I use JavaScript to insert the specific into the page. The problem is that it is necessery to load this iframe for the specific domain. I mean like in GoogleMaps, where you have to insert special key to be able load maps for your domain.
In few words I want to check where my script is linked from.
You can not get the parent property if your page is not on the same domain, the only solutions is to check the document referrer
var ref = document.referrer;
alert(ref);
Related
I have two ways to get to my chat.php page.
One way is via profile page link and the other is via the menu.
My question is, how can I know in chat.php, where the page is loaded from?
I understand require this information using javascript, if it is the case use referrer
const referrer = document.referrer;
MDN
The Document.referrer property returns the URI of the page that linked
to this page.
Document.referrer
I am writing a plugin for wordpress, and I provide a way for users to log in to my service, when they click on log in a popup opens with the service's website (which is on a different url than the wordpress blog).
So to avoid cross domain errors, I use postMessage This works great but the second argument of postmessage is the domain name of the website to send the data to.
I did a lot of research and all the examples seem to hardcode the domain name directly into it, but since it's a wordpress plugin, any domain can go there.
So I want to get the domain name of the parent window (the one who opened the popup).
I noticed that firefox manages to extract the url
when using the developer tools but I can't seem to manage to do it myself as almost all the properties are restricted.
So how can I get the url/domain name of the parent window for my popup?
The Same Origin Policy forbids JavaScript access to the location of a page on a different origin.
However, from the documentation you link to:
targetOrigin
Specifies what the origin of targetWindow must be for the event to be dispatched, either as the literal string "*" (indicating no preference) or as a URI.
If you want to limit message reading to a selection of origins (without making it public), then you could try to post a message to each in turn, or you could have the parent send its origin to the child (either through postMessage — although that has issues with timing, since you have to wait for the new page to load — or by simply passing it in the query string when requesting the page.
Pass it to your login page via query string added to the end of your service's website that opens your pop up.
Example:
var myservice = 'myservice.com?'+window.location.href;
Then from your site you get the parts you need and create a variable and substitute that for the hard coded address.
Getting the parts:
var prot = window.location.protocol;
var dom = window.location.host;
var path = window.location.pathname;
var qry = window.location.search;
document.getElementById("demo").innerHTML = dom + path + qry;
I wonder if this is possible. I was trying to access the referrer of the document inside an iframe but it always disregard the hash(#) value.
Root Page(index.html) - (http://example.com/test#hashvalue)
Inside the Root Page, there is an iframe that gets the referrer. It has this piece of code
var referrer = document.referrer;
This returns http://example.com/test without the hash value. Is there a way to get the full url(with hash) as a referrer.
Note: that I dont have access to Root page. If I do, I can use postMessage but I don't. The iframe was just embedded(Lets call it as a widget of the root page).
Any url that contains the # character is a fragment url. The portion on the right of the # (that you want to access) is a fragment identifier i.e. a location within the page.
The browsers do not implement document.referrer to pass this identifier, this is in line with HTTP_REFERRER header passed to web pages.
If both of your iframes are from same domain i.e you are able to access parent.location from the child, then you can get the hash portion using parent.location.hash.
Hard luck otherwise
I have an iframe in mysite.com/folder/file.php
The iframe is an html page from a subdomain and I want to block all referers except the current page it's embeded in (mysite.com/folder/file.php)
What's the best approach to this, using javascript ?
I tried to define rules in Nginx but the problem is the headers always show subdomain.com as the referer instead of showing current page.
The nginx approach could work. There is an nginx module which can filter by referer.
But the docs for that module state that the header is unreliable. It can be easily modified to show incorrect information by hackers.
But the DOM in the iframe'd html page should give you access to the 'parent' object.
That object could then be used to obtain information from the parent page like url or even some custom data you could set in the parent page.
I am not a javascript expert but I think this is the better approach.
I have obtained a URL in a variable. Using the url I would like to get a particular content from that HTML page.
The URL is http://www.linkedin.com/profile/view?id=1112465
From this page I would like to get the current company data using JavaScript.
So please help me with this.
Assuming you don't work for linked in, here's the simplest answer: you can't.
There are cross-origin limitations that disallow fetching content from a domain other than the one that's requesting it. What's this mean? abc.com can't request content from xyz.com--at least not without special permission.