personal - Dave's Blog

Search

JavaScript Microsoft Store app StartPage

2017 Jun 22, 8:58

JavaScript Microsoft Store apps have some details related to activation that are specific to JavaScript Store apps and that are poorly documented which I’ll describe here.

StartPage syntax

The StartPage attributes in the AppxManifest.xml (Package/Applications/Application/@StartPage, Package/Applications/Extensions/Extension/@StartPage) define the HTML page entry point for that kind of activation. That is, Application/@StartPage defines the entry point for tile activation, Extension[@Category="windows.protocol"]/@StartPage defines the entry point for URI handling activation, etc. There are two kinds of supported values in StartPage attributes: relative Windows file paths and absolute URIs. If the attribute doesn’t parse as an absolute URI then it is instead interpreted as relative Windows file path.

This implies a few things that I’ll declare explicitly here. Windows file paths, unlike URIs, don’t have a query or fragment, so if you are using a relative Windows file path for your StartPage attribute you cannot include anything like ‘?param=value’ at the end. Absolute URIs use percent-encoding for reserved characters like ‘%’ and ‘#’. If you have a ‘#’ in your HTML filename then you need to percent-encode that ‘#’ for a URI and not for a relative Windows file path.

If you specify a relative Windows file path, it is turned into an ms-appx URI by changing all backslashes to forward slashes, percent-encoding reserved characters, and combining the result with a base URI of ms-appx:///. Accordingly the relative Windows file paths are relative to the root of your package. If you are using a relative Windows file path as your StartPage and need to switch to using a URI so you can include a query or fragment, you can follow the same steps above.

StartPage validity

The validity of the StartPage is not determined before activation. If the StartPage is a relative Windows file path for a file that doesn’t exist, or an absolute URI that is not in the Application Content URI Rules, or something that doesn’t parse as a Windows file path or URI, or otherwise an absolute URI that fails to resolve (404, bad hostname, etc etc) then the JavaScript app will navigate to the app’s navigation error page (perhaps more on that in a future blog post). Just to call it out explicitly because I have personally accidentally done this: StartPage URIs are not automatically included in the Application Content URI Rules and if you forget to include your StartPage in your ACUR you will always fail to navigate to that StartPage.

StartPage navigation

When your app is activated for a particular activation kind, the StartPage value from the entry in your app’s manifest that corresponds to that activation kind is used as the navigation target. If the app is not already running, the app is activated, navigated to that StartPage value and then the Windows.UI.WebUI.WebUIApplication activated event is fired (more details on the order of various events in a moment). If, however, your app is already running and an activation occurs, we navigate or don’t navigate to the corresponding StartPage depending on the current page of the app. Take the app’s current top level document’s URI and if after removing the fragment it already matches the StartPage value then we won’t navigate and will jump straight to firing the WebUIApplication activated event.

Since navigating the top-level document means destroying the current JavaScript engine instance and losing all your state, this behavior might be a problem for you. If so, you can use the MSApp.pageHandlesAllApplicationActivations(true) API to always skip navigating to the StartPage and instead always jump straight to firing the WebUIApplication activated event. This does require of course that all of your pages all handle all activation kinds about which any part of your app cares.

PermalinkComments

Let's Encrypt NearlyFreeSpeech.net Setup

2016 Feb 4, 2:48

2016-Nov-5: Updated post on using Let's Encrypt with NearlyFreeSpeech.net

I use NearlyFreeSpeech.net for my webhosting for my personal website and I've just finished setting up TLS via Let's Encrypt. The process was slightly more complicated than what you'd like from Let's Encrypt. So for those interested in doing the same on NearlyFreeSpeech.net, I've taken the following notes.

The standard Let's Encrypt client requires su/sudo access which is not available on NearlyFreeSpeech.net's servers. Additionally NFSN's webserver doesn't have any Let's Encrypt plugins installed. So I used the Let's Encrypt Without Sudo client. I followed the instructions listed on the tool's page with the addition of providing the "--file-based" parameter to sign_csr.py.

One thing the script doesn't produce is the chain file. But this topic "Let's Encrypt - Quick HOWTO for NSFN" covers how to obtain that:

curl -o domain.chn https://letsencrypt.org/certs/lets-encrypt-x1-cross-signed.pem

Now that you have all the required files, on your NFSN server make the directory /home/protected/ssl and copy your files into it. This is described in the NFSN topic provide certificates to NFSN. After copying the files and setting their permissions as described in the previous link you submit an assistance request. For me it was only 15 minutes later that everything was setup.

