Monday, 25 May 2015

APEX iFrame Security setting

At some point during APEX development you may find yourself putting an Oracle APEX page within an iFrame.
<iframe src="//myserver.com.au/ords/f?p=SAGE:1023:&SESSION."></iframe>

Just recently I did just that and came across an error I expected to see, but a little curious as to how it presented itself.

Refused to display '//myserver.com.au/ords/f?p=SAGE:1023:30559832045078' in a frame because it set 'X-Frame-Options' to 'DENY'.

Googling the last half of the message returns some interesting discussions on how this works from a web technology perspective
http://stackoverflow.com/questions/27358966/how-to-set-x-frame-options-on-iframe

The idea is that it can protect from clickjacking behaviours. APEX manipulates browser settings through an application security attribute "Embed in Frames". Allowing from same origin is deferring trust to the hosting server.


You might need to adjust this for scenarios such as

  • modal dialog plugins
  • embedding an apex page as a region within another page 
  • attempting multiple IR per page prior to APEX 5
  • APEX page embedded within a Portal

Dan McGhan explains the properties in more depth:
http://www.danielmcghan.us/2011/08/new-browser-security-attributes-in-apex.html

Current APEX 5 documentation:
http://docs.oracle.com/cd/E59726_01/doc.50/e39147/bldr_attr.htm#HTMDB29922
though I'm pretty sure the setting was introduced in 4.1.

Scott

Wednesday, 20 May 2015

Kscope15 Presentations of Interest

Kscope15 is insanely close and I'm very excited to be making the journey this year.

A few months ago I made a list of presentations that piqued my interest to try encourage a business colleague to come along. Maybe this list will encourage someone to join what I understand to be the world's best conference for APEX developers.

The APEX topics listed in full here
http://kscope15.com/component/seminar/seminarslist?Itemid=57&topicsid=2
The links below go directly to the author, but they have direct anchor links underneath to the abstract on this page.

Node.js – database to send events to browser. Sounds great for interactive UI and becoming popular fast. Not the only presentation on this topic.
http://kscope15.com/component/seminar/presenterlist?last_id=37

These guys to APEX security for a living, I want to make sure I’m right up to speed
http://kscope15.com/component/seminar/presenterlist?last_id=41

Jasper reports sounds like a potential longer term replacement for Oracle reports. Penny has other suggestions.
D3 is also a cool charting framework like the one I’m using for the display timeline
http://kscope15.com/component/seminar/presenterlist?last_id=20

Interactive reports (IR) have been rebuilt from ground up, including a pivot feature. There are a few presentations on IR
http://kscope15.com/component/seminar/presenterlist?last_id=36

While I might not build a “single page application”, I think some things mentioned here will be worth considering for those beasty pages
http://kscope15.com/component/seminar/presenterlist?last_id=26

I’d like to find hidden nuggets in the pre-built packaged applications, too
http://kscope15.com/component/seminar/presenterlist?last_id=45

A level of CSS I have no idea about.
He’s also the hybrid app expert (apex in cordova)
http://kscope15.com/component/seminar/presenterlist?last_id=33

Apparently “web components” are the next big thing. Less re-inventing the wheel.
He’s also got an interesting one on using node.js to print to ms office
http://kscope15.com/component/seminar/presenterlist?last_id=28

The title says it all – common RWD issues and how to fix them. I wonder how many are fixed with APEX5.
http://kscope15.com/component/seminar/presenterlist?last_id=31
That being said, re-theming existing applications might be hard work that can be replaced with some more basic updates.

JavaScript in tabular forms. While tab forms are typically avoided, I have learnt a lot from this guy and hope to learn more.
http://kscope15.com/component/seminar/presenterlist?last_id=48

Worst practices – the clear competition for my presentation ;p
http://kscope15.com/component/seminar/presenterlist?last_id=29

Template options – using the new theme well. Will change the way templates are used.
http://kscope15.com/component/seminar/presenterlist?last_id=32

Challenges when going mobile – can’t not go.
http://kscope15.com/component/seminar/presenterlist?last_id=19

JSON – I’ve been using it a lot for these pretty timeline reports and charts. Better techniques available.
http://kscope15.com/component/seminar/presenterlist?last_id=34

This fella could be worth a go.
http://kscope15.com/component/seminar/presenterlist?last_id=22

APEX is not the only track, here are some from the middleware bunch that might still be interesting.

Oracle forms migration, these guys do heaps of webinars
http://kscope15.com/component/seminar/presenterlist?last_id=17

MAF is Oracle’s new mobile toy and this might be worth a go – offline mode APEX apps?
http://kscope15.com/component/seminar/presenterlist?last_id=14

Mobile first
http://kscope15.com/component/seminar/presenterlist?last_id=11

UI best practices with Alta. Fusion app specific but Alta may venture to APEX in future. Concepts still apply.
http://kscope15.com/component/seminar/presenterlist?last_id=4

And then some database specific stuff. Many talk about 12c, which would be awesome to have here to help with data migration to test/dev! I updated our course notes for 12c over the festive season and there are a few developer features I’d love to have now ;p

PL/SQL for the 12st century – this guy is the PL/SQL guy.
http://kscope15.com/component/seminar/presenterlist?last_id=79

UX is not UI – could be worth fitting in
http://kscope15.com/component/seminar/presenterlist?last_id=6

JSON in 12c and JS based web apps from an evangelist.
http://kscope15.com/component/seminar/presenterlist?last_id=77

Oracle REST – I need to get my head around the tech capabilities this from this guy.
http://kscope15.com/component/seminar/presenterlist?last_id=100

Tuning with SQL Developer – why not?
http://kscope15.com/component/seminar/presenterlist?last_id=91

Pattern matching. Esoteric, but I’ll fit it in if I can.
http://kscope15.com/component/seminar/presenterlist?last_id=81

You can enrol up to the last minute
http://kscope15.com/registration

Scheduling may be difficult...

