Long version:
So, im working on my schools website and I need to get past same-origin enforcement. I'm not trying to scam anyone or anything; my school uses Google Apps and a seperate gradebook system, both of which use the same username and password because the school has the Google Apps login replaced with their own single sign on deal. The problem is the single sign in form requires an AuthID that is generated on Google's side. So when you go to the google apps login page for the school, it redirects to the page with the single sign on form and the AuthID in the url as a GET parameter. If I can get at this AuthID using Javascript then I would be fine and the user would be able to sign in from my page.
Short Version:
The Problem: I need to send a request to a URL which then redirects to another URL that has something in its GET parameters in the URL (an id) that I need.
What I've tried:
AJAX - the url is on another domain and cross-domain is not allowed
iframe - not allowed to get the location of an iframe with a different domain
Basically does anyone know of a JSONP API that follows URLs and returns the URL of the redirect? Or another solution to this entirely?
Pleas let me know if I can clarify anything.
Thanks in advance!
Edit: This site for example is exactly what I need except in JSONP API form. When I put my URL in there it shows a 302 redirect header with a "Location" whose value is the exact URL that I need.
So i give it a url like this:
https://sso.thewebsite.org/simplesaml/saml2/idp/SSOService.php?app_name=Google&SAMLRequest=...
and it shows that the response was a 302 redirect with
Location: https://sso.thewebsite.org/simplesaml/module.php/core/loginuserpass.php?AuthState=[this_is_what_i_need]...
Related
There is a system like Clickmeter that allows people to create a smart link for their banner ads. Here is a short explanation of the system. You can enter a URL as the landing page and system gives you back a special URL to put instead of the original. Now if someone clicks on the special link, he will be redirected to the landing page that you wanted to.
I am developing something like that but here is the trouble. I must use 301 redirect because of some SEO things, and 301 redirect is only available in server side as I know. But I want to get some client data such as browser name, operating system model and browser language before redirecting the client. And I am doing this part in javascript, absolutely client side.
I dont know what to do or if I am wrong about something else. But I know that Clickmeter is doing exactly the thing that I want to. They get some client data and then do 301 redirect. Here is a sample link of CLickmeter: http://9nl.it/vz0d
You don't get the client's data in the client's side. You do it in the server side by reading and processing the Request.UserAgent before doing the 301 redirection:
// get the User Agent
string userAgentText = HttpContext.Current.Request.UserAgent;
// Process the User Agent, and extract the information you want: browser, OS, version...
...
// Make the 301 redirection to the target URL programmatically
HttpContext.Current.Response.Status = "301 Moved Permanently";
HttpContext.Current.Response.AddHeader("Location", TARGET_URL);
You could get similar information in JavaScript by using window.navigator.userAgent (and AJAX to send the data on click), but I would not recommend this solution for two reasons reasons:
If you are providing just a URL (your service sounds like a URL shortener), you cannot inject the JavaScript code.
If the user has JavaScript disabled, this solution will not work at all.
To find more information on how this could be done, read these questions:
How do I get just the OS from Request.UserAgent?
What is the difference between Request.UserAgent and Request.Browser?
301 redirect in asp.net 4.0
How can you detect the version of a browser? (if you still decide to go with a JS approach)
I have obtained a URL in a variable. Using the url I would like to get a particular content from that HTML page.
The URL is http://www.linkedin.com/profile/view?id=1112465
From this page I would like to get the current company data using JavaScript.
So please help me with this.
Assuming you don't work for linked in, here's the simplest answer: you can't.
There are cross-origin limitations that disallow fetching content from a domain other than the one that's requesting it. What's this mean? abc.com can't request content from xyz.com--at least not without special permission.
can someone tell me why I am getting this Error:
One or more of the given URLs is not allowed by the App's settings. It
must match the Website URL or Canvas URL, or the domain must be a
subdomain of one of the App's domains.
At my facebook app I tried some URLs like "example.com", since I do not have a server to upload my stuff yet.
But I have used some App Ids that work for sure and still get the error, so I need to add something to my html stuff?
Thanks for any help. :)
You need to provide the URL of the actual app that you're using to access your facebook app using the API. Even if it is localhost, you need to set the correct URL in order to be able to test.
Check the FB developers documentation for more details
In Canvas URL at the end add / and if you're using a Tab than the filename must be specified
I'm hosting few static web pages on GitHub (gh-pages). If the user tries to access a page which isn't available, he/she is moved to a custom 404.html.
What I'm wondering is if is it possible to access the original requested URL from the custom 404.html, using just JavaScript? There's no PHP nor any other server side technology available.
I've looked at the JavaScript's Location-object but that seems to give only the access to the current URL (in this case the 404.html) but not to the original requested URL. What I'm trying to achieve is a 404.html which gives suggestion like "Did you mean to access url ..." to the user but in order to do so, I need the access to the original URL.
your only hope would be document.referrer but of course GH would need to set it, which is highly unlikely for any page returning a HTTP 404 out of a request ...
You need to look at the url in document.referrer
Because the user is moved by the server to a 404 page, JavaScript cannot know abot the requested url.
It may be posible if you add in .htaccess to redirect the user to a page with the url: page.php?url=requested_url , then the requested_url appears in the address bar, which can be read by javascript.
I've tested this with a custom domain and location.href will actually give the current url, which in this case is the faulty one. So, while document.referrer will only give empty string, location.href will give the url you want.
I'm wondering if this has to do with what kind of GH pages you're hosting as well as if you're using a custom domain. My understand was, however, that it was only possible to serve a custom 404.html using a custom domain.
I have a windows authenticated site. When I load the URL in browser, it will redirect automatically by logging into the web site using Windows Authentication.
I am trying to get a request to a site using JavaScript, also I am able to alert the resolved page data i.e. even through JavaScript windows authentication is done.
My question is after resolving to the authenticated page, my page URL also get changed, so is there any way to retrieve the URL...
For suppose if I give http://mysite.com then after authentication it is resolved to something like this http://mysite.com/{user-id}
Now I want to get the user id using JavaScript. Can some one please help me here...
You can get the URL with window.location.
If your URL really is as simple as http://mysite.com/1, for example, you can get the ID with
var user_id = parseInt(window.location.pathname.substr(1), 10);