RE: Production and Development Environment
Sorry no, in development I still need to authenticate hence the allowance of api calls. This is the problem. Everything now is in a password protected folder. So no access. I need a way to allow API yet still have it in production so controller kicsksin and denys all access but login. Dave Maharaj Freelance Designer | Developer Description: header_logo www.movepixels.com | <mailto:d...@movepixels.com> d...@movepixels.com | 709.800.0852 From: cake-php@googlegroups.com [mailto:cake-php@googlegroups.com] On Behalf Of Reuben Helms Sent: Monday, December 02, 2013 8:45 PM To: cake-php@googlegroups.com Subject: Re: Production and Development Environment Trying one more time... The requirement is that in production, you need to authenticate to get access to the API, and that in development, no authentication is required. The assumption is that the authentication will be session based, with a form based login action. There has been mention of a .htaccess file, but it wasn't clearly stated if this was used to provide authentication via Basic Authentication. In the AppController, I would have: public function beforeFilter() { /* set up Authentication */ if (!Configure::read('developmentMode')) { $this->Auth->deny(); /* a default deny for all actions, when not in developmentMode */ } else { $this->Auth->allow(); /* a default allow for all actions, when in development mode */ } } And then in any controller, I would have: public function beforeFilter() { parent::beforeFilter(); /* the remainder of your code, to allow actions, and lift authentication restrictions for particular actions */ } In production, this will ensure that all actions are denied by default, to be overridden by specific controllers. In development, this will set up a default allow for all actions. It's been a while since I've actually played with the CakePHP 2.X Auth stuff, but that's the general idea I was going for. Best of luck finding a solution. Regards Reuben Helms On Tue, Dec 3, 2013 at 8:39 AM, Advantage+ wrote: I appolagize. But if parent::before filter is called in the controller and reads production or development anything called after that will be over-ridden no? You cannot get an API called back to a password protected folder so you have to remove the password protection, but if you want it to be a hidden folder which is not accessible you need a way to hide it. Dave Maharaj Freelance Designer | Developer Description: header_logo <http://www.movepixels.com> www.movepixels.com | <mailto:d...@movepixels.com> d...@movepixels.com | 709.800.0852 From: cake-php@googlegroups.com [mailto:cake-php@googlegroups.com] On Behalf Of AD7six Sent: Saturday, November 30, 2013 11:08 AM To: cake-php@googlegroups.com Subject: Re: Production and Development Environment On Friday, 29 November 2013 05:45:50 UTC+1, advantage+ wrote: Hmm sounds like the exact thing I saidand if you do Beforefilter::parent () in the controller what was the point of asking if there is an easy way to no go thur every controller! Example:: public function beforeFilter() { parent::beforeFilter(); $this->Auth->deny(); //Allow Security to allow ajax request for these actions $ajax_request = array('manage_add', 'manage_edit', 'manage_delete'); if(in_array($this->params['action'], $ajax_request)){ $this->Security->unlockedActions = $ajax_request; $this->Security->csrfCheck = false; } } Since parent:: is called you have to go thru every controller no? If you see a correct way I happy to hear about it. Thanks, Dave. -- Like Us on FaceBook https://www.facebook.com/CakePHP Find us on Twitter http://twitter.com/CakePHP --- You received this message because you are subscribed to a topic in the Google Groups "CakePHP" group. To unsubscribe from this topic, visit https://groups.google.com/d/topic/cake-php/qY0yLORk4MM/unsubscribe. To unsubscribe from this group and all its topics, send an email to cake-php+unsubscr...@googlegroups.com <mailto:cake-php%2bunsubscr...@googlegroups.com> . To post to this group, send email to cake-php@googlegroups.com. Visit this group at http://groups.google.com/group/cake-php. For more options, visit https://groups.google.com/groups/opt_out. -- Like Us on FaceBook https://www.facebook.com/CakePHP Find us on Twitter http://twitter.com/CakePHP --- You received this message because you are subscribed to the Google Groups "CakePHP" group. To unsubscribe from this group and stop receiving emails from it, send an email to cake-php+unsubscr...