APEX 5 alternative to gReport.data.view('DETAIL')

I'm sure we've all done it at some point or another, used some "feature" in the database you're probably not meant to.

Interactive reports still have a few misgivings prior to APEX 5 so some tried to utilise gReport object, since it was available in the generated page but undocumented - which in Oracle speak means that they're more than entitled to change behaviour in future without telling or supporting you.

I understand htmldb_Get put developers in a similar situation, but apex.server.process became a brilliant alternative.

APEX product manager Joel Kallman goes into a discussion on IR changes APEX 5 here, but what I was interested in was an alternative to
gReport.data.view('DETAIL');

This enabled the detail view of an IR to be utilised without the need for the search bar to be displayed.

I have an example of a detail IR in my plugin workshop application. I discovered my solution no longer worked in the APEX 5 deployment around the time this was posted on the forum.
https://community.oracle.com/thread/3716074

JavaScript guru Tom Petrus suggested to simply simulate the row click. The following code goes a step further and hides the search bar since it needs to be defined at design time as shown. I added p10_plugins as the static region ID of the IR region, then added this to execute on page load:

$('#p10_plugins_toolbar').hide();
$('#p10_plugins button.a-IRR-button--views[data-view=details]').click();
Amazing what jQuery can do, though it does mean the browser has more work to do after rendering the page.

I've discovered a better alternative since using the IR detail view. Named column row templates also offer conditional templates for different row types.

Thursday, 14 May 2015

AUSOUG: Perth Seminar May 28

Attention Perth Oracle technologists.

I'll be giving a dry run of my Kscope talk to the user group in Perth on May 28th, which happens to be the deadline for us to submit copies of our sessions to ODTUG.

So if you're in Perth, have any form of interest in APEX - come by the Oracle offices in near Kings Park by 8am, or come a bit earlier for a feed.

Evidence-Based APEX: Building Better Practices

Register here
http://www.ausoug.org.au/cms/rest/event/2125

Wednesday, 29 April 2015

Customising APEX 5 Open Door Credentials

The polish that comes with APEX 5 also extends to the generic login screen used for the Open Door Credentials authentication scheme.

This scheme is great for testing. It allows you to log into the application by supplying just a username, as if you logged in normally - saving on user management in test servers.

The login screen used isn't page 101, but a generic page generated via wwv_flow_custom_auth_std.login_page. Prior to APEX 5 the page looked rather ugly.

APEX 4 Open Door login


As with many other aspects, the page now looks much tidier in APEX 5.
APEX 5 Open Door login

I think this upgrade can also encourage a little sprucing up with some script that can be applied via the authentication screen Help Text, in the same manner as the workspace login can be customised.
Authentication Scheme settings

$('h1.a-Wizard-title').text('Open Door Credentials, great for testing')

Actual help content could also be supplied, so the login screen could be adjusted to suit your needs.
Customised APEX 5 Open Door login
Runtime example here.

Amazing what a little jQuery can do.

Tuesday, 21 April 2015

The Oracle APEX Talkshow

apex.press/talkshow
Not only has Juergen been adding style, pride and awareness to laptops worldwide, he's also launched a podcast.

I love podcasts. I listen to a few good science shows every week and I've been looking for some decent software related shows, and this one hits the subject matter right on the head.

Juergen states he hopes to interview many developers from the APEX team, offering perhaps a recording per month. Not limiting to the APEX team (or the product), he says
I'm happy to interview everybody who has a story to tell about APEX
So head to apex.press/talkshow and put this on your audio feed. I listened to it in the car to & from work last week. It's an hour of an interesting interview with APEX brainchild Mike Hichwa describing such things as the origins of Oracle Application Express.

You may think "oh yeah, heard it all before", but I think there are some great insights to learn from how APEX has arrived in this position and what it means for it's future.

I think a telling point was near the end of the interview where Mike points out the big difference between the Oracle Forms and Oracle APEX development teams - the latter use the product day-to-day and have a vested interest in driving it in the right direction. As a former Forms developer, I can appreciate how valuable the packaged applications are to the broader community, whether you use them or not. 

I often wonder how important the chicken/egg paradox of the APEX builder is to it's long term survival. I think it provides a productive, long future, with a great relationship to the database.

See? It'll get you thinking ;p

Monday, 20 April 2015

apeks sticker, check.

There are some stickers are out there causing quite the sensation in the Oracle APEX Twitter community. Check it out and join the conversation.

A couple of weeks ago I received my sticker from the master dealer, Juergen, so I thought I'd share my pimped up laptop, complete with sticker friend.

Pimp my laptop
Fun fact: the photo was taken on the same grass that formed my blog's title image.

And now I also learn that Juergen as started an APEX podcast!  Kudos to you, sir!