Get ready for the new SameSite and Secure attributes for cookies
Cookies’ abilities have grown and evolved over the years, but they have left some legacy issues. To handle this, browsers (including Safari, Chrome, Firefox, and Edge) are changing their behavior regarding the SameSite and Secure attributes for a secure-by-default model for cookies.
As a 4D web developer, you may be concerned about the 4D web sessions session cookie if you want to prevent your application from Cross-site request forgery.
To prevent your web session cookie from circulating on the web pointlessly or being misunderstood by browsers because of a default value applied, you should ask if it is:
- a third-party cookie: associated with a domain name different from that of the page where the cookie is encountered. A third-party cookie is placed by a page object (e.g. an ad) originating from a domain other than the one hosting the page
or
- a first-party cookie: associated with the domain of the page
Depending on your use case, you should choose the appropriate value for the SameSite attribute of your web session cookie.
To reinforce security, the Secure attribute must be set for the web session cookie when the connection is secured (HTTPS) to indicate to the browser that the cookie can be sent safely.
Keep reading to learn how 4D has your back to improve privacy and security across the web.
ORDA: Easy looping with a new 4D tag
You have probably already used a For each…End for each loop to work with ORDA entity selections or with collections. Its use is simple and straight forward. Would like to use it as a 4D tag in your SHTML pages? Or perhaps with the PROCESS 4D TAGS command?
As of 4D v19, you can! Keep reading to learn more.
4D Data Explorer in Action
Even though the 4D Data Explorer is still in Preview version (there are certainly more features to come in the next versions), we thought we’d show you the product in action and let you discover its capabilities.
This is a web browser interface usable by the administrator as well as the developer, remotely (in a secure way with an HTTPS connection) or locally on the same machine as your opened database.
Need to check your data during development? Need to find data that could cause bugs? The Data Explorer, with its powerful query engine and intuitive web interface, is made for you!
Let’s watch the video:
Support of Cross-Origin Resource Sharing (CORS)
Have you ever created an HTTP data request only to get hit by a red “access to HTML request has been blocked by cors policy” error?
When your site is on the same domain as the web service server, there’s no problem. However, this isn’t the case when performing a cross-origin request. Access is denied due to browser security preventing HTTP requests to another domain. The result? A CORS policy error.
To help you explicitly allow certain cross-origin requests on your server, 4D now supports the CORS protocol. Accessing data with cross-origin requests just became easier!
Use an offscreen web area
Do you need to load web pages, extract metadata, or generate pictures from the contents of pages on a headless server? If you answered “yes”, then you’re in luck because 4D v18 R3 makes it possible! Now you can create an offscreen web area with the WA Run offscreen area command.
Multiple web servers in a single 4D instance
Have you ever needed to use multiple web servers in order to, for example, split your web application code into several business units, or separate the administrator’s web server from the user’s or run an old part, not preemptive-ready yet, in a separate instance, allowing the main part to run preemptive?
If you’re nodding your head yes, then keep reading because 4D v18 R3 allows you to do so … with ease.
A better understanding of 4D REST sessions
In a previous blog post, we showed you how to get started with the 4D REST server. We walked you through different CRUD operations using Postman and pointed you to the full REST documentation. In this blog post, We’ll explain how sessions work in 4D. This understanding will ensure that you’ll be able to build a session-based authentication system using the 4D REST server.
Web Scraping using object notation
Want to retrieve data that isn’t available via REST or Web Services? What if it’s only available on a website? The data is easy enough for a human to read, but reading HTML data with a programming language isn’t so simple. Some developers try to use Position and Substring, others try Regex, but it’s unpleasant and time-consuming. A very different approach is to convert the HTML into an object and get the data via object notation. Table rows are handled as collections and are easy to loop through!
This blog post describes how to use this approach and provides some handy tips.
Test the powerful 4D REST server with Postman
4D provides a powerful REST server, that enables direct access to data stored in your 4D databases. This makes it possible, for example, to build an API to use with a modern front end technology (e.g., Angular, React, etc). In this blog post, we’ll provide a first introduction to the 4D robust REST server. You’ll see how to configure it as well as test the create, retrieve, update, and delete (CRUD) operations using the API testing tool, Postman.
More information about web processes
You asked for more information about web processes to better identify requests that might be slowing down or blocking your server. We heard you and in 4D v17 R5, we’ve added information about the URL used by web processes. This information can be retrieved two ways: via the 4D Server Administration Window or via the 4D language with the Get process activity command.
Contact us
Got a question, suggestion or just want to get in touch with the 4D bloggers? Drop us a line!
* Your privacy is very important to us. Please click here to view our Policy