CodeIgniter Forums

Full Version: setting up .htaccess and other security
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Pages: 1 2
I have gotten my CI app up and going on KnowHost's shared server. Now I am trying to get my Extension talking with the remote hoster. I don't know how to setup security on the remote host.  Here is what I tried so far:
 
url=http://substantiator.com/rndcontroller/s...it_backend


I am using XMLHttpRequest.open("POST", url, async, user, password). I tried using my userid and password but it failed with a 403 error (forbidden). Next I removed the Directory Privacy , and I still got error 403. So now I typed the url into my browser address bar and I still get 403 error. 

If I type http://substantiator.com/rndcontroller/sub_crud in the browser, it works fine. It seems that access to the http://substantiator.com/rndcontroller/sub_crud/application/controller directory is not working. 

Does anyone know what I need to do get be able to access this directory from my browser or what to check?
The Litespeed server can't resolve the controller/method you're looking for.

"/rndcontroller/sub_crud/application/controller/Subit_backend" isn't being resolved by the router and isn't an existing literal file.

I'm really confused about your URL... do you have a controller named application with 'controller' and 'Sub_backend' as variables?
I have two CI controllers Configure and Subit_backend. Configure allows the user to setup a "campaign" (whatever that is!). It is just a plain vanilla CI/Grocery Crud app that talks with the mySQL server.  That part seems to work fine. The other controller, Subit_backend, doesn't have any UI. It just receives queries my external  from my Chrome Extension via XMLHttp and responds back with some json buffers. There is not a huge amount of data being transferred back and forth. So I am trying to reach

http://substantiator.com/rndcontroller/s...d/register

Register is a function within Subit_backend.php that gets the json message and responds back. On my local server I access the Subit_backend with

var url = 'http://localhost/Subit_backend/register';
xhr.open('POST', url, true);

This works fine on my localhost but I am getting a 403 error when I try to get to use
url=http://substantiator.com/rndcontroller/sub_crud/controller/Subit_backend/register
Assuming you're new server is a flavor of Linux/Unix, Case matters in files and folders, but not in urls...  actually, all urls should be lowercase, and you're still learning routes. (https://codeigniter.com/user_guide/general/routing.html)

So, Let's assume a couple things:

1: you're using a subdirectory of rndcontroller in your public_html folder, so your url so far is:
http://substantiator.com/rndcontroller/  
http://substantiator.com/rndcontroller/index.php  (WITHOUT .htaccess)

2: Then you're looking to use 'Subit_backend' in 'public_html/rndcontroller/application/Subit_backend.php'

Your URL now looks like:
http://substantiator.com/rndcontroller/subit_backend/
http://substantiator.com/rndcontroller/i...t_backend/   (WITHOUT .htaccess)

Thus my confusion on your urls in the OP. You never need to traverse through the directories with URLs to use controllers and methods.  

If that's not the case of how things are in directories, explain it with directories and more details.

Slightly unrelated, but all API/async calls should be done over a secure connection(https://).
Figured it out.

Here's the URL you should be calling.

PHP Code:
http://substantiator.com/rndcontroller/sub_crud/subit_backend
http://substantiator.com/rndcontroller/sub_crud/subit_backend/register 


etc..
THANK YOU! so I don't need the whole path! How about userid and password? Required?
You're welcome.

no, URLs are not paths.

userid and password is a different problem. Try sending with a POST like you are and see what happens. Whether they're required or not depends on how you've written your code...
I may need to set
    Access-Control-Allow-Origin: *
to allow any origin to access the resource

Where would I set this? Is that something that I need to include in the subit_backend part of the CI application? Or is it a server config thing?

Or does it go into the javascript that is making the XMLHTTP call?
Other folks might have a better answer for you but as I remember it...

Depends if you're calling from the same domain. Note that domain.com and subdomain.domain.com is not the same domain in the eyes of your browser.

I found this in a quick google search that will explain and has some links to help.  
https://stackoverflow.com/questions/1140...hout-jsonp
I'll take a look at it thanks. The answer is this is cross domain.
Pages: 1 2