post form to external website

Hello all,

I'm building a Seaside (version 2.9) component for uploading files directly to an Amazon S3 bucket. For this AWS supports HTTP POST requests, see http://docs.amazonwebservices.com/AmazonS3/2006-03-01/index.html?UsingHTTPPOST.html

I can create the form that fulfills the AWS specifications, with one exception: Seaside adds two hidden parameters to the for _s and _k This breaks the AWS security checks on the form parameters.

These parameters are not required when posting to an external website. Is there an easy way to remove them in this situation?

Regards,
Jan.

_______________________________________________
seaside mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside

I submitted this as an improvement request a while ago and it (or some
variant) might already be in latest Seaside 2.9?

-Boris

--
+1.604.689.0322
DeepCove Labs Ltd.
4th floor 595 Howe Street
Vancouver, Canada V6C 2T5
http://tinyurl.com/r7uw4

[hidden email]

CONFIDENTIALITY NOTICE

This email is intended only for the persons named in the message header.
Unless otherwise indicated, it contains information that is private and
confidential. If you have received it in error, please notify the sender
and delete the entire message including any attachments.

Thank you.
-----Original Message-----
From: [hidden email]
[mailto:[hidden email]] On Behalf Of Jan van
de Sandt
Sent: Friday, January 09, 2009 2:27 PM
To: [hidden email]
Subject: [Seaside] post form to external website

Hello all,

I'm building a Seaside (version 2.9) component for uploading files
directly to an Amazon S3 bucket. For this AWS supports HTTP POST
requests, see
http://docs.amazonwebservices.com/AmazonS3/2006-03-01/index.html?UsingHT
TPPOST.html

I can create the form that fulfills the AWS specifications, with one
exception: Seaside adds two hidden parameters to the for _s and _k This
breaks the AWS security checks on the form parameters.

These parameters are not required when posting to an external website.
Is there an easy way to remove them in this situation?

Regards,
Jan.


_______________________________________________
seaside mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside

Just thinking about this off the top of my head, are you sure this has
anything to do with Seaside?  

Form submits happen on the client, when you submit a form to anywhere, all
the inputs in the form and all the parameters in the current url will be
submitted to the target url.  I imagine the _s and _k are there because
they're in the URL, not because Seaside is doing anything funky or including
any hidden params.  I don't see any hidden params in my forms.

Ramon Leon
http://onsmalltalk.com

_______________________________________________
seaside mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside

Seaside does include _s and _k in its own forms, see attached.

-Boris

--
+1.604.689.0322
DeepCove Labs Ltd.
4th floor 595 Howe Street
Vancouver, Canada V6C 2T5
http://tinyurl.com/r7uw4

[hidden email]

CONFIDENTIALITY NOTICE

This email is intended only for the persons named in the message header.
Unless otherwise indicated, it contains information that is private and
confidential. If you have received it in error, please notify the sender
and delete the entire message including any attachments.

Thank you.
-----Original Message-----
From: [hidden email]
[mailto:[hidden email]] On Behalf Of Ramon
Leon
Sent: Friday, January 09, 2009 2:44 PM
To: 'Seaside - general discussion'
Subject: RE: [Seaside] post form to external website

Just thinking about this off the top of my head, are you sure this has
anything to do with Seaside?  

Form submits happen on the client, when you submit a form to anywhere,
all the inputs in the form and all the parameters in the current url
will be submitted to the target url.  I imagine the _s and _k are there
because they're in the URL, not because Seaside is doing anything funky
or including any hidden params.  I don't see any hidden params in my
forms.

Ramon Leon
http://onsmalltalk.com

_______________________________________________
seaside mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside

_______________________________________________
seaside mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside

Ah, I didn't dig down into the div, assumed that was some of my layout.
Shouldn't be too difficult to pop a little JavaScript into the onsubmit and
just delete those fields before the post though (for a quick fix).

Ramon Leon
http://onsmalltalk.com

_______________________________________________
seaside mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside

... which, of course, won't work for browsers that have JS disabled :)
I've used the provided extension successfully in the past and I seem to
recall Lukas agreed that some form of it should be part of base
rendering API for just these types of cases.