Re: Production and Development Environment
I do this to config database for each server, production or development, i put this code in database.php: switch($_SERVER['HTTP_HOST']) { case 'localhost': case 'development': $this->default = $this->development; // $development has the configuration for the development database break; case 'www.example.com': case 'example.com': case 'production': $this->default = $this->production; // $production has the configuration for the production database break; default: $this->default = $this->development; break; } -- Like Us on FaceBook https://www.facebook.com/CakePHP Find us on Twitter http://twitter.com/CakePHP --- You received this message because you are subscribed to the Google Groups "CakePHP" group. To unsubscribe from this group and stop receiving emails from it, send an email to cake-php+unsubscr...@googlegroups.com. To post to this group, send email to cake-php@googlegroups.com. Visit this group at http://groups.google.com/group/cake-php. For more options, visit https://groups.google.com/groups/opt_out.
Re: Production and Development Environment
Trying one more time... The requirement is that in production, you need to authenticate to get access to the API, and that in development, no authentication is required. The assumption is that the authentication will be session based, with a form based login action. There has been mention of a .htaccess file, but it wasn't clearly stated if this was used to provide authentication via Basic Authentication. In the AppController, I would have: public function beforeFilter() { /* set up Authentication */ if (!Configure::read('developmentMode')) { $this->Auth->deny(); /* a default deny for all actions, when not in developmentMode */ } else { $this->Auth->allow(); /* a default allow for all actions, when in development mode */ } } And then in any controller, I would have: public function beforeFilter() { parent::beforeFilter(); /* the remainder of your code, to allow actions, and lift authentication restrictions for particular actions */ } In production, this will ensure that all actions are denied by default, to be overridden by specific controllers. In development, this will set up a default allow for all actions. It's been a while since I've actually played with the CakePHP 2.X Auth stuff, but that's the general idea I was going for. Best of luck finding a solution. Regards Reuben Helms On Tue, Dec 3, 2013 at 8:39 AM, Advantage+ wrote: > I appolagize. > > > > But if parent::before filter is called in the controller and reads > production or development anything called after that will be over-ridden no? > > > > You cannot get an API called back to a password protected folder so you > have to remove the password protection, but if you want it to be a hidden > folder which is not accessible you need a way to hide it. > > > > *Dave Maharaj* > > *Freelance Designer | Developer* > [image: Description: header_logo] > www.movepixels.com | d...@movepixels.com | 709.800.0852 > > > > *From:* cake-php@googlegroups.com [mailto:cake-php@googlegroups.com] *On > Behalf Of *AD7six > *Sent:* Saturday, November 30, 2013 11:08 AM > > *To:* cake-php@googlegroups.com > *Subject:* Re: Production and Development Environment > > > > > > On Friday, 29 November 2013 05:45:50 UTC+1, advantage+ wrote: > > Hmm sounds like the exact thing I said……..and if you do > > Beforefilter::parent () in the controller what was the point of asking if > there is an easy way to no go thur every controller! > > Example:: > > > > public function beforeFilter() { > > parent::beforeFilter(); > > $this->Auth->deny(); > > > > > > //Allow Security to allow ajax request for these actions > > $ajax_request = array('manage_add', 'manage_edit', ' > manage_delete'); > > if(in_array($this->params['action'], $ajax_request)){ > > > > $this->Security->unlockedActions = $ajax_request; > > $this->Security->csrfCheck = false; > > } > >} > > > > Since parent:: is called you have to go thru every controller no? > > > > If you see a correct way I happy to hear about it. > > > > Thanks, > > Dave. > > -- > Like Us on FaceBook https://www.facebook.com/CakePHP > Find us on Twitter http://twitter.com/CakePHP > > --- > You received this message because you are subscribed to a topic in the > Google Groups "CakePHP" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/cake-php/qY0yLORk4MM/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > cake-php+unsubscr...