html header to send back in requests? [closed] - javascript

Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 6 years ago.
Improve this question
I'm trying to solve a problem similar to the ones in this question and this one, basically tracking a sub-session for users by browser tab. The thing I'm trying to accomplish, though, is finding a way to set a request parameter to send back to the server with each request, whether it's a simple synchronous link click, a form post, or an ajax request. What occurred to me as a hopeful solution would be if I could set something in the html head that would be sent each time, though I haven't seen anything to suggest that it's possible. I'm hoping to find a solution that doesn't require wrapping all server requests in some sort of javascript to include the desired parameter.
We're using Rails on the backend.

Difficult question to answer without knowing which server side language you are using. Regardless, using php, perl, python, or any other language, you could generate a unique ID and append it as a query string to your links. If you don't want the ugly links, you can:
A. use .htaccess to perform a mod_rewrite to clean up the URL
B. use an additional cookie to track the sub-session
C. use pure javascript, not very reliable depending on the client browser though..
the method used to track depends on what capabilities you have, database, text file, etc.
Again, not much info to go on.

Related

How to make a working login functions for my website? [closed]

Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed last year.
Improve this question
I am just entered this game since last December. Now I finished HTML CSS and a little bit of Java Script yet I got stuck at this stage: I can do basic styling but I don't know how to make it interactive.
So my question is :
how can I make a login function for websites, which can gives visitor an account (sign up, login, forgot password) that can do basic things like comment , add to basket and favorite a product?
Don't need to be specific, please just highlight which language is involved in which stage.
Thanks ahead.
Now I finished HTML CSS and a little bit of Java Script
So your site is what is called a static website.
If you want to allow login and data storing, you need a dynamic website, that requires one of this technologies:
PHP
ASP (check also ASP.NET)
Node.js (with express or http module)
Django (Python's library)
A few others...
All this technologies are called server-side languages/technologies, and the most used for long years has been PHP, that now has some strong rivals in terms of usage.
You can use only html/js to create a website. But, if you need authentication, post comments, a server side is needed.
A js can call easely an API to authenticate (server side) and post comments with XHR. You have to create it. You need to know how Authentication headers works for server side. You need to have a database (sql, file or nosql, it's your choice) to save the users datas and rights.

Which HTTP request method should be used for a like button [closed]

Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 2 years ago.
Improve this question
A like button is something we see on YouTube or Facebook, there is a counter associated with it.
I wonder how we should go about implement such a button. Specifically how should we communicate with the backend when a user clicks on this button? Should the button use GET or POST to talk to the backend? It makes sense to me for using POST since we are incrementing the number of likes on the backend but some tutorial I found said we should use GET since POST is typically used in the context of a form to POST the form data to the backend.
I know this is quite an open ended question but I been googling the answer for a while and haven't found a convincing one.
I would say it depends on your backend framework convention of it. If you build your own backend from scratch, you may want to follow an existing convention from other projects.
Taking ruby on rails as an example for my answer, its convention is to map HTTP verbs and urls to certain actions for "resourceful routes", which is described on https://guides.rubyonrails.org/routing.html#crud-verbs-and-actions.
RFC2616 also describes the difference between PUT and POST:
The fundamental difference between the POST and PUT requests is
reflected in the different meaning of the Request-URI. The URI in a
POST request identifies the resource that will handle the enclosed
entity. That resource might be a data-accepting process, a gateway to
some other protocol, or a separate entity that accepts annotations. In
contrast, the URI in a PUT request identifies the entity enclosed with
the request -- the user agent knows what URI is intended and the
server MUST NOT attempt to apply the request to some other resource.
If the server desires that the request be applied to a different URI
As the comments on your question suggest, I'd also go with PUT.

Access restriction with JavaScript [closed]

Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 8 years ago.
Improve this question
I have an application done fully in JavaScript using Ember.js. What I want help with is the following:
I have two account types: basic and premium.
Depending on what account type the user have I wish to display ads him.
The user can use parts of my application only if he has a premium account.
What I must have in mind in order to protect my application so it's secure against people trying to use premium features without having that privilege? Because all Javascript will be sent as a single file, people can just look at all my app code and maybe reverse it or even copy it and use locally without even entering my site, which would put all my effort to waste.
Your client side code shouldn't be considered more than sugar for the user's experience, not a layer that is trusted.
That means your backend should be pessimistic in nature, not trusting requests from the client, but making sure they can make said request, and sanitizing any data sent to them assuming the user is trying to do harm.

Is Header or Javascript better for redirecting in PHP? [closed]

Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 9 years ago.
Improve this question
I am trying to redirect users to a specific page after a login. Are both equally effective? or is one better than the other?
Thanks
You cannot compare both methods!
JavaScript will only run on the client side, therefore you need to send HTML first, then execute the redirection.
Using PHP, you can directly forward the user. This is not only faster, but also the only applicable choice in terms of usablity.
You will also have a problem if JavaScript is disabled or you have got an error in your JS scripts (for whatever reason). Well, you could counter by using HTML meta redirects, but the pros of using server-side redirects just predominate.
Compared to client side JS, an HTTP redirect will:
Require less data to be send to the client for it to process the redirect instruction
Not cause the browser to behave badly when the back button is pressed
Work in browsers with JS blocked / disabled / otherwise failing
An HTTP Location header is almost always the better approach.
They are different.
One is server side (php) and the other is client side (js).
Usually it's done server side, so it's a transparent redirection (doesn't pollute browser history, back button, etc). I repeat: usually but it's not a rule.
PHP is faster - the whole page doesn't have to load first. You can just send the header and exit the script.

Is it possible for a third party (random website visitor) to update some .js code in a .html index file via a php form? [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Questions asking for code must demonstrate a minimal understanding of the problem being solved. Include attempted solutions, why they didn't work, and the expected results. See also: Stack Overflow question checklist
Closed 8 years ago.
Improve this question
I'm trying to get help with this question and consequently build my website www.videocontractor.com. I've posed this question and solicited bids on the requisite code on freelancer.com. People on there have told me that it is indeed possible for a third party to fill out a php form on my site and in turn update the java code in my index file. I'm not sure I believe them. From the project description:
I'm looking to add a module on www.videocontractor.com and www.photocontractor.com that will enable visitors to the sites to add their business listing. I'm not sure if this can be done. I'm would like the javascript in the index.html file to be updated by site visitors. I think a PHP solution is needed. I'm open to other ideas.
Can someone on here tell me yes or no if I can add the functionality that has been somewhat described above? Are there any alternatives I should look into that would provide me with the same end result.
https://www.freelancer.com/projects/PHP-Javascript/PHP-Java-for-business-directory.html
From your description, you have asked someone to write code that modifies files on disk. While it is possible to do this in a safe way, I recommend against it.
What I recommend you do instead is keep your entries in a database, and generate resources dynamically, upon request. Be sure to use prepared/parameterized queries (PDO has this capability), and any data you output in the context of HTML use htmlspecialchars(). If you are outputting data into JavaScript, use json_encode(). This will ensure that the data remains just that... data, and not possible code for execution.
It all depends on what you are doing later with that form. If you are putting it straight inside a query to a database without cleaning it, then it is completely possible to change your website. They can also use MySQL injections that way, and you could possibly loose your entire database.
If you want to filter what they write in the form, you can use strip_tags and after that addslashes, which will completely prevent any possible damage.

Categories