Cali Kid Corals

Browser based Apex Dashboard

FYI - before making ReefTiles an iPad app I tried to do it as a browser based project too. I kept running into CSRF problems.... which now makes your previous question make more sense (sorry, I blanked).

How did you get by that?

Here's my timeline:
  • Tried it as an in browser SPA using JS - couldn't get past CSRF
  • "solved" the CSRF by ignoring it and using an nginx proxy to hit the apex. The browser hit the proxy & it worked fine. I realized non-nerds wouldn't ever do this and bailed on it as it essentially requires an always on server at home which most don't have
  • settled on an iOS app b/c it didn't have the CSRF issues and I'd never done and iPad/Swift app and thought it would be fun (all previous projects we're iPhone/Obj-C)
But I agree that a 100% browser based solution is the way to go!
 
One last bit - you can actually hit apex fusion.com & make it a hosted solution but you'd need people to share their auth-tokens/cookies which is a bit of a hurdle. plus you'd risk getting banned from hitting fusion
 
FYI - before making ReefTiles an iPad app I tried to do it as a browser based project too. I kept running into CSRF problems.... which now makes your previous question make more sense (sorry, I blanked).

How did you get by that?

Here's my timeline:
  • Tried it as an in browser SPA using JS - couldn't get past CSRF
  • "solved" the CSRF by ignoring it and using an nginx proxy to hit the apex. The browser hit the proxy & it worked fine. I realized non-nerds wouldn't ever do this and bailed on it as it essentially requires an always on server at home which most don't have
  • settled on an iOS app b/c it didn't have the CSRF issues and I'd never done and iPad/Swift app and thought it would be fun (all previous projects we're iPhone/Obj-C)
But I agree that a 100% browser based solution is the way to go!
Phew! I thought I was doing something wrong :)
I am planning on using AWS/ECS to serve the webpage and parsing scripts.
The plan is to use the apexfusion link (https://apexfusion.com/apex/<<apex id>>).

Why do you think that would risk banning from hitting fusion?
 
Phew! I thought I was doing something wrong :)
I am planning on using AWS/ECS to serve the webpage and parsing scripts.
The plan is to use the apexfusion link (https://apexfusion.com/apex/<<apex id>>).

Why do you think that would risk banning from hitting fusion?
I mean - if you have a bunch of users (X) and poll 1-2 times (Y)/ minute you're generating X * Y hits per /minute from the same IP. If it gets flagged (even by an automated system) its a pretty easy ban target.

Plus - how are you hitting apexfusion.com? only way I figured it out was by using the XHR endpoints like https://apexfusion.com/api/apex/61a46654e61b98164035c0e8/status?_=1640040556427 but that'll get you a 401 unless you have the connect.sid cookie

ie:
~ % curl --cookie "connect.sid=xxxxxxx" "https://apexfusion.com/api/apex/61a46654e61b98164035c0e8/status?_=1640040556427"
 
Hey guys - sorry to bring back an old thread from the dead, but I've recently finished my own custom dashboard for Apex, and while it IS working, I am wondering if any of you have been able to solve the issues with connect.sid cookies refreshing. As of now, I basically just login to the local instance of Apex, use the browser dev tools to inspect the cookie, and then copy/paste that into my REST config whenever data stops coming through - but I don't know how often I'm going to need to do that, and I am wondering if there is a better way...
Screenshot 2024-11-16 at 9.53.26 AM.png
 
Back
Top