@googlegroups.com. > To post to this group, send email to cake-php@googlegroups.com. > Visit this group at http://groups.google.com/group/cake-php. > For more options, visit https://groups.google.com/groups/opt_out. > -- Like Us on FaceBook https://www.facebook.com/CakePHP Find us on Twitter http://twitter.com/CakePHP --- You received this message because you are subscribed to the Google Groups "CakePHP" group. To unsubscribe from this group and stop receiving emails from it, send an email to cake-php+unsubscr...@googlegroups.com. To post to this group, send email to cake-php@googlegroups.com. Visit this group at http://groups.google.com/group/cake-php. For more options, visit https://groups.google.com/groups/opt_out. <>
RE: Production and Development Environment
I appolagize. But if parent::before filter is called in the controller and reads production or development anything called after that will be over-ridden no? You cannot get an API called back to a password protected folder so you have to remove the password protection, but if you want it to be a hidden folder which is not accessible you need a way to hide it. Dave Maharaj Freelance Designer | Developer Description: header_logo www.movepixels.com | <mailto:d...@movepixels.com> d...@movepixels.com | 709.800.0852 From: cake-php@googlegroups.com [mailto:cake-php@googlegroups.com] On Behalf Of AD7six Sent: Saturday, November 30, 2013 11:08 AM To: cake-php@googlegroups.com Subject: Re: Production and Development Environment On Friday, 29 November 2013 05:45:50 UTC+1, advantage+ wrote: Hmm sounds like the exact thing I saidand if you do Beforefilter::parent () in the controller what was the point of asking if there is an easy way to no go thur every controller! Example:: public function beforeFilter() { parent::beforeFilter(); $this->Auth->deny(); //Allow Security to allow ajax request for these actions $ajax_request = array('manage_add', 'manage_edit', 'manage_delete'); if(in_array($this->params['action'], $ajax_request)){ $this->Security->unlockedActions = $ajax_request; $this->Security->csrfCheck = false; } } Since parent:: is called you have to go thru every controller no? If you see a correct way I happy to hear about it. Thanks, Dave. -- Like Us on FaceBook https://www.facebook.com/CakePHP Find us on Twitter http://twitter.com/CakePHP --- You received this message because you are subscribed to the Google Groups "CakePHP" group. To unsubscribe from this group and stop receiving emails from it, send an email to cake-php+unsubscr...@googlegroups.com. To post to this group, send email to cake-php@googlegroups.com. Visit this group at http://groups.google.com/group/cake-php. For more options, visit https://groups.google.com/groups/opt_out. <>
Re: Production and Development Environment
On Friday, 29 November 2013 05:45:50 UTC+1, advantage+ wrote: > > Hmm sounds like the exact thing I said……..and if you do > > Beforefilter::parent () in the controller what was the point of asking if > there is an easy way to no go thur every controller! > > > > And that would not solve the problem either and if you took a few seconds > to read the question Its clearly states no to go thru every controller > @simon - rookie ass fool > Please keep replies/posts professional - I don't think pointing out a tool related to environment management, for a question about environment problems warrants a noxious response. FWIW if your app is environment aware at all, you're probably doing it wrong (especially if you apparently need to edit all your controllers to do what you're asking). AD > > > > -- Like Us on FaceBook https://www.facebook.com/CakePHP Find us on Twitter http://twitter.com/CakePHP --- You received this message because you are subscribed to the Google Groups "CakePHP" group. To unsubscribe from this group and stop receiving emails from it, send an email to cake-php+unsubscr...@googlegroups.com. To post to this group, send email to cake-php@googlegroups.com. Visit this group at http://groups.google.com/group/cake-php. For more options, visit https://groups.google.com/groups/opt_out.
