one for desktop), but here I need to save/load from the browser, not the database: 1. Column.Visible = True/False 2. Column.Width := 1 3. Column.Arrangement

Hello. is there a solution for this: 1. Client resizes and rearranges DBGrid columns 2. any moving or resizing of columns to be written to local storage (or otherwise) for this DBGrid on the client side I need when the client rearranges or resizes the width of the columns, it automatically saves to the browser for a component (DBGrid.JSName) with that name the settings they made. When you open a new session for this component, load the settings of this DBgrid from the saved settings Is it possible with some already made settings of DBGrid ?

The only real answer, if you don't control the headers on your source you want in your iframe, is to proxy it. Have a server act as a client, receive the source, strip the problematic headers, add CORS if needed, and then ping your own server. There is one other answer explaining how to write such a proxy. It isn't difficult, but I was sure someone had to have done this before. It was just difficult to find it, for some reason. I finally did find some sources: https://github.com/Rob--W/cors-anywhere/#documentation

You must check and Content-Security-Policy header "It appears that X-Frame-Options Allow-From https://... is depreciated and was replaced (and gets ignored) if you use Content-Security-Policy header instead." https://content-security-policy.com/ and try by this way: Not mentioned but can help in some instances: var xhr = new XMLHttpRequest(); xhr.onreadystatechange = function() { if (xhr.readyState !== 4) return; if (xhr.status === 200) { var doc = iframe.contentWindow.document; doc.open(); doc.write(xhr.responseText); doc.close(); } } xhr.open('GET', url, true); xhr.send(null);

Thanks, If You succeed please share.

My examples ignore the X-frame security header, @Sherzod suggested that the (X-Frame-Options: Deny) header on the government website is causing your iFrame (TuniURLFrame) to not work. So, You have this options: 1. find a way to ignore security options (headers) on web site and load it in iFrame, using some hack tool from above to ignore X-Frame-options . 2. talk to the software team that makes this website and ask if it's possible to send a URL parameter (like youtube, facebook, google from above) or a specific header that will allow a response from the website to be loaded into your iFrame 3. wait to be made some component that will hack this security "be default"

Google AI: "ignore-x-frame-options is a chrome extension that drops x-frame-options and content-security-policy in HTTP request headers and enables pages to include external pages in iframes. Almost pages set x-frame-options to SAMEORIGINE or DENY. This disables pages to display the external pages in iframes." https://chromewebstore.google.com/detail/ignore-x-frame-options/ammjifkhlacaphegobaekhnapdjmeclo maybe here are possible solutions for this goverment website: https://stackoverflow.com/questions/6666423/overcoming-display-forbidden-by-x-frame-options 1. "If you are getting this error for a YouTube video, rather than using the full url use the embed url from the share options. It will look like http://www.youtube.com/embed/eCfDxZxTBW4 You may also replace watch?v= with embed/ so http://www.youtube.com/watch?v=eCfDxZxTBW4 becomes http://www.youtube.com/embed/eCfDxZxTBW4" 2. "If you are getting this error while trying to embed a Google Map in an iframe, you need to add &output=embed to the source link." 3. "Adding a target='_top' to my link in the facebook tab fixed the issue for me..." 4. "UPDATE 2019: You can bypass X-Frame-Options in an <iframe> using just client-side JavaScript and my X-Frame-Bypass Web Component. Here is a demo: Hacker News in an X-Frame-Bypass. (Tested in Chrome & Firefox.)"

OK. 1. like this (on loading form) https://techdocs.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-implementations-11-5-0/21.html or this https://avinashbarik91.medium.com/pause-form-submission-and-allow-the-form-to-submit-after-the-ajax-request-completes-ef2b6276cc91 https://www.denisbouquet.com/stop-ajax-request/ 2. this (on loading DBGrid) https://stackoverflow.com/questions/12213889/how-to-block-on-ajax-call-i-want-it-to-block https://www.telerik.com/products/aspnet-ajax/documentation/knowledge-base/disable-controls-during-ajax https://avinashbarik91.medium.com/pause-form-submission-and-allow-the-form-to-submit-after-the-ajax-request-completes-ef2b6276cc91 On 1 point - I will want to secure form loading 2 point will want to speed up loading form and components

Sorry to come into this thread, but I'll add (or expand on) the question. Is it possible to stop ajax execution while loading data into DBGrid ?

super, so on this events how to stop/start ajax request on DBGrid ? store.beforeload - stop (accepting ) ajax requests store.load - start (accepting again) ajax requests

Hi, I use timer and load images from File or Database to generate slideshow

Hi, Your questions are for hyperserver and IIS, but I will share how I do this for StandAlone. By security reasons I have made : 1. "EndOfWork" settings 2. my Standalone server when come this time, close all opened sessions . I use UniThreadTimer on ServerModule: if FormatDateTime ('HH:mm:ss',Now) = UniServerModule.EndOfWork then begin SaveLog ('CLOSE ALL SESSIONS : ' + FormatDateTime ('dd.MM.yyyy HH:mm:ss',Now)); //close all sessions for I :=UniServerModule.SessionManager.Sessions.SessionList.Count - 1 downto 0 do begin U := UniServerModule.SessionManager.Sessions.SessionList[I]; //U.LockSession; // Check mainModule availability. Some sessions may not have a MainModule instance if U.UniMainModule <> nil then begin //LogOut all users from Database // Do not close my OWN Session //if (UniApplication.UniSession.SessionID <> U.SessionId) //then begin TRY //U.LockSession; //U.ReleaseSession; TUniMainModule (U.UniMainModule).IsSessionActive := False; U.Terminate (StrUtilsEx.FastStringReplace (urlMessage,'[###message###]','END of working Hours.' + '</br>' + 'Session Closed.' ,[])); EXCEPT //U.UnBusy; END; //end; end; end; //UniServerModule.SessionManager.Sessions.Unlock; end;

Hi, what are your CORS settings ? Check Your Headers: Content-Security-Policy: X-Download-Options:

In my case, I'm trying to remove/replace some characters and I don't want them to reach the browser console. I don't want it to be visible in the google console (F 12 ) and for that only the keydown event works for me. Your case maybe a different.