I would like to know if there is a way to password protect web pages developed with simple HTML/ javascript.
I am hosting the web page on netlify and I have also tried hosting on Firebase and it is working from both ends but I do not want anyone with a link to be able to view and use the website.
Thanks for your help in advance.
I don't think there's a way to do this with Firebase, but Netlify does allows for site-wide passwords (with the caveat that you have to pay for their Pro service, as per their pricing page). If this is truly important enough that you need to password protect your pages, it's probably worth it.
Related
I am developing an HTML webpage using Firebase, my working tree is:
css: folder with CSS style files
js: folder with Javascript files
login.html: logging in page
signup.html: signing up page
app.html: main application page
I would like to restrict the app.html access only for logged users. I have implemented in Javascript some scripts to authenticate users via email and password using the login.html and signup.html pages. For the project, I use the hosting tool that offers Firebase. However, I'm not sure whether I need to apply this capability with the hosting tools or the real time database or other. Maybe the solution is to upload my web as a real time database resource and then, control the access to some paths modifying the database.rules.json file, but I don't know how to implement it.
Thanks for your help :)
All content on Firebase Hosting is publicly available. There is no way to restrict access to your HTML or JavaScript or any of the other resources you host on Firebase Hosting.
Also see:
Can Firebase hosting restrict access to resources?
As one of the answers there says, you can control access with Cloud Functions, but at that point it's not a static resource anymore.
It's pretty common indeed to leave the resources on Hosting unprotected, and then restrict access to the data that you show in the page, which may be loaded from one of Firebase's databases. In that case you can control access to the data with the security rules, which are fully documented here. If you're using Firestore, there's also a codelab making it easier to get started.
I want to display the number of times a video has been viewed using the core reporting API via Javascript. However, the API is designed with OAuth, for building applications and not just logging into my account to get the event count.
Is there a way to login for just my account via Javascript?
Thanks,
Matthew.
I think what you are looking for is a Service account. To my knowledge you cant use a Service account with JavaScript due to security issues with the key file.
What you could try and do is to authenticate the script once using normal Oauth2 then save the refresh token to the file and hard code that into your script and send that. But I wouldn't recommend it as then anyone that checks your script will also be able to access it. So basically you have the same security issues you had with using a Service account.
As you can see doing what you are trying to do with JavaScript isn't really going to work. As you can see this is something I have also tried unsuccessfully in the past to do. I recommend you try and do this with some kind of server sided scripting language, like PHP.
We are providing Chat support for the online visitors and tracking their sales (tracking the sales happened through our support only) for our clients, who are having their online stores.
We have to add a javascript code in their store. But the clients are not willing to provide their FTP credentials.
So is there any alternate way to make this work?
Most of the clients are asking for a single click installation at once they register in our website. Is there any way to automate this?
Even if we assume, most of their stores are in,
Shopify
Bigcommerce
Magento
Virtue Mart
Is there any way for creating a module in the above mentioned platforms?
Just let me know all of your ideas and suggestions.
Thanks in advance.
I think it is not a good idea for someone to give you their FTP credentials. I suggest you provide them with a JavaScript code(with an App Key) that they can put in their website by them selves.
Do as Google analytics, Facebook etc do. They give you a script that links to their statistics tool.
I have a 'little' problem.
I am working on a project for school in Ruby on Rails: a platform where people can share things with eachother. I recently started working on widgets which people can place on their website.
In the widget you see this 'thing' and how much it is shared. But now when someone loads the widget I want to check if he is logged in on my website and then show him which friends of him/her also shared that thing. I've Been thinking and trying a few hours now but haven't figured something out yet.
I have tried to use the Facebook SDK but could not get it to work because this is domain limited. Altough Facebook would not have been the best option I think because then it is only available for people who have their Facebook account linked to their account on my website.
Probably I have to create something by my own. But I have no clue how to do it right now. I hope someone can point me in the right direction.
If A and b are on the same domain as a subdomains you can use cookies to store authentication token and in that case that will work.
If not, you can use OAuth for example http://en.wikipedia.org/wiki/OAuth.
Ruby has a bunch of gems to support that. Devise has OAuth integration as well as authlogic.
Twitter uses that widely.
Also there are CAS and WebAUTH those do quite the same.
You can list both domains (A and B) on application settings under Basic section in App Domain field. This will allow you to use Facebook JS-SDK on both sites with same application id.
You should understand that this will allow both sites to access personal info of your users and this should be done only if you have control on those sites since you are responsible for application who uses JS-SDK
I'm working on a web application where users will create accounts. Then clients will be about to have a section on their site for users to login with my sites login credentials. However... I don't want the clients site to be able to see or handle their login credentials. I am wanting to do cross domain authentication just like facebook connect does.
I have done research and it looks like I will need to create a javascript library that users will need to add into their site. Inside that javascript file I will need to create an iframe that will connect to my main site. From there a cookie will need to be placed then checked.
Does anyone know of well written tutorials on how to do this or could you explain in detail on what all will need to be done?
EDIT:
How would the storing and reading of cookies work. Anyone have examples?
The simplest way would be a plain iframe. Twitter does it a lot. If your have to communicate with the parent site for some reason, try building an API with the postMessage function.