After enabling HTTPS I wanted to have all HTTP requests redirect to HTTPS. The normal Apache documentation on how to do this doesn't work on NFSN servers. Instead the NFSN FAQ describes it in "redirect http to https and HSTS". You use the X-Forwarded-Proto instead of the HTTPS variable because of how NFSN's virtual hosting is setup.

RewriteEngine on
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R=301]

Turning on HSTS is as simple as adding the HSTS HTTP header. However, the description in the above link didn't work because my site's NFSN realm isn't on the latest Apache yet. Instead I added the following to my .htaccess. After I'm comfortable with everything working well for a few days I'll start turning up the max-age to the recommended minimum value of 180 days.

Header set Strict-Transport-Security "max-age=3600;" 

Finally, to turn on CSP I started up Fiddler with my CSP Fiddler extension. It allows me to determine the most restrictive CSP rules I could apply and still have all resources on my page load. From there I found and removed inline script and some content loaded via http and otherwise continued tweaking my site and CSP rules.

After I was done I checked out my site on SSL Lab's SSL Test to see what I might have done wrong or needed improving. The first time I went through these steps I hadn't included the chain file which the SSL Test told me about. I was able to add that file to the same files I had already previously generated from the Let's Encrypt client and do another NFSN assistance request and 15 minutes later the SSL Test had upgraded me from 'B' to 'A'.

PermalinkCommentscertificate csp hsts https lets-encrypt nearlyfreespeech.net

Tweet from David_Risney

2015 Apr 14, 9:51
Time of year we're reminded that Intuit spends millions to ensure we have to do our own taxes - for sake of freedom! http://www.nytimes.com/2015/04/16/technology/personaltech/turbotax-or-irs-as-tax-preparer-intuit-has-a-favorite.html …
PermalinkComments

Cloud Share - New App

2014 May 23, 4:06

I've put a new app on the Windows Store: Cloud Share. It connects the web to your Windows 8 share charm.

I did the development on GitHub and quite enjoyed myself. I wasn't sure I liked the game-ification of development in GitHub's dashboard showing you your longest development streak in days. However I realized that it encourages me to do work on my personal project and anything that aids in holding my attention on and helping me finish these projects is a good thing.

PermalinkCommentsdevelopment github javascript JS technical windows

picjumbo

2014 Jan 5, 2:22
/wp-content/uploads/IMG_3811-1300x866.jpg"/>

picjumbo

totally free photos for your commercial & personal works

 

PermalinkCommentsphoto free photography

Attention:!!!, Behold, you are reading a letter from your President Barack Obama.

2012 Sep 26, 2:43

Eric gets the most entertaining mail.

You have failed to comply with them after all the warning and instructions given to you, but since you are also among the terrorist we are facing in the country, I will personal make sure that I wipe away the crime in the state and I promise you that you will definitely pay with your life because I am here to protect the interest of my people and not to put them in shame, you suppose to support this government and not to spoil it.

PermalinkCommentshumor spam scam email eric-law

Alex Claps (by Sarah Moffatt) Sarah chose the music =)

2012 May 7, 5:45


Alex Claps (by Sarah Moffatt)

Sarah chose the music =)

PermalinkCommentsalex family video baby personal

First crawls of Alex (by Sarah Moffatt)

2012 Apr 23, 11:22


First crawls of Alex (by Sarah Moffatt)

PermalinkCommentspersonal alex crawling

Blackmail DRM - Stolen Thoughts

2012 Feb 13, 4:00

Most existing DRM attempts to only allow the user to access the DRM'ed content with particular applications or with particular credentials so that if the file is shared it won't be useful to others. A better solution is to encode any of the user's horrible secrets into unique versions of the DRM'ed content so that the user won't want to share it. Entangle the users and the content provider's secrets together in one document and accordingly their interests. I call this Blackmail DRM. For an implementation it is important to point out that the user's horrible secret doesn't need to be verified as accurate, but merely verified as believable.

Apparently I need to get these blog posts written faster because only recently I read about Social DRM which is a light weight version of my idea but with a misleading name. Instead of horrible secrets, they say they'll use personal information like the user's name in the DRM'ed content. More of my thoughts stolen and before I even had a chance to think of it first!

PermalinkCommentsdrm blackmail blackmail-drm technical humor social-drm

Swiss government keeps downloading legal after piracy study

2011 Dec 4, 2:28

“One in three people in Switzerland download unauthorized music, movies and games from the Internet and since last year the government has been wondering what to do about it. … The overall conclusion of the study is that the current copyright law, under which downloading copyrighted material for personal use is permitted, doesn’t have to change.” Wow, that sounds like almost reasonable and understandable copyright law.

