redirect - Dave's Blog

Search

Win10 UWP WebView AddWebAllowedObject details

2017 Sep 4, 3:09

The x-ms-webview HTML element has the void addWebAllowedObject(string name, any value) method and the webview XAML element has the void AddWebAllowedObject(String name, Object value) method. The object parameter is projected into the webview’s top-level HTML document’s script engine as a new property on the global object with property name set to the name parameter. It is not injected into the current document but rather it is projected during initialization of the next top-level HTML document to which the webview navigates.

Lifetime

If AddWebAllowedObject is called during a NavigationStarting event handler the object will be injected into the document resulting from the navigation corresponding to that event.

If AddWebAllowedObject is called outside of the NavigationStarting event handler it will apply to the navigation corresponding to the next explicit navigate method called on the webview or the navigation corresponding to the next NavigationStarting event handler that fires, whichever comes first.

To avoid this potential race, you should use AddWebAllowedObject in one of two ways: 1. During a NavigationStarting event handler, 2. Before calling a Navigate method and without returning to the main loop.

If called both before calling a navigate method and in the NavigationStarting event handler then the result is the aggregate of all those calls.

If called multiple times for the same document with the same name the last call wins and the previous are silently ignored.

If AddWebAllowedObject is called for a navigation and that navigation fails or redirects to a different URI, the AddWebAllowedObject call is silently ignored.

After successfully adding an object to a document, the object will no longer be projected once a navigation to a new document occurs.

WinRT access

If AddWebAllowedObject is called for a document with All WinRT access then projection will succeed and the object will be added.

If AddWebAllowedObject is called for a document which has a URI which has no declared WinRT access via ApplicationContentUriRules then Allow for web only WinRT access is given to that document.

If the document has Allow for web only WinRT access then projection will succeed only if the object’s runtimeclass has the Windows.Foundation.Metadata.AllowForWeb metadata attribute.

Object requirements

The object must implement the IAgileObject interface. Because the XAML and HTML webview elements run on ASTA view threads and the webview’s content’s JavaScript thread runs on another ASTA thread a developer should not create their non-agile runtimeclass on the view thread. To encourage end developers to do this correctly we require the object implements IAgileObject.

Property name

The name parameter must be a valid JavaScript property name, otherwise the call will fail silently. If the name is already a property name on the global object, that property is overwritten if the property is configurable. Non-configurable properties on the global object are not overwritten and the AddWebAllowedObject call fails silently. On success, the projected property is writable, configurable, and enumerable.

Errors

Some errors as described above fail silently. Other issues, such as lack of IAgileObject or lack of the AllowForWeb attribute result in an error in the JavaScript developer console.

PermalinkComments

Let's Encrypt NearlyFreeSpeech.net Setup

2016 Feb 4, 2:48

2016-Nov-5: Updated post on using Let's Encrypt with NearlyFreeSpeech.net

I use NearlyFreeSpeech.net for my webhosting for my personal website and I've just finished setting up TLS via Let's Encrypt. The process was slightly more complicated than what you'd like from Let's Encrypt. So for those interested in doing the same on NearlyFreeSpeech.net, I've taken the following notes.

The standard Let's Encrypt client requires su/sudo access which is not available on NearlyFreeSpeech.net's servers. Additionally NFSN's webserver doesn't have any Let's Encrypt plugins installed. So I used the Let's Encrypt Without Sudo client. I followed the instructions listed on the tool's page with the addition of providing the "--file-based" parameter to sign_csr.py.

One thing the script doesn't produce is the chain file. But this topic "Let's Encrypt - Quick HOWTO for NSFN" covers how to obtain that:

curl -o domain.chn https://letsencrypt.org/certs/lets-encrypt-x1-cross-signed.pem

Now that you have all the required files, on your NFSN server make the directory /home/protected/ssl and copy your files into it. This is described in the NFSN topic provide certificates to NFSN. After copying the files and setting their permissions as described in the previous link you submit an assistance request. For me it was only 15 minutes later that everything was setup.

After enabling HTTPS I wanted to have all HTTP requests redirect to HTTPS. The normal Apache documentation on how to do this doesn't work on NFSN servers. Instead the NFSN FAQ describes it in "redirect http to https and HSTS". You use the X-Forwarded-Proto instead of the HTTPS variable because of how NFSN's virtual hosting is setup.

RewriteEngine on
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R=301]

Turning on HSTS is as simple as adding the HSTS HTTP header. However, the description in the above link didn't work because my site's NFSN realm isn't on the latest Apache yet. Instead I added the following to my .htaccess. After I'm comfortable with everything working well for a few days I'll start turning up the max-age to the recommended minimum value of 180 days.

Header set Strict-Transport-Security "max-age=3600;" 

Finally, to turn on CSP I started up Fiddler with my CSP Fiddler extension. It allows me to determine the most restrictive CSP rules I could apply and still have all resources on my page load. From there I found and removed inline script and some content loaded via http and otherwise continued tweaking my site and CSP rules.

After I was done I checked out my site on SSL Lab's SSL Test to see what I might have done wrong or needed improving. The first time I went through these steps I hadn't included the chain file which the SSL Test told me about. I was able to add that file to the same files I had already previously generated from the Let's Encrypt client and do another NFSN assistance request and 15 minutes later the SSL Test had upgraded me from 'B' to 'A'.

PermalinkCommentscertificate csp hsts https lets-encrypt nearlyfreespeech.net

A Slower Speed of Light Official Trailer — MIT Game Lab (by...

2012 Nov 13, 7:41


A Slower Speed of Light Official Trailer — MIT Game Lab (by Steven Schirra)

“A Slower Speed of Light is a first-person game in which players navigate a 3D space while picking up orbs that reduce the speed of light in increments. A custom-built, open-source relativistic graphics engine allows the speed of light in the game to approach the player’s own maximum walking speed. Visual effects of special relativity gradually become apparent to the player, increasing the challenge of gameplay. These effects, rendered in realtime to vertex accuracy, include the Doppler effect; the searchlight effect; time dilation; Lorentz transformation; and the runtime effect.

A production of the MIT Game Lab.

Play now for Mac and PC! http://gamelab.mit.edu/games/a-slower-speed-of-light/

PermalinkCommentsscience game video-game mit 3d light-speed

Seized shirt! For the feds, it’s not enough to simply seize...

2012 Aug 17, 8:40


Seized shirt!

For the feds, it’s not enough to simply seize domain names without warning or due process—they want to make sure everyone knows the website operators were breaking the law, even if that has yet to be proven in court. That’s why every domain that gets seized ends up redirecting to one of these dramatic warning pages, replete with the eagle-emblazoned badges of the federal agencies involved.

PermalinkCommentshumor law ip fbi legal shirt tshirt

Prime HTTP Status Codes

2012 Feb 22, 4:00
These are the prime HTTP status codes:
PermalinkCommentshttp prime technical useless

Lessons of the Chewbacca Incident « Binary Bonsai

2010 Sep 27, 1:51Learn how to correctly generalize about the users of Reddit, Facebook, BoingBoing, etc based on the redirect HTTP stats collected from this sites recent popular post on Chewbacca.PermalinkCommentsstatistics internet web blog

HTML 5 Video Seeking and Redirects

2010 Apr 26, 3:09Firefox developer on the topic of HTML5 video and the issues of using HTTP range requests to seek within an HTML5 video.PermalinkCommentshtml html5 http range technical video firefox web browser bug code programming

RFC 5849 - The OAuth 1.0 Protocol

2010 Apr 21, 6:49"OAuth provides a method for clients to access server resources on behalf of a resource owner (such as a different client or an end-user). It also provides a process for end-users to authorize third-party access to their server resources without sharing their credentials (typically, a username and password pair), using user-agent redirections."PermalinkCommentsoauth authorization security privacy internet web rfc standard technical

New Status Code -- 2xx Greedy Hotel? from Mark Nottingham on 2007-03-15 (ietf-http-wg@w3.org from January to March 2007)

2010 Apr 6, 11:17A thread on HTTPBIS concerning about how one might standardize hotels and other such proxies that inject redirects to their own payment or T&C agreement sites.PermalinkCommentshttp httpbis reference ietf network

Comcast DNSSEC Trial FAQs

2010 Feb 25, 4:10Comcast is running an opt-in DNSSEC trial for all Comcast customers. Their FAQ covers the incompat. of DNSSEC with their Comcast Domain Helper (typo DNS redirects to Comcast ads... bleh!): "What happens to Comcast Domain Helper, which offers DNS redirect services, when you fully implement DNSSEC? We believe that the web error redirection function of Comcast Domain Helper is technically incompatible with DNSSEC. Comcast has always known this and plans to turn off such redirection when DNSSEC is fully implemented." Yay!PermalinkCommentsdns dnssec comcast faq internet ip security technical

Metalink/HTTP: Mirrors and Checksums in HTTP Headers

2009 Nov 24, 5:51"Metalink/HTTP describes multiple download locations (mirrors), Peer-to-Peer, checksums, digital signatures, and other information using existing standards for HTTP headers. Clients can transparently use this information to make file transfers more robust and reliable."PermalinkCommentshttp metalink url p2p http-header cache redirect reference technical

301Works

2009 Nov 13, 6:36Hooray for the Internet Archive! "The Internet Archive and founding companies announce today the launch of 301Works.org, a service to archive shortened Universal Resource Locators (URLs). This will enable redirect services to incorporate these shortened URLs when a member company ceases business activities."PermalinkCommentsurl http redirect internet web internet-archive archive via:waxy technical

IE8 Search Providers, Accelerators, and Local Applications Hack

2009 Jul 25, 3:23

There's no easy way to use local applications on a PC as the result of an accelerator or a search provider in IE8 but there is a hack-y/obvious way, that I'll describe here. Both accelerators and search providers in IE8 fill in URL templates and navigate to the resulting URL when an accelerator or search provider is executed by the user. These URLs are limited in scheme to http and https but those pages may do anything any other webpage may do. If your local application has an ActiveX control you could use that, or (as I will provide examples for) if the local application has registered for an application protocol you can redirect to that URL. In any case, unfortunately this means that you must put a webpage on the Internet in order to get an accelerator or search provider to use a local application.

For examples of the app protocol case, I've created a callto accelerator that uses whatever application is registered for the callto scheme on your system, and a Windows Search search provider that opens Explorer's search with your search query. The callto accelerator navigates to my redirection page with 'callto:' followed by the selected text in the fragment and the redirection page redirects to that callto URL. In the Windows Search search provider case the same thing happens except the fragment contains 'search-ms:query=' followed by the selected text, which starts Windows Search on your system with the selected text as the query. I've looked into app protocols previously.

PermalinkCommentstechnical callto hack accelerator search ie8

Registry Reflection (Windows)

2008 Sep 3, 9:49Notes on how COM classes are registered on 64bit versions of Windows. Whole swaths of the registry (among other things) are redirected to a subnode named Wow6432Node when you're a 32bit process running on a 64bit Windows.PermalinkCommentsmsdn registry development microsoft 64bit

Excercise Bike and Tacoma Screw Products

2008 Jan 13, 11:07

Sarah and I got an exercise bike on sale and when attempting to put it together found that it was missing a bag of about ten different screws. The manufacturer website said we could order a replacement bag for thirty dollars (!!) but since the instructions listed the various kinds of screws we needed I figured we could just go to a hardware store and buy them.

We started at Home Depot because I didn't know better. The screws are all listed in metric sizes which is apparently uncommon and a helpful senior worker forwarded us to McLendons whose stock was better but we were again redirected this time to Tacoma Screw Products.

Tacoma Screw Products is great! See them for your hardware needs first! The store has a back area with every kind of screw ever. I felt a little out of place as as all the customers looked like contractors. The employee who helped me explained the various options I had in screws as the bike instructions weren't as explicit as they could have been. In the end I bought all my screws for only one dollar (much better than $30!) and they all fit correctly.

PermalinkCommentsscrew bike personal tacoma screw products nontechnical
Older Entries Creative Commons License Some rights reserved.