I want to build my own analytic and I need to know from where the requests are coming from with only javaScrpt, I can't believe that the browser is not holding somewhere in window object a variable about from where the request came from. It looks like there is no information in the net or I am not asking the right question.
I hope somebody met this problem before and has a solution :) Thanks!
You can use document.referrer
Syntax
var referrer = document.referrer;
Value
The value is an empty string if the user navigated to the page directly (not through a link, but, for example, by using a bookmark). Because this property returns only a string, it doesn't give you document object model (DOM) access to the referring page.
Inside an <iframe>, the Document.referrer will initially be set to the same value as the href of the parent window's Window.location.
Related
For context what I am trying to achieve is for a web proxy injection script. I am trying to change the value of window.location and the other objects within that. I am doing this so when a script is being proxied and uses window.location.path, It would output /example instead of /proxy/websiteurl/example. When I try to use Object.defineProperty(window.location, 'href', {}) it doesn't work and says I am not allowed to do this in the console. I don't really have code to give but I would really loved if someone helped me out.
A way to change the location without redirecting is with history.pushState()
Note that when a user refreshes, it does redirect to that url unless you push state with the original pathname after you're done using the changed location.
console.log(window.location.href);
const oldLocation = window.location.pathname;
history.pushState(null, "a title", "/new-directory");
console.log(window.location.href);
// to reset
history.pushState(null, "a title 2", oldLocation);
console.log(window.location.href);
I think there is a set of data that needs to be security-consistent and this is one of them; usually anything having to do with domain, URL, anything that might deceive about contents' origin, you won't be able to change.
To put it more simply: due to security consideration, JS will never allow you to make a 100% transparent proxy. It's the very first thing it is supposed to not permit.
This having said, the inner content will need to have knowledge that it's being proxied in URL manipulation. If you don't own the inner part, it's very tough luck. If you do, you should parametrize its root url based on which any interaction is computed. So #CertainPerformance 's questions in the question comments are very well directed.
I have two ways to get to my chat.php page.
One way is via profile page link and the other is via the menu.
My question is, how can I know in chat.php, where the page is loaded from?
I understand require this information using javascript, if it is the case use referrer
const referrer = document.referrer;
MDN
The Document.referrer property returns the URI of the page that linked
to this page.
Document.referrer
I open a new window to a Google docs presentation using the method window.open :
NewWindow = window.open("https://docs.google.com/presentation/d/1Qs9......");
I want to retrieve that url in order to know of it has changed (each slide of the presentation has a different url and i want to see if the user changed slides), using NewWindow.location.href
All i get is an undefined value. I can change href though
NewWindow.location.href ="http://www.google.com"; //works
I've read that if you are not in the same domain, you are not allowed to access the href or any other properties on the remote window.
Isn't there any other way to do it?
Thanks in advance.
There is a workaround but not in JavaScript.
The standard solution is to map the documents into your own domain using a proxy server that runs hidden under some URL of your own domain.
That way, you can access the documents via https://your.doma.in/google/presentation/...
A word of warning: If you make a mistake with configuring the proxy, crackers can abuse it to do nasty things (like trying to hack Google or send spam; the police will come knocking on your door).
Background: I have written a bookmarklet (JavaScript) that appends an iframe to the current page you are viewing. This iframe's src attribute is pointing to a form back on my (rails) application. I need to pass a key into the form (from the bookmarklet) by either modifying one of the values of the input fields or by passing the value as a parameter at the end of the url calling the form action.
I don't really see a way how to do the former, and the latter seems like a security catastrophe waiting to happen. I was wondering what the best practice would be here?
Appending a query string parameter to the URL seems reasonable, but you're correct - there are security implications. The value will appear in the user's browsing history and it'll be visible over unencrypted HTTP (but not HTTPS).
There's another Javascript-based way to do this that's not yet widely supported, but is worth considering - window.postMessage. It allows pages at designated domains to send and receive messages using a familiar event-based model. See https://developer.mozilla.org/en/DOM/window.postMessage.
This sounds fairly similar to the AJAX framework I made using iFrames. The easiest way is to have your bookmarklet build up a query string and put that on the iFrame's src. If you need to change anything, you should be able to set the iFrame's src to "#param=value" and have the page in the iFrame register the onhashchange event to deal with it (this would be how you could go about the former)
So your code could either be:
var iframe = document.createElement('iframe');
iframe.src = "http://example.com/mypage?param1=value1¶m2=value2";
document.body.appendChild(iframe);
and/or:
iframe.src = "#param1=value1";
// This in the iframe:
document.onhashchange = function() {
// parse location.hash and process form
}
A number of schemes pass secrets in the fragment portion of the URL and then, as then, early in the page load, store it and set the fragment to blank. I think webkeys do this.
On the webkeys page, see specifically
Putting the unguessable permission key in the fragment segment produces an https URL that looks like: https://www.example.com/app/#mhbqcmmva5ja3.
I am opening a window and passing set of parameters to it. In this case, I am sending json string. At time, the info is toolarge, and Request-URI Too Large occurs.
window.open('../pssops21/php/createPhonePdf.php?strSelectedItems='
+ strSelectedItems + '&strQBNumbers=' + arrQBNumbers, 'mywindow',
'resizable=1, scrollbars=1, left=80,top=60, width=650, min-height=400')
Window.open does not have option to post. Jquery ajax only posts info retrieves, results and does not open a new window.
Are there any methods to do this?
Thanks.
Unfortunately this is tricky situation in web applications. The limit on the size of a URI is typically dictated by the browser you are using and the option to POST data is not a standard available. As for doing an Ajax post and then "loading" the results, is typically not supported for security reasons.
A workaround I have used in the past is to make it a two-step process. Basically use Ajax to post your json data to the server. As a response, have the server send back some kind of token to retrieve the stored data. Then, use that token as a parameter to the new window you are opening, who can then retrieve the data.
I know it is a little bit more work to get the data over to your new page, but it does eliminate these size/security restrictions, and is a cross-browser safe.
You could open a new window to a temporary page, then POST from that page in the new window using a form filled out by JavaScript in the original page.
You could use a hidden form that has your destination page as its target. Use hidden fields for your post values, and submit the form using the Javascript submit() method.
I believe this will only work if you're trying to redirect the current window, not open a popup, although there may be a way around that restriction as well.
Rather than embedding information to pass to the window in the querystring, you can use javascript directly. Using window.opener on the newly opened window, you can access info from the child page:
var selItems = window.opener.strSelectedItems;
Keep in mind that strSelectedItems in this case would need to be globally scoped in the parent page. To keep things clean, I would consider functions on the main page that will return the information the child page needs.