How to set HttpPost and a header for JavaScript? - javascript

When I search for this question I always get the answer for "How to set header WITH JavaScript" but I want to set the HttpPost Header FOR JavaScript.
I try to Formlogon on a Website, but the response tell me that I need JavaScript. So how can I fake JavaScript? Do I need a Cookie? or a Header? Isn't it possible to set a header "JavaScript" with Version x?
I think there must be a way to do this :-)
I dont want to show the user a Website, i only want to login with the Users information and parse the result for some informations the user needs. Thats it.
Thanks
EDIT: maybe its a good idea to explain what i want to try:
I try to login to a mobilephone provider website with my auth-data and reading out the current consumption data and the bank balancce for this account. And i dont want to login everytime to see this with my phone! And i also want the EXACT data not only the self calculated data from any app wich can calculate it! :)

I think the availabilty of Javascript is not determined in the HttpPost but usually made with a combination of client/server side code. An example is available here.

Related

dynamically generate content for a page when clicking on product

everyone. I am making a website with t-shirts. I dynamically generate preview cards for products using a JSON file but I also need to generate content for an HTML file when clicking on the card. So, when I click on it, a new HTML page opens like product.html?product_id=id. I do not understand how to check for id or this part ?prodcut_id=id, and based on id it generates content for the page. Can anyone please link some guides or good solutions, I don't understand anything :(.
It sounds like you want the user's browser to ask the server to load a particular page based on the value of a variable called product_id.
The way a browser talks to a server is an HTTP Request, about which you can learn all the basics on javascipt.info and/or MDN.
The ?product_id=id is called the 'query' part of the URL, about which you can learn more on MDN and Wikipedia.
A request that gets a page with this kind of URL from the server is usually a GET request, which is simpler and requires less security than the more common and versatile POST request type.
You may notice some of the resources talking about AJAX requests (which are used to update part of the current page without reloading the whole thing), but you won't need to worry about this since you're just trying to have the browser navigate to a new page.
Your server needs to have some code to handle any such requests, basically saying:
"If anybody sends an HTTP GET request here, look at the value of the product_id variable and compare it to my available HTML files. If there's a match, send a response with the matching file, and if there's no match, send a page that says 'Error 404'."
That's the quick overview anyway. The resources will tell you much more about the details.
There are some solutions, how you can get the parameters from the url:
Get ID from URL with jQuery
It would also makes sense to understand what is a REST Api and how to build a own one, because i think you dont have a backend at the moment.
Here some refs:
https://www.conceptatech.com/blog/difference-front-end-back-end-development
https://www.tutorialspoint.com/nodejs/nodejs_restful_api.htm

HTML hidden input shouldn't be editable

I just discovered a bug which I couldn't find any solution of, I would like your advise on that. Issue is there are a few hidden input types, which are there to store ID's of already saved data such as per person id if it is already saved etc. etc.
I just tried and change the value of that hidden variable manually, using google chrome and submit the form and surprisingly i did not get the id that should be there but instead i received the Id that I changed. for instance there was an value of 22 I change it 263 I received 263, whereas I should have be receiving 22. I want that 22 to come not that 263.
Its hard to explain I know but I have tried my level best to convey my issue please help and advise my on that how should I store some hidden value that are un-editable.
Any Idea?
Rule of Web Development #1: Never trust the client
Rule of Web Development #2: Never trust the client
Rule of Web Development #3: You can't make the client trustworthy
If the user shouldn't be able to edit it, never give it to them.
As others have said, there are a few ways to handle the situation. The most common is to use a SESSION variable on the server, available almost everywhere.
Store the "secret" values on the SESSION. They will be available when the user posts back.
You cannot control what data users put in HTTP requests to your server.
Instead, use authentication and authorization, on the server, when the request is received, to make sure that the user is allowed to submit the values they submit.
If you're wanting to keep track of data from one page to another I would use sessions. This is data that is tracked on the server.
//page one.php
$_SESSION['id'] = 22;
//page two.php
echo $_SESSION['id']; //22
This is a basic functionality of how browsers work - essentially someone could POST data pretending to be your form with whatever values they wanted in the fields - or even add extra fields.
If it's a problem consider moving that data from hidden fields to session variables.
If it's important for your hidden fields to be secure, don't contain them on the client-side. Client side variables are pretty easy to modify.
You should probably store them in your session, so they're not outputted to the client. If they're required on the page, use AJAX to grab them instead.
It kinda depends on the domain of your application, if it's in-house software then I wouldn't worry about it particularly.
It does not look like a bug.
What scares you about this? These fields are not going to be accessed and changed by your visitors. If you're afraid someone is going to hack the http request of your visitor and change his order (for example), then https connection should help.

