Safety script to clear cache and leave website immediately - javascript

I am working on a website for a women's shelter and they want a "panic button" that automatically takes you to another site. This is pretty common, but I need it to also automatically clear the cache, so the abuser can't hit the "back" button or history to see what they were looking at before being interrupted. Any ideas?

I think that the answer is "can't be done as website functionality" unless the user installs a browser plugin. For example, here's what Mozilla Development Network (MDN) says about this:
For security reasons .... there is no way to clear the session history or to disable the back/forward navigation from unprivileged code. The closest available solution is the location.replace() method, which replaces the current item of the session history with the provided URL.
Non-privileged basically means any javascript that a website might run on the browser.
Now a "panic button" plugin / add-on would be able to do this kind of thing, but:
The user has to install it. (Simple for a moderately tech-savy person ...)
If someone looks at the browser, it will be apparent that it has been installed.
There is also the issue of people how people decide to trust a plugin like this to be properly implemented, and not contain nasty stuff.
A better idea would be to educate the user in using browser incognito mode. However that still leaves traces on the user's computer (depending on your browser, and other things), and in external network logging, etc.

Related

Google "web light" feature

Google came up with a new feature called Google Web Light. This optimizes websites that are not mobile friendly and are heavy for users with slow connections. Sometimes even YouTube gets optimized.
They URL is like this "http://googleweblight.com/?lite_url= website url".
So, this causes some issues to websites. Mostly JavaScript issues. Take a look at these jQuery UI elements. Nothing seems to work.
Sure there is a link to view the proper website but users won't bother clicking and would leave thinking the website is broken.
How would you go around this. Is there anyway to detect if the users browser is showing the optimized website?
Here is an example of what it looks like:
This explains how to opt out of WebLite:
If you do not want your pages to be transcoded, set the HTTP header "Cache-Control: no-transform" in your page response. If Googlebot sees this header, your page will not be transcoded.
To detect WebLite instead use $(document).ready() in a script to detect if one of those new WebLite elements exists in the loaded DOM:
if (document.getElementById('lite-menu') != "null") {
alert("WebLite is being used") ;
}
If you have a fully responsite site then WebLite will only be used for slow connections
To those of you that land on this page because you keep getting redirects using Google Web Light:
Download firefox through Raspbian Repository (or your default linux distro repository) and then seek out a browser addon to change "user agent" to desktop (just search addons for "User Agent" and you'll find something). Once done, Google will no longer terrorize you with an service they think helps you so they force it upon you.
(This may apply to others not using Raspbian such as any mobile device or small screen computer).

Safari localStorage not persisted between sessions

We have a web app that runs in Facebook (i.e. a running in an iFrame at a different domain). If a Safari user has Cookies and Website Data set to the default, "Allow from websites I visit", the data we store via localStorage.setItem is acting like sessionStorage, i.e. it's not available beyond the user's current session (i.e. after the user closes the tab). If we change the setting to "Always allow", it works fine just like in Chrome, IE , etc.
As a test, we've tried navigating the browser to our app's domain (https://ourappname.appspot.com) directly and it works fine there. And also then it should truly be a visited website, but when going back to the game within Facebook, the problem still exists.
Note that the setItem call is succeeding, it's just that getItem doesn't return anything in a subsequent session. (So it's not like when the user is Private Browsing and the setItem call itself fails with a Quota Exceeded error.)
What do we need to do to support Safari so that our app, running within Facebook, can use localStorage as intended where the data will survive between sessions?
It's either a bug in Safari or a security feature.
You are visiting FaceBook and not your website. Your app is in iframe which would violate security model if it let you read any data from the browser. Think if a competitor site read data it did/didn't set. That'd constitute an information leak.
Safari is doing it's job well in that regard.
Ideally, in "Allow from websites I visit" mode, no browser should let iframes to set data to localStorage; even if every domain has their own storage-sandboxes.
What's troubling me is why are they even letting you write to localStorage from iframe at all (in your 'Allow for only sites I visit' mode)? That might actually be a bug - a information spoof attack enabling bug.
I think it's because security-exceptions were dropped from localStorage in case of not-same-party origin of request. So Safari might actually will not throw error but let it silently fail (in some cases). That's probably why your setItem call is succeeding.
At this point, with the given information, I suspect, sir you are out of luck due to Safari programmers following standard to the letter.
I'm still waiting on a reply from Apple, but it's safe to say we're stuck with this behavior. So Anubhav's answer is accurate, but we still needed a solution.
So as a work around, we created new endpoints on our server for persisting/restoring game state. We only utilize this for Safari, for all other browsers we're still persisting our game state in localStorage.
There is a slight performance penalty for the user. And a slight server cost. Not a sexy solution, but now our Facebook canvas app supports Safari.