PermalinkCommentstechnical political swiss copyright law legal

YouTube - ‪Star Trek: The Captain's Summit (1 of 7)‬‏

2011 Jun 30, 1:23"Join Whoopi Goldberg (Guinan) as she hosts The Captain's Summit. Whoopi sits down with Trek stars William Shatner (Kirk), Leonard Nimoy (Spock), Patrick Stewart (Picard) and Jonathan Frakes (Riker) and gets personal with them. From fan-etiquette to comparing series, this is a must see for all Trek fans."

PermalinkCommentsnerd video startrek youtube tng tos

Re: [FileAPI] File.slice spec bug from Jonas Sicking on 2011-04-12 (public-webapps@w3.org from April to June 2011)

2011 Apr 14, 11:27If only all web compat issues were so easily fixed: "If someone knows about any websites I can personally take care of contacting them and trying to get them fixed."PermalinkCommentsw3c reference file api standard

Back to the Future (1985) - a set on Flickr

2011 Jan 23, 3:26Personal photos from the Back to the Future set during filming taken by a Universal security guard.
PermalinkCommentsphotos bttf backtothefuture movies

Bruce Lawson’s personal site  : In praise of Internet Explorer 6

2010 Dec 7, 2:24"...suggested that I document this fact before history records that we all hated it from the second it was released: we didn’t hate it at all. We loved it."PermalinkCommentscss history ie6 ie web browser technical

Area Man Suddenly Realizes He's The One Who's Been Killing Off World's Bee Population | The Onion - America's Finest News Source

2010 Sep 8, 2:16'Following a news update on the depopulation of honeybees across North America and much of the world, it suddenly dawned on local bank teller Keith Orlander Tuesday that he, personally, was responsible for the dramatic and theretofore unexplained disappearance of the insects. "Boy, come to think of it, I guess I have been killing millions of bees lately,"'PermalinkCommentsbee bees humor onion

Make: Online : How-To: Personal Applause Sign

2010 Jul 14, 10:24This would be perfect to hook up to my automated test system. Everytime new tests pass the applause sign flashes.PermalinkCommentsapplause sign howto

Google and Outlook Calendar Sync'ing

2010 Jul 8, 9:00
I previously described my desire to hook my Outlook calendar up to my Google calendar. I just found out that I can do this and the reverse as both support publishing calendars to the Internet. The following are how I set this up under Outlook 2010 and Google Calendar:

In Outlook, I go to the calendar view, right click on my calendar and select "Share Publish to Office.com". At this point I can change the permissions to allow anonymous Internet access, and under Detail change between 'Full details' (full calendar), 'Limited details' (subject lines & availability only), 'Availability only'. Availability only is almost just what I want -- I'd also like to include location but availability only is good enough. After hitting OK here I get a 'Do you want to send an invitation...' dialog box. I hit 'Yes' and I can copy the webcals:// URL out of the email window that opens up. Next, to add it to my Google calendar, I open http://www.google.com/calendar/, and under 'Other calendars', I select 'Add Add by URL', paste in that webcals:// URL but change the 'webcals' at the start to 'https'.

In Google Calendar, I can click on my calendar name under 'My calendars', select 'Calendar settings', and on the new page, look under 'Calendar Address', click the ICAL icon, and copy the URL in the new dialog. Now back in Outlook I go to the Calendar view, right click on 'My Calendars', and select 'Add Calendar From Internet...'. In the new dialog that pops up I paste in the URL from Google Calendar.

In this fashion I can share public calendar data between my personal and work calendars.
PermalinkComments

First Time Pulled Over

2010 Jun 19, 5:09

I was pulled over for the first time this past Thursday. I got a citation because the tabs on my car were out of date. Oops.

PermalinkCommentspersonal pulled over traffic citation

Animated GIF From Wedding

2010 Jun 13, 3:47From Angie's photos of my wedding there's a sequence of four photos where everyone's holding still except me. Of course I turned this into an animated GIF using GIF Make, to produce my animated wedding GIF. I don't embed the image in the HTML because it is really irritating.PermalinkCommentswedding animated photo personal gif

I'm Married!

2010 Jun 12, 2:18

2010_05_Dave and Sarah Wedding_Sarah and Dave Married WalkDid I mention that I got married two weeks ago today on May 29th? Its true! Our wedding was a kind of planning singularity -- all of my planning efforts would get sucked into that day and I couldn't make any plans past that date. But the actual wedding itself was lovely and I didn't feel nearly as stressed out or nervous during the wedding as I did trying to plan for it. I've been gathering wedding photos on our wedding website photos page.

PermalinkCommentswedding photo personal marriage
Older Entries Creative Commons License Some rights reserved.