Posts tagged with speak-like-a-brazilian

TupiLabs Report: 07 Apr, 13 Apr

Apr 14, 2013 in jenkins, jenkins-plugin, jenkins-testlink, pagination, speak-like-a-brazilian, testlink, testlink-java-api, wp-pagenavi | news

Here’s the list of the cool things that happened at TupiLabs since last Sunday.

We are working for you

Have a great week!

TupiLabs Report: 17 Mar, 23 Mar

Mar 25, 2013 in functional-programming, jenkins, paskuale, reddit, speak-like-a-brazilian | news

Here’s the list of the cool things that happened at TupiLabs since last Sunday.

  • Fixed minor issues at Speak Like A Brazilian, and started code review to prepare an Open Source version.
  • Started creating our Puppet and Graphite+LogStash set up to control some of our Linux boxes
  • Over 140 users at r/functionalprogramming, awesome!
  • Got the response of our first comic strip registry in Brazil! Stay tuned :-)
  • Lots of contacts for the promotion of Speak Like A Brazilian
  • Rebooted our Linode servers in order to use the 8 CPU’s (thanks Linode!)
  • First conversations about Jenkins User Meetup 2013 in Brazil
  • 75% of the work on Paskuale‘s backend has been completed.

We are working for you

Have a great week!

TupiLabs Report: 10 Mar, 16 Mar

Mar 17, 2013 in banco-de-talentos, big-data, biouno, codeigniter, data-management, dmc-latam, garagem-vaga, open-source, php, portal-do-software-publico, prospect, prototype, speak-like-a-brazilian, tap, tap-plug-in | news

Here’s the list of the cool things that happened at TupiLabs since last Sunday.

We are working for you

Have a great week and Happy St. Patrick’s Day!! :D

Fixing "XMLHttpRequest Origin is not allowed by Access-Control-Allow-Origin" in PHP and CodeIgniter

Mar 16, 2013 in blog, csrf, javascript, php, speak-like-a-brazilian | blog

Since it has been released, Speak Like A Brazilian had a bug when users voted, but had accessed the site via speaklikeabrazilian.com, and not www.speaklikeabrazilian.com (the latter is the base_url in application/config/config.php).

Looking at the developer console in Chrome, you could see that XMLHttpRequest was having trouble by, what looked in principle, like a security bug. Maybe a cross-domain issue.

After searching the Internet, we’ve found what was causing this issue. Unfortunately I lost the link, but in a StackOverFlow discussion, one user said it had something to do with the CSRF check.

A quick test, where we disabled the CSRF token verification, showed that he was right. But we couldn’t simply disable CSRF everywhere. So if you are facing similar issue, here’s the trick: Create a hook that disables CSRF verification only for a certain URL.

It’s not a very nice approach, but as in Speak Like A Brazilian the votes are linked by IP, there’s no need to keep the CSRF token. Here’s the solution that worked for us.

<?php if (!defined('BASEPATH')) exit('No direct script access allowed');

/**
* Security Class
*
* @package hooks
* @description Disables CSRF token for certain pages.
*/

class DisableCSRF
{

function disable_if_callback()
{
if(stripos($_SERVER["REQUEST_URI"],'/rating/expression') !== FALSE)
{
$CFG =& load_class('Config', 'core');
$CFG->set_item('csrf_protection', FALSE);
}
}

}

And as a side note, we are still in honey moon with CodeIgniter. We have just finished another project with it, and so far we haven’t been let down by this amazing framework. Hope it helps you, in case you have similar error.

Happy St. Patricks Day! And happy coding!