RE: Production and Development Environment
I did think of that, but every controller calls other functions which would over-ride the AppController such as: public function beforeFilter() { parent::beforeFilter(); //so this would say production $this->Auth->deny(); // then this would kick in //Allow Security to allow ajax request for these actions $ajax_request = array('manage_add', 'manage_edit', 'manage_delete'); if(in_array($this->params['action'], $ajax_request)){ $this->Security->unlockedActions = $ajax_request; $this->Security->csrfCheck = false; } } Dave Maharaj Freelance Designer | Developer Description: header_logo www.movepixels.com | <mailto:d...@movepixels.com> d...@movepixels.com | 709.800.0852 From: cake-php@googlegroups.com [mailto:cake-php@googlegroups.com] On Behalf Of Reuben Helms Sent: Friday, November 29, 2013 11:52 AM To: cake-php@googlegroups.com Subject: Re: Production and Development Environment You don't have to go through every controller. Just on the one controller, the AppController, for the default deny, and the code that will skip that deny if you have a config that suggests you're in a development environment. The only other Controller to touch will be the controller that looks after your login action, for which you'll want an accept after parent::beforeFilter(). On Fri, Nov 29, 2013 at 2:45 PM, Advantage+ wrote: Hmm sounds like the exact thing I saidand if you do Beforefilter::parent () in the controller what was the point of asking if there is an easy way to no go thur every controller! And that would not solve the problem either and if you took a few seconds to read the question Its clearly states no to go thru every controller @simon - rookie ass fool -- Like Us on FaceBook https://www.facebook.com/CakePHP Find us on Twitter http://twitter.com/CakePHP --- You received this message because you are subscribed to a topic in the Google Groups "CakePHP" group. To unsubscribe from this topic, visit https://groups.google.com/d/topic/cake-php/qY0yLORk4MM/unsubscribe. To unsubscribe from this group and all its topics, send an email to cake-php+unsubscr...@googlegroups.com <mailto:cake-php%2bunsubscr...@googlegroups.com> . To post to this group, send email to cake-php@googlegroups.com. Visit this group at http://groups.google.com/group/cake-php. For more options, visit https://groups.google.com/groups/opt_out. -- Like Us on FaceBook https://www.facebook.com/CakePHP Find us on Twitter http://twitter.com/CakePHP --- You received this message because you are subscribed to the Google Groups "CakePHP" group. To unsubscribe from this group and stop receiving emails from it, send an email to cake-php+unsubscr...@googlegroups.com. To post to this group, send email to cake-php@googlegroups.com. Visit this group at http://groups.google.com/group/cake-php. For more options, visit https://groups.google.com/groups/opt_out. -- Like Us on FaceBook https://www.facebook.com/CakePHP Find us on Twitter http://twitter.com/CakePHP --- You received this message because you are subscribed to the Google Groups "CakePHP" group. To unsubscribe from this group and stop receiving emails from it, send an email to cake-php+unsubscr...@googlegroups.com. To post to this group, send email to cake-php@googlegroups.com. Visit this group at http://groups.google.com/group/cake-php. For more options, visit https://groups.google.com/groups/opt_out. <>
Re: Production and Development Environment
You don't have to go through every controller. Just on the one controller, the AppController, for the default deny, and the code that will skip that deny if you have a config that suggests you're in a development environment. The only other Controller to touch will be the controller that looks after your login action, for which you'll want an accept after parent::beforeFilter(). On Fri, Nov 29, 2013 at 2:45 PM, Advantage+ wrote: > Hmm sounds like the exact thing I said……..and if you do > > Beforefilter::parent () in the controller what was the point of asking if > there is an easy way to no go thur every controller! > > > > And that would not solve the problem either and if you took a few seconds > to read the question Its clearly states no to go thru every controller > @simon - rookie ass fool > > > > > > -- > Like Us on FaceBook https://www.facebook.com/CakePHP > Find us on Twitter http://twitter.com/CakePHP > > --- > You received this message because you are subscribed to a topic in the > Google Groups "CakePHP" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/cake-php/qY0yLORk4MM/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > cake-php+unsubscr...@googlegroups.com. > To post to this group, send email to cake-php@googlegroups.com. > Visit this group at http://groups.google.com/group/cake-php. > For more options, visit https://groups.google.com/groups/opt_out. > -- Like Us on FaceBook https://www.facebook.com/CakePHP Find us on Twitter http://twitter.com/CakePHP --- You received this message because you are subscribed to the Google Groups "CakePHP" group. To unsubscribe from this group and stop receiving emails from it, send an email to cake-php+unsubscr...@googlegroups.com. To post to this group, send email to cake-php@googlegroups.com. Visit this group at http://groups.google.com/group/cake-php. For more options, visit https://groups.google.com/groups/opt_out.
