boinc

Author	SHA1	Message	Date
Rom Walton	38af455fa7	HTMLGFX: Remove the secret handling stuff, it would prevent loading static images and other resources from the slot directory.	2015-01-06 11:03:41 -05:00
Rom Walton	ed431ced86	HTMLGFX: Implement a simple authentication scheme. Using the formal HTTP authentication scheme was too cumbersome and I couldn't pre-fill out that information as part of the request. IE11 emulation ignores any credentials as part of the URI. The web browser control insists on displaying a credentials dialog when challenged. So for now, look for a 'secret' header which just contains a thread identifier. Authentication is skipped if the app was started with the --debug command line argument. You'll be able to attach and debug your HTML application via the port number written in the Window title.	2014-12-30 23:20:48 -05:00
Rom Walton	2f3a8cb3ec	HTMLGFX: Fix a bunch of potential cross-site scripting issues. * Implement a mini HTTP server to service file requests from the slot directory. Have the browser control download the file(s) via the HTTP protocol instead of the FILE protocol. TODO: Lock down the authentication mechanism so that it is reasonably protected even though it is only bound to the loopback adapter. * Configure the browser emulation level for the executable to Internet Explorer 11.	2014-12-30 18:03:12 -05:00

Author

SHA1

Message

Date

Rom Walton

38af455fa7

HTMLGFX: Remove the secret handling stuff, it would prevent loading static images and other resources from the slot directory.

2015-01-06 11:03:41 -05:00

Rom Walton

ed431ced86

HTMLGFX: Implement a simple authentication scheme.

Using the formal HTTP authentication scheme was too cumbersome and I couldn't pre-fill out that information as part of the request.  IE11 emulation ignores any credentials as part of the URI.  The web browser control insists on displaying a credentials dialog when challenged.

So for now, look for a 'secret' header which just contains a thread identifier.

Authentication is skipped if the app was started with the --debug command line argument.  You'll be able to attach and debug your HTML application via the port number written in the Window title.

2014-12-30 23:20:48 -05:00

Rom Walton

2f3a8cb3ec

HTMLGFX: Fix a bunch of potential cross-site scripting issues.

* Implement a mini HTTP server to service file requests from the slot
directory.  Have the browser control download the file(s) via the
HTTP protocol instead of the FILE protocol.

TODO: Lock down the authentication mechanism so that it is reasonably
protected even though it is only bound to the loopback adapter.

* Configure the browser emulation level for the executable to
Internet Explorer 11.

2014-12-30 18:03:12 -05:00

3 Commits