Reading request headers in Javascript - javascript

I need to be able to read the request headers coming from a redirect from a naked domain:
http://mydomain.com
to
http://www.mydomain.com/index.html
I need index.html to be able to parse any original request path and queries, how can I do that?
E.g
From naked domain: http://mydomain.com/abc to http://www.mydomain.com/index.html and then index.html will get the abc path request.
The question is how to be able to achieve this?
A similar question: Using DNS to redirect to another URL with a path

use document properties to check and reditect
for others questions use navigator roperties
Get referrer use = document.referrer or document.URL
Look : http://www.w3schools.com/jsref/dom_obj_document.asp
In apache the best solution is control that with .httaccess

Related

What data is sent to the target URL when using fetch with credentials set to include

I am trying to understand what information is sent to the target URL when making a fetch request with credentials set to include like so:
fetch(url, {credentials:include})
How does the server behind the target URL know to decode the credentials to validate authentication? I understand this may vary from scenario to scenario but trying to get a general understanding of the concept.
Thanks in advance!

How to access my domain only via a certain referer/website

How do i make my website accessible via a certain website or referer from that website only?
Say for example i only want my website to be accessible through adf.ly, how would i do such thing? Thanks for your help.
Note- adf.ly was just an example, i mean the general code.
You can use this in your /root/.htaccess :
RewriteEngine on
RewriteCond %{HTTP_REFERER} !adf\.ly
RewriteRule ^ - [F]
This returns a forbidden 403 status to clients if their referer doesnt match the pattern or it's not adf.ly
The simplest option is to check PHP's $_SERVER['HTTP_REFERER'] variable and deny any that does not come from your desired websites. But this is not a reliable method, as anyone can tamper with the HTTP request headers, setting the $_SERVER['HTTP_REFERER'] variable to false values.
If your request is not through a public client like a browser (for eg. you want to access via a server to server request), then you can rely on some sort of authentication to identify where the requests are coming from.

"Access-Control-Allow-Origin" issue while calling https url of the same site from a http page via javascript

Getting "Access-Control-Allow-Origin" error while calling https url of the same site via javascript from page of the same site with http.
The site root url is set at the .cshtml file to use absolute path. When the page is cached and opened again, the site url shows as http while the root url remains https since it's cached and causes this "Access-Control-Allow-Origin" error.
I am able to fix the issue by setting "Access-Control-Allow-Origin" to "*" on the action method.
But this means it will allow for all domains, i want to allow it for my application or domain only.
How can i set it programmatically, so it will work across all environments?
Is there any other better way to set the site root url which will use absolute path?
what you are looking for is called CORS (cross-origin resource sharing, http://enable-cors.org/, https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS)
You do not have to use a wildcard on that header, you can set only a specific domain and even limit HTTP methods if you want to.
Access-Control-Allow-Origin: http://domain1.com
# if you want to, you can limit the methods too
Access-Control-Allow-Methods: GET, POST
As a general rule of thumb open your system only as much as you need to and try to keep the configuration as "tight" as possible.
You can cache a condition which test the protocol and then change the URL dynamically.
for example:
if (location.protocol == "https:") {
url = "https://....";
} else {
url = "http://....";
}
// your AJAX call goes here
More info about location protocol here.

Copy all text from URL and store in an object

I need to copy the text from the URL which a JSON file. I need simple javascript, I cannot use AJAX calls because I have same origin policy error.
The link is as follows:
http://webapp.armadealo.com/home.json?within=50&lng=-71.071123&lat=42.3526751
I need all the content in the above link to be stored in a variable, lets say var allText
Thanks
I cannot use AJAX calls because I have same origin policy error.
Then you cannot get the text directly, full stop, via client-side JavaScript (unless the server that's hosted on supports CORS and allows requests from your origin and you're using a CORS-enabled browser). You might be able to do something like using YQL as a proxy, but barring that, you'll need your own server-side proxy.
Try this
var pathname = window.location.pathname;

set an iframe source without loading new content

Is there any way to set the src attribute of an iframe without the iframe generating an http request? If not, is there a way to format the request headers before the request is sent?
edit: I just need the src to match the path of a cookie, but I don't ever want that cookie sent to the server. See my comments on this question.
No there is not a way to do this.

Categories