RE: Production and Development Environment
Hmm sounds like the exact thing I saidand if you do Beforefilter::parent () in the controller what was the point of asking if there is an easy way to no go thur every controller! And that would not solve the problem either and if you took a few seconds to read the question Its clearly states no to go thru every controller @simon - rookie ass fool -- Like Us on FaceBook https://www.facebook.com/CakePHP Find us on Twitter http://twitter.com/CakePHP --- You received this message because you are subscribed to the Google Groups "CakePHP" group. To unsubscribe from this group and stop receiving emails from it, send an email to cake-php+unsubscr...@googlegroups.com. To post to this group, send email to cake-php@googlegroups.com. Visit this group at http://groups.google.com/group/cake-php. For more options, visit https://groups.google.com/groups/opt_out.
Re: Production and Development Environment
For that, you set up a deny by default in the AppController, and then override with specific allows in specific controllers. And then in development, where you seem to want unfettered access, just remove the global deny, so everything is allowed. (or used a config to denote it's the development environment, and by pass the global deny if it is). On Thu, Nov 28, 2013 at 7:47 PM, Advantage+ wrote: > I want to say mode= production so no access but login > > > > And not go thru every controller and deny() that’s what I am asking. > Nothing to do with ajax > > > > > > > > *Dave Maharaj* > > *Freelance Designer | Developer* > [image: Description: header_logo] > www.movepixels.com | d...@movepixels.com | 709.800.0852 > > > > *From:* cake-php@googlegroups.com [mailto:cake-php@googlegroups.com] *On > Behalf Of *Reuben > *Sent:* Thursday, November 28, 2013 12:53 AM > *To:* cake-php@googlegroups.com > *Subject:* Re: Production and Development Environment > > > > I'm assuming that's some sort of Ajax API that you're doing? > > > > You could make your Javascript aware that it's in a development > environment, and pass the Authorization token, as per > http://coderseye.com/2007/how-to-do-http-basic-auth-in-ajax.html. > > > > If you're using jQuery.ajax, you can pass the username and password for > Basic Authentication, but that leaves you a bit open. Also, it only sends > the info when challenged with a 401, so explicit header setting might be > your only option. [ > http://stackoverflow.com/questions/5507234/how-to-use-basic-auth-and-jquery-and-ajax > ] > > > > You could update the programming to only require authentication for > non-ajax requests, but that might be defeating the purposes as well. > > > > Of course, I'm assuming that your application would normally use Form > authorization in production, but you've got the added layer of Basic > authentication in development. > > > > This issue should only happen when calling the API from a different > domain. If the browser that is already authorized, is calling the APIs on > the same domain, then the Authorization token should be sent > automatically. I'm emphasizing that "should", because it would just seem > screwy if it didn't. > > On Thursday, 28 November 2013 09:48:42 UTC+10, advantage+ wrote: > > Building a site on client's server and password protected but now adding > in API functionality and the htaccess is blocking responses back from the > API calls since they can't reach the site. > > > > Is there a simply way to define production / development to allow access > without password protecting the site. > > I do not want to go thru all 65 controllers and re-code $this->Auth->deny() > / allow();. > > > > Thanks > > > > *Dave* > > > > -- > Like Us on FaceBook https://www.facebook.com/CakePHP > Find us on Twitter http://twitter.com/CakePHP > > --- > You received this message because you are subscribed to the Google Groups > "CakePHP" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to cake-php+unsubscr...@googlegroups.com. > > To post to this group, send email to cake-php@googlegroups.com. > Visit this group at http://groups.google.com/group/cake-php. > For more options, visit https://groups.google.com/groups/opt_out. > > -- > Like Us on FaceBook https://www.facebook.com/CakePHP > Find us on Twitter http://twitter.com/CakePHP > > --- > You received this message because you are subscribed to a topic in the > Google Groups "CakePHP" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/cake-php/qY0yLORk4MM/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > cake-php+unsubscr...