Thursday, November 28, 2013

Re: Production and Development Environment



On Thu, Nov 28, 2013 at 5:47 PM, Advantage+ <movepixels@gmail.com> wrote:

I want to say mode= production so no access but login

 

And not go thru every controller and deny() that's what I am asking. Nothing to do with ajax

 

 

 

Dave Maharaj

Freelance Designer | Developer

www.movepixels.com  |  dave@movepixels.com  |  709.800.0852

 

From: cake-php@googlegroups.com [mailto:cake-php@googlegroups.com] On Behalf Of Reuben
Sent: Thursday, November 28, 2013 12:53 AM
To: cake-php@googlegroups.com
Subject: Re: Production and Development Environment

 

I'm assuming that's some sort of Ajax API that you're doing?

 

You could make your Javascript aware that it's in a development environment, and pass the Authorization token, as per http://coderseye.com/2007/how-to-do-http-basic-auth-in-ajax.html.

 

If you're using jQuery.ajax, you can pass the username and password for Basic Authentication, but that leaves you a bit open.  Also, it only sends the info when challenged with a 401, so explicit header setting might be your only option. [http://stackoverflow.com/questions/5507234/how-to-use-basic-auth-and-jquery-and-ajax]

 

You could update the programming to only require authentication for non-ajax requests, but that might be defeating the purposes as well.

 

Of course, I'm assuming that your application would normally use Form authorization in production, but you've got the added layer of Basic authentication in development.

 

This issue should only happen when calling the API from a different domain.  If the browser that is already authorized, is calling the APIs on the same domain, then the Authorization token <b>should</b> be sent automatically. I'm emphasizing that "should", because it would just seem screwy if it didn't.

On Thursday, 28 November 2013 09:48:42 UTC+10, advantage+ wrote:

Building a site on client's server and password protected but now adding in API functionality and the htaccess is blocking responses back from the API calls since they can't reach the site.

 

Is there a simply way to define production / development to allow access without password protecting the site.

I do not want to go thru all 65 controllers and re-code $this->Auth->deny() / allow();.

 

Thanks

 

Dave

 

--
Like Us on FaceBook https://www.facebook.com/CakePHP
Find us on Twitter http://twitter.com/CakePHP
 
---
You received this message because you are subscribed to the Google Groups "CakePHP" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cake-php+unsubscribe@googlegroups.com.
To post to this group, send email to cake-php@googlegroups.com.
Visit this group at http://groups.google.com/group/cake-php.
For more options, visit https://groups.google.com/groups/opt_out.

--
Like Us on FaceBook https://www.facebook.com/CakePHP
Find us on Twitter http://twitter.com/CakePHP
 
---
You received this message because you are subscribed to the Google Groups "CakePHP" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cake-php+unsubscribe@googlegroups.com.
To post to this group, send email to cake-php@googlegroups.com.
Visit this group at http://groups.google.com/group/cake-php.
For more options, visit https://groups.google.com/groups/opt_out.



--
Simon Males

--
Like Us on FaceBook https://www.facebook.com/CakePHP
Find us on Twitter http://twitter.com/CakePHP
 
---
You received this message because you are subscribed to the Google Groups "CakePHP" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cake-php+unsubscribe@googlegroups.com.
To post to this group, send email to cake-php@googlegroups.com.
Visit this group at http://groups.google.com/group/cake-php.
For more options, visit https://groups.google.com/groups/opt_out.

No comments: