Thanks Robert , Those solutions look better coding to me.
So i will have to anyway remove login:admin for URL's destined to be used for Cross Domain Resource Sharing. Even login:required will also fail right ? Because preflight request is never send with cookies. So basically i have to implement url securing myself. On Jan 17, 11:19 pm, Robert Kluin <robert.kl...@gmail.com> wrote: > Securing your URLs in code is OK, provided you're doing it > consistently perhaps using a decorator, or in a base AdminHandler. > This will let you allow some calls or respond differently to non-admin > calls. > > You might also want to check out the users.is_current_user_admin() function. > http://code.google.com/appengine/docs/python/users/functions.html > > And, I would also suggest looking at the @login_required decorator. > You could just write a @admin_required decorator. > http://code.google.com/appengine/docs/python/tools/webapp/utilmodule.... > > Robert > > On Mon, Jan 17, 2011 at 12:33, Silencer <devassyh...@gmail.com> wrote: > > i have two apps let us call it app1 and app2 ; > > > Assume that i have logged in as admin in both apps. > > in my work-flow i have to do a POST request from app1 rendered page > > (http://app1.appspot.com/sourcepage ) > > to and apps url (http://app2.appspot.com/updatedata) . > > >http://app2.appspot.com/updatedatais a url secured by login:admin in > > the app.yaml file > > > Now in FF3.6 , when such an ajax request is done using jQuery , > > FF3.6 will first send a Preflighted request ( OPTIONS request ) . > > This request is sent without cookies. > > So appengine returns a redirect as response. > > Although i have implemented the options(self) function for the > > request, the control never reaches there > > > So the original POST is not send at all. > > > i read in some article that the credentials will not be sent with the > > Preflighted request > > So in that case is there a way to make options request alone to pass > > through for admin urls ? > > > TO get my workflow done at last i removed login:admin from app.yaml > > and > > checks for user logged in and compare email id's to a set of allowed > > admins. > > I know it is bad programming , but still. > > > Is there any thing that i miss ? > > > Please help > > > -- > > You received this message because you are subscribed to the Google Groups > > "Google App Engine" group. > > To post to this group, send email to google-appengine@googlegroups.com. > > To unsubscribe from this group, send email to > > google-appengine+unsubscr...@googlegroups.com. > > For more options, visit this group > > athttp://groups.google.com/group/google-appengine?hl=en. -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to google-appengine@googlegroups.com. To unsubscribe from this group, send email to google-appengine+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.