Can i read Redirect location? - javascript

I have the following webiste which redirects to a particular resource:
foo.com -> abc.com
foo.com has NO X-frame header , thus can be iframed
abc.com HAS X-frame header, thus it can't be iframed.
I just wanted to get at any cost the response location header (that is where it will redirect) which is caused by this url.
foo.com/redirect.com
The response contains a location header which redirects.
Is there's any means to see where uts redirecting?
Attempted
I tried to read iframe using this.src location but it returned only foo.com (that is initial url) not the abc.com.
I tried reading Chrome console but failed.
I tried
var ifrm = $('iframe');
var iurl = ifrm.window.location;
Any other way?
Thanks
Here's what i want:
i add this html tag
<iframe src="http://foo.com"></iframe>
Now ALWAYS foo.com will redirect to abc.com. So how do my iframe will knows that
Oh! foo.com has redirected me to abc.com!, now javascript, alert user that iframe is redirecting!
Basically: How do i know where an iframe is redirecting me?

Related

Getting referrer in asp net mvc

I need to get referrer , when user is redirected from other site to my own , i trying get referrer from headers but its empty. All attempts returns null or empty :
Request.UrlReferrer
HttpContext.Current.Response.Headers["Referer"].ToString()
ServerVariables["http_referer"]
and if you look to request headers in browser , i will not find referrer header.
tried get referrer from javascript document.referrer but its returns empty string
can somebody please explain why there is no referrer header and how i can get it ?
Usually, Referrer URLs are passed between two unrelated sites (from one site to another) when navigation occurs by clicking a link or JavaScript-based navigation. Referrer URLs are not sent if the user uses the browsers address bar, back/forward buttons/ etc.. to navigate.
There are several reasons why the Referrer URL is empty in a request.
For some (security/privacy) reasons, the Referrer URL is stripped out
when navigating from a HTTPS site to a HTTP site (e.g. from
https://google.com to http://example.com).
It can also be stripped out using some other JavaScript
and HTML tricks.
once Referrer URL has been stripped out, There is no way to disable this behavior to get it back.

App reloads when iframe response is 302

I have an SPA written in angular. The app sends a request to server in a hidden iframe requesting an access token. The server returns the token in the url as part of fragment (the reply url is configured at server already, it knows where to send the response). The response is a 302. The url looks like http://example.com/#token=dsdcsvfv&state=43242...
When the response comes back, the entire app is reloaded (app.js code is executed again) in the iframe. This happens even before the locationChangeHandler runs. I am only interested in fetching the token from the url (which happens in locationChangeHandler), I don't intend to load anything in the iframe, its hidden anyways. Is there a way to prevent this reload?
I am not sure if we can prevent the redirect that the server sent to the iframe, cause that is what is causing the reload IMO.
If you have to use the frame...try adding a sandbox to your iframe like so: <iframe sandbox> it should not allow the parent to be redirected.
Here's more about it : http://www.w3schools.com/tags/att_iframe_sandbox.asp

javascript iframe: accessing http from https

I have a page that has an iframe which loads html template from amazon aws s3 bucket. In the iframe, I want to take the link of the parent window, then add some parameters.
E.g: My parent window has the link http://xx.xx.x.xxx:8088 . I want to take this url, apprend "#abc/edf" and redirect to that page. But I cannot because my iFrame has url https://bucketName.s3.amazonaws.com
The error I get is
Uncaught SecurityError: Blocked a frame with origin "https://bucketName.s3.amazonaws.com" from accessing a frame with origin "http://xx.xx.x.xxx:8088". The frame requesting access has a protocol of "https", the frame being accessed has a protocol of "http". Protocols must match.
The javascript I used to redirect to another page from within an iFrame
function navigateTo(e){
var destination = e.data.destination;
var url = window.parent.location.host;
window.parent.location.href = url+destination;
}
$("#button").click({destination: "/#abc/edf"}, navigateTo);
html
<div id="button">Redirect to another page</div>
I cannot use absolute path for a reason. The parent window link will change somehow. I think the best solution is to take the parent url and append the parameters that I want. How can I make this happen without getting the security error?
Short answer is "you can't."
Browser security model precludes cross-domain and cross-protocol scripting from the client side. Your embedded iframe under the https protocol is not allowed to access (not even read) its parent's non-https context.
To do what you want, both contexts must agree on both domain of origin and protocol in order to interact on the client side.

Get iframe redirect src when the redirect is denied

I'm loading a page in a hidden iframe, which redirects instantly, with the purpose of grabbing that redirect url. However, the server denies iframe requests so no content is returned.
Refused to display '<new url>' in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN'.
I just want to get the new url. Is there a way to do that? The url is obviously sent to me since it appears in the console.
I tried to do an ajax request instead to no avai.

How to get the url in browser address bar in nodejs

I am displaying a page in an iframe, and in my Node.js server I need to access the main page's URL.
I do not want to get the request URL for the page in the iframe, but I need the URL in the browser's address bar, the one for the main page.
The Referer request header should contain the URL you are looking for.
http://www.nczonline.net/blog/2013/04/16/getting-the-url-of-an-iframes-parent/
The HTTP Referer header for a page inside of an iframe is always set to the containing page’s URL.
try the Url module ctrl-f 'pathname' from this page http://nodejs.org/api/url.html

Categories