Yeah, if you need to be able to allow some requests without cookies to a 'secure' url you'll need to use a lower-level solution like those. The options in app.yaml are higher-level.
Robert On Tue, Jan 18, 2011 at 00:17, Silencer <devassyh...@gmail.com> wrote: > > Thanks Robert , > > Those solutions look better coding to me. > > So i will have to anyway remove login:admin for URL's destined to be > used for Cross Domain Resource Sharing. > > Even login:required will also fail right ? > Because preflight request is never send with cookies. > > So basically i have to implement url securing myself. > > > > On Jan 17, 11:19 pm, Robert Kluin <robert.kl...@gmail.com> wrote: >> Securing your URLs in code is OK, provided you're doing it >> consistently perhaps using a decorator, or in a base AdminHandler. >> This will let you allow some calls or respond differently to non-admin >> calls. >> >> You might also want to check out the users.is_current_user_admin() function. >> http://code.google.com/appengine/docs/python/users/functions.html >> >> And, I would also suggest looking at the @login_required decorator. >> You could just write a @admin_required decorator. >> http://code.google.com/appengine/docs/python/tools/webapp/utilmodule.... >> >> Robert >> >> On Mon, Jan 17, 2011 at 12:33, Silencer <devassyh...@gmail.com> wrote: >> > i have two apps let us call it app1 and app2 ; >> >> > Assume that i have logged in as admin in both apps. >> > in my work-flow i have to do a POST request from app1 rendered page >> > (http://app1.appspot.com/sourcepage ) >> > to and apps url (http://app2.appspot.com/updatedata) . >> >> >http://app2.appspot.com/updatedatais a url secured by login:admin in >> > the app.yaml file >> >> > Now in FF3.6 , when such an ajax request is done using jQuery , >> > FF3.6 will first send a Preflighted request ( OPTIONS request ) . >> > This request is sent without cookies. >> > So appengine returns a redirect as response. >> > Although i have implemented the options(self) function for the >> > request, the control never reaches there >> >> > So the original POST is not send at all. >> >> > i read in some article that the credentials will not be sent with the >> > Preflighted request >> > So in that case is there a way to make options request alone to pass >> > through for admin urls ? >> >> > TO get my workflow done at last i removed login:admin from app.yaml >> > and >> > checks for user logged in and compare email id's to a set of allowed >> > admins. >> > I know it is bad programming , but still. >> >> > Is there any thing that i miss ? >> >> > Please help >> >> > -- >> > You received this message because you are subscribed to the Google Groups >> > "Google App Engine" group. >> > To post to this group, send email to google-appengine@googlegroups.com. >> > To unsubscribe from this group, send email to >> > google-appengine+unsubscr...@googlegroups.com. >> > For more options, visit this group >> > athttp://groups.google.com/group/google-appengine?hl=en. > > -- > You received this message because you are subscribed to the Google Groups > "Google App Engine" group. > To post to this group, send email to google-appengine@googlegroups.com. > To unsubscribe from this group, send email to > google-appengine+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/google-appengine?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to google-appengine@googlegroups.com. To unsubscribe from this group, send email to google-appengine+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.