@googlegroups.com. > To post to this group, send email to cake-php@googlegroups.com. > Visit this group at http://groups.google.com/group/cake-php. > For more options, visit https://groups.google.com/groups/opt_out. > -- Like Us on FaceBook https://www.facebook.com/CakePHP Find us on Twitter http://twitter.com/CakePHP --- You received this message because you are subscribed to the Google Groups "CakePHP" group. To unsubscribe from this group and stop receiving emails from it, send an email to cake-php+unsubscr...@googlegroups.com. To post to this group, send email to cake-php@googlegroups.com. Visit this group at http://groups.google.com/group/cake-php. For more options, visit https://groups.google.com/groups/opt_out. <>
Re: Production and Development Environment
Tried environments? https://github.com/OctoBear/cakephp-environments On Thu, Nov 28, 2013 at 5:47 PM, Advantage+ wrote: > I want to say mode= production so no access but login > > > > And not go thru every controller and deny() that’s what I am asking. > Nothing to do with ajax > > > > > > > > *Dave Maharaj* > > *Freelance Designer | Developer* > [image: Description: header_logo] > www.movepixels.com | d...@movepixels.com | 709.800.0852 > > > > *From:* cake-php@googlegroups.com [mailto:cake-php@googlegroups.com] *On > Behalf Of *Reuben > *Sent:* Thursday, November 28, 2013 12:53 AM > *To:* cake-php@googlegroups.com > *Subject:* Re: Production and Development Environment > > > > I'm assuming that's some sort of Ajax API that you're doing? > > > > You could make your Javascript aware that it's in a development > environment, and pass the Authorization token, as per > http://coderseye.com/2007/how-to-do-http-basic-auth-in-ajax.html. > > > > If you're using jQuery.ajax, you can pass the username and password for > Basic Authentication, but that leaves you a bit open. Also, it only sends > the info when challenged with a 401, so explicit header setting might be > your only option. [ > http://stackoverflow.com/questions/5507234/how-to-use-basic-auth-and-jquery-and-ajax > ] > > > > You could update the programming to only require authentication for > non-ajax requests, but that might be defeating the purposes as well. > > > > Of course, I'm assuming that your application would normally use Form > authorization in production, but you've got the added layer of Basic > authentication in development. > > > > This issue should only happen when calling the API from a different > domain. If the browser that is already authorized, is calling the APIs on > the same domain, then the Authorization token should be sent > automatically. I'm emphasizing that "should", because it would just seem > screwy if it didn't. > > On Thursday, 28 November 2013 09:48:42 UTC+10, advantage+ wrote: > > Building a site on client's server and password protected but now adding > in API functionality and the htaccess is blocking responses back from the > API calls since they can't reach the site. > > > > Is there a simply way to define production / development to allow access > without password protecting the site. > > I do not want to go thru all 65 controllers and re-code $this->Auth->deny() > / allow();. > > > > Thanks > > > > *Dave* > > > > -- > Like Us on FaceBook https://www.facebook.com/CakePHP > Find us on Twitter http://twitter.com/CakePHP > > --- > You received this message because you are subscribed to the Google Groups > "CakePHP" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to cake-php+unsubscr...@googlegroups.com. > To post to this group, send email to cake-php@googlegroups.com. > Visit this group at http://groups.google.com/group/cake-php. > For more options, visit https://groups.google.com/groups/opt_out. > > -- > Like Us on FaceBook https://www.facebook.com/CakePHP > Find us on Twitter http://twitter.com/CakePHP > > --- > You received this message because you are subscribed to the Google Groups > "CakePHP" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to cake-php+unsubscr...@googlegroups.com. > To post to this group, send email to cake-php@googlegroups.com. > Visit this group at http://groups.google.com/group/cake-php. > For more options, visit https://groups.google.com/groups/opt_out. > -- Simon Males -- Like Us on FaceBook https://www.facebook.com/CakePHP Find us on Twitter http://twitter.com/CakePHP --- You received this message because you are subscribed to the Google Groups "CakePHP" group. To unsubscribe from this group and stop receiving emails from it, send an email to cake-php+unsubscr...@googlegroups.com. To post to this group, send email to cake-php@googlegroups.com. Visit this group at http://groups.google.com/group/cake-php. For more options, visit https://groups.google.com/groups/opt_out. <>
RE: Production and Development Environment
I want to say mode= production so no access but login And not go thru every controller and deny() that's what I am asking. Nothing to do with ajax Dave Maharaj Freelance Designer | Developer Description: header_logo www.movepixels.com | <mailto:d...@movepixels.com> d...@movepixels.com | 709.800.0852 From: cake-php@googlegroups.com [mailto:cake-php@googlegroups.com] On Behalf Of Reuben Sent: Thursday, November 28, 2013 12:53 AM To: cake-php@googlegroups.com Subject: Re: Production and Development Environment I'm assuming that's some sort of Ajax API that you're doing? You could make your Javascript aware that it's in a development environment, and pass the Authorization token, as per http://coderseye.com/2007/how-to-do-http-basic-auth-in-ajax.html. If you're using jQuery.ajax, you can pass the username and password for Basic Authentication, but that leaves you a bit open. Also, it only sends the info when challenged with a 401, so explicit header setting might be your only option. [http://stackoverflow.com/questions/5507234/how-to-use-basic-auth-and-jquery -and-ajax] You could update the programming to only require authentication for non-ajax requests, but that might be defeating the purposes as well. Of course, I'm assuming that your application would normally use Form authorization in production, but you've got the added layer of Basic authentication in development. This issue should only happen when calling the API from a different domain. If the browser that is already authorized, is calling the APIs on the same domain, then the Authorization token should be sent automatically. I'm emphasizing that "should", because it would just seem screwy if it didn't. On Thursday, 28 November 2013 09:48:42 UTC+10, advantage+ wrote: Building a site on client's server and password protected but now adding in API functionality and the htaccess is blocking responses back from the API calls since they can't reach the site. Is there a simply way to define production / development to allow access without password protecting the site. I do not want to go thru all 65 controllers and re-code $this->Auth->deny() / allow();. Thanks Dave -- Like Us on FaceBook https://www.facebook.com/CakePHP Find us on Twitter http://twitter.com/CakePHP --- You received this message because you are subscribed to the Google Groups "CakePHP" group. To unsubscribe from this group and stop receiving emails from it, send an email to cake-php+unsubscr...@googlegroups.com. To post to this group, send email to cake-php@googlegroups.com. Visit this group at http://groups.google.com/group/cake-php. For more options, visit https://groups.google.com/groups/opt_out. -- Like Us on FaceBook https://www.facebook.com/CakePHP Find us on Twitter http://twitter.com/CakePHP --- You received this message because you are subscribed to the Google Groups "CakePHP" group. To unsubscribe from this group and stop receiving emails from it, send an email to cake-php+unsubscr...@googlegroups.com. To post to this group, send email to cake-php@googlegroups.com. Visit this group at http://groups.google.com/group/cake-php. For more options, visit https://groups.google.com/groups/opt_out. <>
RE: Production and Development Environment
No no. Just site acces. Nothing to do with ajax. Dave Maharaj Freelance Designer | Developer Description: header_logo www.movepixels.com | <mailto:d...@movepixels.com> d...@movepixels.com | 709.800.0852 From: cake-php@googlegroups.com [mailto:cake-php@googlegroups.com] On Behalf Of Reuben Sent: Thursday, November 28, 2013 12:53 AM To: cake-php@googlegroups.com Subject: Re: Production and Development Environment I'm assuming that's some sort of Ajax API that you're doing? You could make your Javascript aware that it's in a development environment, and pass the Authorization token, as per http://coderseye.com/2007/how-to-do-http-basic-auth-in-ajax.html. If you're using jQuery.ajax, you can pass the username and password for Basic Authentication, but that leaves you a bit open. Also, it only sends the info when challenged with a 401, so explicit