Rally Software

Expand all | Collapse all

Do Current Cross Site Scripting Precautions Prevent CA Agile Central Developers from Developing Externally?

Jump to Best Answer
  • 1.  Do Current Cross Site Scripting Precautions Prevent CA Agile Central Developers from Developing Externally?

    Posted 09-15-2017 02:14 PM

    When I tried to develop externally per the published guide in the CA Agile SDK documentation, I encountered a security error.  When I asked about the error a very helpful CA Agile Central engineer pointed out the problem of going from the local HTTP server spawned by the Rally-App-Builder run command to the secured CA Agile SDK 2.1 Web Services API.

     

    He strongly recommended that I not override the security settings to get past that problem.

     

    So, my obvious next question is how do developers at CA Agile Central develop externally since the guide leads us into the problem, above?

     

    Thanks, to the savvy engineer who was gracious to intervene and help me with the security issue.  Thanks, in advance, to anyone who can respond to this related question or send me pointers to already-documented solutions.

     

    I would also be OK with "We can't develop externally anymore."

     

    Thanks!

     

    Mike

     

    PS - I know one can do headless external testing with PhantomJS and Jasmine.  Great stuff, btw.  I'm simply asking about the rapid, iterative code-test cycles from an external context as Dave Thomas demonstrates in his tutorial videos and as the guide showed.



  • 2.  Re: Do Current Cross Site Scripting Precautions Prevent CA Agile Central Developers from Developing Externally?

    Posted 09-19-2017 09:01 AM

    Michael,

     

    I believe that this may be the case these days.  As those tutorials are a bit dated, the times have changed...

     

    I have not tested it, but I know Dave also did development using Cloud 9 io.  I wonder if things would still work in that environment.

     

    Michael



  • 3.  Re: Do Current Cross Site Scripting Precautions Prevent CA Agile Central Developers from Developing Externally?
    Best Answer

    Posted 09-19-2017 10:24 AM

    miguelfuerte,

     

    I just ran through testing the App Builder and running it using the http://localhost:1337/App-debug.html address.  I followed the steps from here Agile Central App SDK 2.1 Docs and then logged into Agile Central in a browser and then ran the app.  I was successful accessing the Story Board:

     

    Story Board App

     

    There may be something else going on for you.  I tested on a Mac using Safari, Firefox, Chrome and Opera and didn't alter any settings.

     

    If you can attach your code or one of us will take a look at it to see if we can spot anything.  You can attach a file by clicking on the 'User advanced editor' link in the upper right corner.

     

    Hopefully we can get you sorted.

     

    Michael



  • 4.  Re: Do Current Cross Site Scripting Precautions Prevent CA Agile Central Developers from Developing Externally?

    Posted 09-19-2017 12:15 PM

    Michael, my apologies to you, seandavis, and malch12.  As I documented, though the problem was real, the code I tried today is not running into that problem.

     

    (Blush)

     

    Please, disregard, and sorry you went through that gauntlet for me.