How to programmatically get campaign/source/medium for current Visit in Google Analytics

I'd like to know how active are the users depending on the source/medium/campaign of the traffic they came from before sign up. I'm hitting wall when trying to get campaign/source/medium for the current visit from Google Analytics tracker in JS.
I found this tracker.get() method: https://developers.google.com/analytics/devguides/collection/analyticsjs/method-reference#get but they don't specify what are the possible values for 'fieldName'. I inspected the tracker object in Firebug and found out the screen attached screen grab:
Are these the only fields that I can query? Is reading any of the campaign fields possible? I understand that GA intends to be anonymous, but I figured this information is not really a secret...
If I can't retrieve this information from GA tracker, how would you approach this question? Should I set my own cookie whenever there's a visit with utm_ parameters and then read it if the visitor chooses to sign up?
I'm aware of this response: How do I extract Google Analytics campaign data from their cookie with Javascript? but a comment says parsing a cookie won't work for AdWords traffic..
I had to do something similar for a project. You need to think outside of the box to get this working. This will only work for cases where you put the campagn information in the url, for tagged url's.
1) On every page add server side code(php, asp .net) to parse the querystring and save the campagn/source/medium from the url in a session(or cookie)
2) Retrieve this information where you need it and process it.
You indeed need some custom javascript in order to achieve this.
I created an open source project for this that addresses the need quite simply:
https://github.com/ilkkapeltola/visitdata
Once you include the javascript library, you can call visitdata.get() and it'll return an object with things such as source, medium etc.

Javascript: get data displayed from another url

I was wondering if I could get some data from another website to get it displayed on mine. The good example can be alexa.com. I need to display Alexa traffic rank and reputation in a div for example on my page, so it will be changed dynamically each time Alexa change its data.
Thank you for your help.
One way is to make an ajax request for the Alexa.com site, once you receive all the html, then you can use jquery or something to scrape it for the div you want.
It feels kinda dirty, but its an easy way to get what you want. Though this is assuming their page content isn't loaded dynamically.
Edit: See this for more info: Request external website data using jQuery ajax
yahoo yql... (instead of a php? proxy serverside script)..
I have a sneaky suspicion you do not own/control the external link site, so getting content from a different site, would fall under cross-domain security restrictions (to a modern browser).
So in order to regain 'power to the user', just use http://query.yahooapis.com/.
jQuery would not be strictly needed.
EXAMPLE 1:
Using the SQL-like command:
select * from html
where url="http://stackoverflow.com"
and xpath='//div/h3/a'
The following link will scrape SO for the newest questions (bypassing cross-domain security bull$#!7):
http://query.yahooapis.com/v1/public/yql?q=select%20title%20from%20html%20where%20url%3D%22http%3A%2F%2Fstackoverflow.com%22%20and%0A%20%20%20%20%20%20xpath%3D%27%2F%2Fdiv%2Fh3%2Fa%27%0A%20%20%20%20&format=json&callback=cbfunc
As you can see this will return a JSON array (one can also choose xml) and calling the callback-function: cbfunc.
Indeed, as a 'bonus' you also save a kitten every time you did not need to regex data out of 'tag-soup'.
Do you hear your little mad scientist inside yourself starting to giggle?
Then see this answer for more info (and don't forget it's comments for more examples).
Good Luck!

How to create a link that has a textbox "auto-filled"?

How do I create a link that when the user clicks, it will bring him to the Google page as shown below (with the To field completed):
Right now, what I've managed is to simply link him to https://mail.google.com/mail/#compose and this is what he will see:
Similarly, is there a way to achieve this on hotmail as well?
https://mail.google.com/mail/?view=cm&tf=1&to=someone#gmail.com&fs=1
This shows the composition screen. To get the whole gmail interface, remove &tf=1.
If you also want to preset a subject, just add &su=YourSubject to the query string
The data is sended by POST, I think. Try to trace the HTTP Header when clicking on the link that redirects to the already filled page, with the Firefox Addon "Live HTTP Headers" for example. If the third line starts with POST, look at the last line before "HTTP/1.1 200 OK", this is the sended POST data. You will probably find the auto filled mail adress there. If so, you can do a javascript POST request to the given URL: http://www.bennyn.de/programmierung/javascript/http-post-request-mit-javascript.html, or you can use a framework like jQuery.
This does not answer your question but if you are to request a person to send an email then it is best to use the mailto: in your links so that it uses the computers default mail service. I am unaware if this uses web-based mail but it will open up the computers default mailing program (And it stops you from having to account for every different email service).
And I tested Dennis's answer, and it does work for me. What do you mean by 'It ain't working', any error messages? anything that can help solve the issue?

Categories