header setting might be your only option. [http://stackoverflow.com/questions/5507234/how-to-use-basic-auth-and-jquery -and-ajax] You could update the programming to only require authentication for non-ajax requests, but that might be defeating the purposes as well. Of course, I'm assuming that your application would normally use Form authorization in production, but you've got the added layer of Basic authentication in development. This issue should only happen when calling the API from a different domain. If the browser that is already authorized, is calling the APIs on the same domain, then the Authorization token should be sent automatically. I'm emphasizing that "should", because it would just seem screwy if it didn't. On Thursday, 28 November 2013 09:48:42 UTC+10, advantage+ wrote: Building a site on client's server and password protected but now adding in API functionality and the htaccess is blocking responses back from the API calls since they can't reach the site. Is there a simply way to define production / development to allow access without password protecting the site. I do not want to go thru all 65 controllers and re-code $this->Auth->deny() / allow();. Thanks Dave -- Like Us on FaceBook https://www.facebook.com/CakePHP Find us on Twitter http://twitter.com/CakePHP --- You received this message because you are subscribed to the Google Groups "CakePHP" group. To unsubscribe from this group and stop receiving emails from it, send an email to cake-php+unsubscr...@googlegroups.com. To post to this group, send email to cake-php@googlegroups.com. Visit this group at http://groups.google.com/group/cake-php. For more options, visit https://groups.google.com/groups/opt_out. -- Like Us on FaceBook https://www.facebook.com/CakePHP Find us on Twitter http://twitter.com/CakePHP --- You received this message because you are subscribed to the Google Groups "CakePHP" group. To unsubscribe from this group and stop receiving emails from it, send an email to cake-php+unsubscr...@googlegroups.com. To post to this group, send email to cake-php@googlegroups.com. Visit this group at http://groups.google.com/group/cake-php. For more options, visit https://groups.google.com/groups/opt_out. <>
Re: Production and Development Environment
I'm assuming that's some sort of Ajax API that you're doing? You could make your Javascript aware that it's in a development environment, and pass the Authorization token, as per http://coderseye.com/2007/how-to-do-http-basic-auth-in-ajax.html. If you're using jQuery.ajax, you can pass the username and password for Basic Authentication, but that leaves you a bit open. Also, it only sends the info when challenged with a 401, so explicit header setting might be your only option. [ http://stackoverflow.com/questions/5507234/how-to-use-basic-auth-and-jquery-and-ajax ] You could update the programming to only require authentication for non-ajax requests, but that might be defeating the purposes as well. Of course, I'm assuming that your application would normally use Form authorization in production, but you've got the added layer of Basic authentication in development. This issue should only happen when calling the API from a different domain. If the browser that is already authorized, is calling the APIs on the same domain, then the Authorization token should be sent automatically. I'm emphasizing that "should", because it would just seem screwy if it didn't. On Thursday, 28 November 2013 09:48:42 UTC+10, advantage+ wrote: > > Building a site on client's server and password protected but now adding > in API functionality and the htaccess is blocking responses back from the > API calls since they can't reach the site. > > > > Is there a simply way to define production / development to allow access > without password protecting the site. > > I do not want to go thru all 65 controllers and re-code $this->Auth->deny() > / allow();. > > > > Thanks > > > > *Dave* > > > -- Like Us on FaceBook https://www.facebook.com/CakePHP Find us on Twitter http://twitter.com/CakePHP --- You received this message because you are subscribed to the Google Groups "CakePHP" group. To unsubscribe from this group and stop receiving emails from it, send an email to cake-php+unsubscr...@googlegroups.com. To post to this group, send email to cake-php@googlegroups.com. Visit this group at http://groups.google.com/group/cake-php. For more options, visit https://groups.google.com/groups/opt_out.