How to hide jsreport studio information from url



  • Hi sir,

    I'm using jsreport 3.3.0 Trial version but while rendering report using jsreport-browser-client we get a url like http://localhost:5488/reports/624dd34c8cf5c8a359261b62/content and studio can be access using url http://localhost:5488 .So my doubt how to hide studio information from report url because user can easily access studio informations like templates details from report url (http://localhost:5488/reports/624dd34c8cf5c8a359261b62/content) ,so they can able to delete already created templates of other report.

    So how to secure studio information from users?

    And our application is multi-tenant application so all tenants reports are stored in same studio .Can you please tell me how to solve these issue?



  • In case you use the browser client, you already expose URL and credentials of jsreport server to the client.
    What you should likely do is invoke report rendering from the server side.
    The client browser should call your server through your standard auth and your server should call jsreport.



  • Hi i have tried to render report from server side (node js ) ie,

    const client = require('@jsreport/nodejs-client')('http://localhost:5488');

    client.render(requestObj).then(async (response) => {
    let result= await (await response.body()).toString();
    }).catch((err) => {
    console.log('error.....', err);
    });

    Response from server side:-

    ]{
    "success": true,
    "dataObject": "Async rendering in progress. Use Location response header to check the current status. Check it <a href='http://localhost:5488/reports/624eadda935011c1881550db/status'>here</a>"
    }

    but here also i can access studio information from http://localhost:5488

    Which Package should i have to use to invoke report from server side(node js)?
    could you please show me one example?



  • Hi sir,
    I have tested to invoke report from server side but response will contain studio url
    ie,
    Async rendering in progress. Use Location response header to check the current status. Check it <a href='http://localhost:5488/reports/624eadda935011c1881550db/status'>here</a>

    So i tried to add authentication in jsreport configuration file and add Authorization in header to use jsreport API's .

    My doubt is ,
    How to add Authorization in header to render report in new tab?
    Actually we are rendering our report asynchronously and while call jsreport-browser-client it will give reponse like this,

    Async rendering in progress. Use Location response header to check the current status. Check it <a href='http://localhost:5488/reports/624eadda935011c1881550db/status'>here</a>

    And after that using afterrender hook we call window.open method and render report in new tab I'm using window.open to render report in new tab.And in that method it is not possible to add header
    window.open(reportUrl, "_blank");



  • but here also i can access studio information from http://localhost:5488
    Which Package should i have to use to invoke report from server side(node js)?
    could you please show me one example?

    This should be the right approach from the server side.
    On server, you typically know the jsreport credentials, so you do what you need to do and provide to your client just final report blobs.

    And after that using afterrender hook we call window.open method and render report in new tab I'm using window.open to render report in new tab.And in that method it is not possible to add header
    window.open(reportUrl, "_blank");

    You can't control headers when using window.open in javascript.
    What you can do is use javascript fetch function, to asynchronously download the content of the reportUrl with proper headers and display it. But this way, you expose the jsreport server credentials to your client.



  • ok sir



  • I don't know anything about your solution...
    But if your main question is "So how to secure studio information from users?". The answer is to render server-side and provide to your users just final report blobs.


Log in to reply
 

Looks like your connection to jsreport forum was lost, please wait while we try to reconnect.