Comments (13)
This is curious - did you clear you cache?
from forge-rcdb.nodejs.
If I have the model urn of another user, can I view his models? isn't it a security issue?
The Cache is disabled
from forge-rcdb.nodejs.
Since you are on forge-rcdb live, I believe you did not login using your account/credentials, and you get this error. But this error has nothing to do with the model you are currently viewing. This model is public, and does not require login, hence you can see it.
from forge-rcdb.nodejs.
If I log in the first error dissapear but the second is related to the viewer
from forge-rcdb.nodejs.
can you copy me the url you are using when you see this error?
from forge-rcdb.nodejs.
https://forge-rcdb.autodesk.io/database?id=583ec7efebfb320e3cef26a5
from forge-rcdb.nodejs.
ok, this is what I said above this model is public, so there is no need of a token. Actually the code obfuscate the real token itself being a proxy. On your debugger console, enter the following line of code:
NOP_VIEWER.model.myData.basePath
note the syntax of the URL -> lmv-proxy-2legged
When doing this, the token will be added by the RCDB server to any HTTP request coming from the Viewer - this is a security measure to prevent someone from using the real token to access any information other than the one we allow.
from forge-rcdb.nodejs.
Sorry if this is out of the issue. but how do you make a model private?
from forge-rcdb.nodejs.
Few precisions to add to what Cyrille mentioned above. The 404 /api/forge/user error is just expected if you are not logged in. In that case there is no user so the backend returns a 404, some demos require access to your A360 models to work so you will get prompted to log in, the models on the home page are not linked to a specific account, so you can view them without login.
The second error is displayed by the viewer and is due to some error message that doesn't take in consideration that a proxy can be used and hence the viewer is not seeing a token. It is a bit ironical that such message gets displayed as using a proxy should be the recommended approach as it is considered more secure and flexible than providing endpoint with token. Securing your Forge Viewer token behind a proxy.
You can just go ahead and do not worry about those errors.
from forge-rcdb.nodejs.
To make a model private you make the page that displays it private.
from forge-rcdb.nodejs.
Yes, but if you make the page private but someone knows the urn of your model, he will be able to access your model through his viewer, isn't it?
from forge-rcdb.nodejs.
Yes as long as he has access to a valid access token with viewable scope, which can be exposed by an endpoint of your app. To prevent that you can use a proxy as mentioned above and enforce that kind of permission at the proxy level, typically you can add any extra custom logic in the proxy that could check if currently logged user is allowed to view the model pointed by requested URN.
from forge-rcdb.nodejs.
Thank you for the explanations, i hadn't notice about the proxy, now it makes sense
from forge-rcdb.nodejs.
Related Issues (20)
- about login
- MongoDB Files have invalid JSON HOT 1
- Forge Viewer 7.73, selected objects are not highlighted and selection event does not deliver the selected object id
- Demo internal server error
- Issue to load model.
- Error when building the project HOT 1
- Forge Tutorial help needed, unexpected error 'The value -1 is outside the acceptable range of [0,2147483647], parameter name: value'
- PointCloudMarkup not working in Google chrome. HOT 1
- mplementing the forge-rcdb.nodejs —> Viewing.Extension.IoT in main script HOT 1
- Why are model files missing? How to solve this problem? HOT 1
- question about mongobd and Promise Promise when start HOT 3
- [Question] Should this work on mobile devices? HOT 2
- The source links from the "gallery" page are broken HOT 3
- Live demo does not work HOT 2
- Help in Setup?
- Markup2D demo not restoring markups properly
- Cannot import json files into mongodb (Autodesk-Forge/forge-rcdb.nodejs) HOT 2
- Errors when running npm run dev HOT 3
- Implement promise cancellation
- markup editor issues
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from forge-rcdb.nodejs.