Mobile App detection from browser

I want to detect via JS if a user does or does not have a particular app installed.
I know about the app store tag that will pop the generic "download this app" if they don't have it installed. I'm not asking about that.
I have a concept, but it's incomplete. This would try to target both iPhone and Android devices.
Knowing that a link with a particular prefix can trigger an app to open:
Target a hidden iframe with JS to open a url prefixed to trigger that app
That page would fire a post message back to the parent if it loads, indicating the app was not opened.
If the app exists, the message would never be fired back to the parent, since it would open in the app.
Unfortunately, my client does not want app to open (or attempt to open) automatically, but simply know wether or not it's installed.
Thoughts? Blaring errors in my logic? Work-arounds? Existing solutions?
Thanks
There's likely no way to do this, because generally speaking you aren't allowed to poke around on a user's device from a web page. Even though what apps a user does or doesn't have installed isn't the most sensitive of personal information, it would still be a bit of a security/privacy concern to expose that information to scripts coming from the web. The app store tag is probably the closest you're going to get, since it's an official API to provide similar but protected functionality.
I can think of two ways to try to solve your problem, although none is especially good. Since iOS 6, you can use Smart App Banners to promote an app.
The most obvious solution would be to hide any actions from the user, e.g. by preventing the activity from showing up after issuing the URL request. I don't have any experience with this and cannot tell you to what extent it might be possible to hide it.
To be honest, I have no idea whether the second approach will work on mobile devices. It has been used for desktop applications a lot and allows inter-application communication - including communication between the browser and the app. However, the possibilities might be limited due to the usually high security restrictions on mobile devices. This is a highly theoretical suggestion as I am pretty sure it is unsuitable, whether it is possible or not.
Your app must provide a tiny HTTP server on an unused but fixed port. Your JavaScript code can then use JSONP to communicate with the app (assuming the security restrictions of the browser don't prevent this). If communication fails, you may assume the app is not installed.
Before anyone attempts to criticize this approach, let me say that this is a theoretical possibility, might be unstable and is unsuitable for most apps. The efforts of running an HTTP server are far too high for such a secondary task.

Is it possible to Blink alert "client browser" when new notification came in JSF?

I am working on JSF with primefaces, i have been assigned a task to notify the browser when new message arrived in client desktop, its like Message alert.
I found some concepts p:poll, and p:notificationBar, p:growl but those are happeniing inside the browser window itself, when browser is minimized the user can't get notify the new message arrival.
My question is:
Is it possible to do it in JSF with the help of Javascript?
I don't know whether it is possible to notify to the client?
How can i enable notifications for window minimised state as well?
You can make the title bar flash and on some platforms, even get the user's attention.
Make browser window blink in task Bar
Possible to flash a Browser window using Javascript?
This question shows part of your possible answer.
You should then use a to watch for the notification change. You could use the push framework, but that could be a bit of overkill on the network / connectivity side.
There are some solutions that work for only specific browsers. If you are doing this for your company intranet environment and everyone uses chrome or IE, there might be better solutions. Nonetheless, you should strive to do something that works on all compliant browsers (w3c compliant, that is).
There are some boundaries you should observe, regarding web apps in browser windows and what is the expected behavior. The user expects a minimized / offline browser window to sit quiet. If you are in a corporate environment, this could be waived, but for an app for the general public on the web, some people could (I would) be annoyed by this attention-seeking behavior (on a browser game, for example).

Strange website redirect issue on mobile browser that's influenced by cache

I'm at a loss here.
I have a new Wordpress site at synergration.com.
If you access it on a mobile device (phone, not tablet) it will generally load fine the first time. Once you click on to another page and/or reload the home page it jumps into a redirect loop indefinitely attempting to reload the same page over and over and over...
I've weeded through the code and have been unable to find any JS redirects. I've also contacted the theme developer and they've been unable to help.
This only became an issue when I started hosting on WP Engine. They use some advanced caching that seems to be the culprit here as when I test the mobile site on their staging server (where no cacheing exists) it loads fine.
I contacted WPEngine about it and this was their reply:
This is being caused by our caching systems that run on our platform.
It looks like the theme is handling an internal redirect that detects
the user agent (desktop or mobile) and redirects the visitor to the
appropriate site based on that information. However, the redirect is
getting stuck in cache, causing the mobile version to load in an
infinite loop. Unfortunately, we don’t have an easy solution for this.
If this were only one part of the site, we could just exempt that part
of the site from caching, but because it covers the whole site,
exempting from caching isn’t an option. Our staging area is exempt
from all caching, which is why it’s working normally there. (The old
host was most-likely using a non-cached environment, which is why you
didn’t see this issue there). I would contact the theme developer and
ask them if they’ve ever come across this issue before. There’s a good
chance they have, and they might have a clever solution as a
work-around. You might have the option of disabling the mobile
routing, which would solve the redirect issue, though mobile devices
would load the full version of the site rather than the slimmed-down
mobile version.
As noted above, the theme developer didn't have any solution and I'm back at square one so I figured I'd reach out to stack to see if ya'll had any ideas.
I have two sites on WP Engine with redirect. They are identical gensis child themes and redirect plugins. I have one setup with a DNS redirect to a cname record for a "M.sitename.com" URL and the other redirecting to the mobile site that is having the same issue you noted above. I haven't had an issue with the site that points to the cname record. I am about the change the other site to the cname configuration to see if it makes a difference. I have no ideal why this works, but thought you might find this of value.
It works absolutely fine in my mobile's Opera Mini browser. To answer your question, an alternative way is to just create a mobile subdomain, like m.yourdomain.com. Make this decision public and let mobile users know in advance that that is the site for mobile users. A specific mobile site is loads better than visiting the page and then being redirected. It also saves time.
While developing the mobile site, keep in mind, to use minimal JavaScript. The reason being, that older mobile versions may not support JavaScript and if JavaScript is essential then it becomes a big problem.
Speaking about the theme, if it is getting stuck and developer has no idea, so the best option, FOR NOW, is change the template. Let the developer inspect on his very code. You can by that time use another template, that'll keep the site up running well whether it is on Mobile or anything. Because, small errors can divert lot of traffic from your site. I, to be frank, have no idea about what caching problems WP is having, and I don't expect anyone here to be knowing that, so it really depends on time. Till then, as I said, do try to use some other template for the time-being.
All the best.
I faced similar issue recently. It took good amount of time but I finally figured it out.
To prevent redirect from caching, you have to use 302 redirect. Moreover, you have initialize this redirect in "template_redirect" action of wordpress. If you do it in like "init", it'll be cache too.

Categories