-Boris

--
+1.604.689.0322
DeepCove Labs Ltd.
4th floor 595 Howe Street
Vancouver, Canada V6C 2T5
http://tinyurl.com/r7uw4

[hidden email]

CONFIDENTIALITY NOTICE

This email is intended only for the persons named in the message header.
Unless otherwise indicated, it contains information that is private and
confidential. If you have received it in error, please notify the sender
and delete the entire message including any attachments.

Thank you.
-----Original Message-----
From: [hidden email]
[mailto:[hidden email]] On Behalf Of Ramon
Leon
Sent: Friday, January 09, 2009 3:00 PM
To: 'Seaside - general discussion'
Subject: RE: [Seaside] post form to external website

> -----Original Message-----
> From: [hidden email]
> [mailto:[hidden email]] On Behalf Of Boris

> Popov
> Sent: Friday, January 09, 2009 3:49 PM
> To: Seaside - general discussion
> Subject: RE: [Seaside] post form to external website
>
> Seaside does include _s and _k in its own forms, see attached.
>
> -Boris

Ah, I didn't dig down into the div, assumed that was some of my layout.
Shouldn't be too difficult to pop a little JavaScript into the onsubmit
and just delete those fields before the post though (for a quick fix).

Ramon Leon
http://onsmalltalk.com

_______________________________________________
seaside mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside
_______________________________________________
seaside mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside

> ... which, of course, won't work for browsers that have JS disabled :)
> I've used the provided extension successfully in the past and
> I seem to
> recall Lukas agreed that some form of it should be part of base
> rendering API for just these types of cases.
>
> -Boris

True that, though I'm not very sympathetic to those who intentionally break
their browsers by disabling JS.  I rate them just under IE6 users.

Ramon Leon
http://onsmalltalk.com

_______________________________________________
seaside mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside

Hehe, and here I am, still trying my best to support em ;)

(aHtmlRoot if)
        lessThan;
        orEqual;
        ie6;
        do:
                [(aHtmlRoot stylesheet)
                        url: PaymentPageLibrary / 'css' /
'quarantine.css';
                        addAll].
(aHtmlRoot if)
        lessThan;
        orEqual;
        ie7;
        do:
                [(aHtmlRoot stylesheet)
                        url: PaymentPageLibrary / 'css' /
'quarantine-ie7.css';
                        addAll].


-Boris

--
+1.604.689.0322
DeepCove Labs Ltd.
4th floor 595 Howe Street
Vancouver, Canada V6C 2T5
http://tinyurl.com/r7uw4

[hidden email]

CONFIDENTIALITY NOTICE

This email is intended only for the persons named in the message header.
Unless otherwise indicated, it contains information that is private and
confidential. If you have received it in error, please notify the sender
and delete the entire message including any attachments.

Thank you.
-----Original Message-----
From: [hidden email]
[mailto:[hidden email]] On Behalf Of Ramon
Leon
Sent: Friday, January 09, 2009 3:19 PM
To: 'Seaside - general discussion'
Subject: RE: [Seaside] post form to external website

> ... which, of course, won't work for browsers that have JS disabled :)

> I've used the provided extension successfully in the past and I seem
> to recall Lukas agreed that some form of it should be part of base
> rendering API for just these types of cases.
>
> -Boris

True that, though I'm not very sympathetic to those who intentionally
break their browsers by disabling JS.  I rate them just under IE6 users.

Ramon Leon
http://onsmalltalk.com

_______________________________________________
seaside mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside
_______________________________________________
seaside mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside

2009/1/9, Boris Popov <[hidden email]>:
> I submitted this as an improvement request a while ago and it (or some
> variant) might already be in latest Seaside 2.9?

Indeed:
http://code.google.com/p/seaside/issues/detail?id=86

Cheers
Philippe
_______________________________________________
seaside mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside

Hello all,

Yes, using the basicForm instead of the regular form fixed the problem. Thank you very much!

Jan.
http://doit.st



_______________________________________________
seaside mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside