I have an SPA written in angular. The app sends a request to server in a hidden iframe requesting an access token. The server returns the token in the url as part of fragment (the reply url is configured at server already, it knows where to send the response). The response is a 302. The url looks like http://example.com/#token=dsdcsvfv&state=43242...
When the response comes back, the entire app is reloaded (app.js code is executed again) in the iframe. This happens even before the locationChangeHandler runs. I am only interested in fetching the token from the url (which happens in locationChangeHandler), I don't intend to load anything in the iframe, its hidden anyways. Is there a way to prevent this reload?
I am not sure if we can prevent the redirect that the server sent to the iframe, cause that is what is causing the reload IMO.
If you have to use the frame...try adding a sandbox to your iframe like so: <iframe sandbox> it should not allow the parent to be redirected.
Here's more about it : http://www.w3schools.com/tags/att_iframe_sandbox.asp
Related
I need to get an access token request on FaceBook using cookies.
I tried to make get/post requests to the advertising account page (facebook.com/adsmanager), but in response I get an html page that does not contain the script I need.
This is what this script looks like if you look from the browser in the element code, located in the script and starts with EAAB:
screenshot facebook token
How and with what I can make a request to the page of the account (using pre-prepared cookies) to get in response the code of the page, which will contain a script with the token EAAB, which is shown in the screenshot.
I would like to redirect from POST method to frontend page with HTTP status code 303.
Expected result is that browser after making POST request redirects to page specified in Location header.
Currently I am getting CORS failed error message and browser does not redirect to frontend page.
A redirect does not mean "Load this URL in the browser window". It means "You can get whatever you asked for here".
When you make an Ajax request using JavaScript, the response is provided to JavaScript.
If the response is a redirect, then the browser follows it automatically and provides the response to the redirect to JavaScript.
The URL you redirect to needs permission from CORS in order for the JavaScript to read the response.
Do not attempt to mix web services and regular page navigation
If you want to submit some data and load a new page: Use a form submission.
If you want to submit some data and handle the response with JS: Use Ajax.
I've been trying to scrape some raw XML data from an internal company site (url excluded for security purposes). I am currently using selenium and beautifulsoup to do so (but am open to any other options). When accessing the site manually, I am prompted with a javascript browser alert for a username and password (see picture). My attempt to automatically validate credentials is below (does not pass authentication):
def main():
#gets specified list of direct reports
# username:password#
url ="http://{username}:{password}#myURL.com"
driver.get(url)
html = driver.page_source
soup = BeautifulSoup(html, "lxml")
# parsing logic follows ...
However, when the script runs I still have to manually enter the username and password in the browsing window controlled by chromedriver and then the rest of the program runs as expected..
Is there a way avoid this manually entry? I've also tried solutions around driver.alert and sending keys & credentials to the browser to no avail.. (I know this may be difficult because the site is not accessible outside of the network, any insight is appreciated!)
Edit: I should mention this method was working a couple weeks ago, but following a chrome update no longer does..
Your login process is likely returning an access token of some kind, either a value in the response body or a header with a token, possibly an Authorization header or a Set-Cookie header.
In most cases, you will need to send that token with every request, either as an authorization header, a body parameter, or whatever the page expects.
Your job is to find that token by inspecting the response from the server when you authenticate, store it somewhere, and send it back each time you make a page request to the server.
How you send it back is dictated by the requirements of the server in question. It may want a request body param or a header, those are the two most likely cases.
I have a Java Spring REST back-end (#RestController) and using as security option Json Web Tokens(no session). At the front-end I want to use JavaScript (jQuery to send requests to back-end), Html.
So after login I save a JWT in browser and send it back in header with every request I make to #RestController.
My question is: How to navigate between pages (that are accessible only for authenticated users) from js? How #RestController will work in this case?
The #RestController handle the requests containing a path (the path of the request is not necessary to be the same with the path(URL) from front-end)
Solution (if you have a front-end server): When you try to reach a front-end URL you make a call to the server-side; if the response status is 200 the page can be displayed(with the body of the response if you send information); if the response is not you will stay on the home page, or you can redirect the user to login page...
Also check this : http://www.studytrails.com/frameworks/spring/spring-security-method-level/
We have this authentication procees in our application that whenever the server gets a request from a client which is not authenticated (cookie missing) it returns a 307 response and the client should be redirected to the login page (which might on another domain).
I've bumped into the following problem:
When I delete the cookie and the main index.html page is cached and I open the web page I get 307 for the first time only when a js file is requested (there is a script tag in the index.html). In this case the browser tries to redirect and I'm getting the following error:
Resource interpreted as Script but transferred with MIME type text/html: "https://win-7-64-server:8443/cas-server/login?service=http://172.30.2.25:81%2F172.30.2.25%3A8182%2Fshunra%2Fcommon%2Fjs%2Flibs%2Frequire%2Frequire.js".
This is the original javascript url: http://172.30.2.25:8182/shunra/common/js/libs/require.js
Obviously I don't control the redirect. Any ideas?
EDIT:
I thought about the problem and the problem is that the browser gets 307 http code and thinks that the javascrip file was redirected while in reality we want to redirect the entire website - any ideas how to do that?