KNOWLEDGE BASE
Log In    |    Knowledge Base    |    4D Home
Tech Tip: Why and how to avoid using 4D URLs and Form Actions keywords
PRODUCT: 4D | VERSION: 13.x | PLATFORM: Mac & Win
Published On: January 7, 2016

Want to remove the tell-tell signs that 4D is operating as the Web Server? If so, it is imperative to not use any of the 4D URLs and Form Actions keywords (4DACTION and 4DCGI) that will be sent as part of the URL back to the server or in the HTML or Javascript that can be viewed in a web browser.

4DACTION is meant to link an HTML object (text, button...) to a 4D project method. 4DCGI is meant to call the On Web Connection Database Method by sending the URL “as is” to $1.

<A HREF="/4DACTION/MyMethod/Param"> Do Something</A>
or
<A HREF="/4DCGI/MyMethod/Param"> Do Something<A>

There are easy alternatives to using the 4DACTION and 4DCGI keywords. The key is implementing the alternatives is to be aware of how 4D Web Server determines how to process a call from a web browser.

If a call to web server contains the name of an HTML or SHTML file found in the default web folder, that file is served and no hit to the On Web Connection method is made.

If the call to the web server does not contain the name of an HTML or SHTML file found in the default web folder the On Web Connection method is called and the URL is passed to the method in $1. So by changing the URL examples above to that shown below, the On Web Connection method is going to be called with $1 containing "/MyMethod/Param."

From here the URL can be handled in a case statement such as one shown below...

$URL_T:=$1
$Ndx:=Position("/";$URL_T;2)
If($Ndx>0)
    $Param_T:=Substring($URL_T;$Ndx)
end if

Case of
   : ($URL_T="/MyMethod") | ($URL_T="/MyMethod@")
      MyMethod($Param_T)

End case


This technique not only avoids revealing to snoopy eyes that 4D is acting as the web server, a side benefit is that no project methods are ever called directly from a web browser. They all go through one central dispatching method which also makes it simple for managing cookies, redirects, session variables, etc..