how can I POST cookies to a different link? - javascript

Is there any way to POST all the cookies(cookie name , value and expire time) available for a specific domain (e.g .example.com) using javascript ? . I own the domain that I need the cookies to POST from but I want to post them to a different domain (e.g example2.com). After the cookies are POST ed I also need to redirect the client to a specific link so I think some ajax may be required
Note : I do not need to read/write cookies on different domain. I simply need to send/transport the cookies names/values/exp of the current domain to a different domain as HTTP POST values

You can access the cookies using document.cookie. However, this only gives you the name and value - there's no way (that I know of) to get the expiration date of a cookie. It contains a string with all the cookies, in a name1=value1; name2=value2; name3=value3; format.
Sending it as a POST request to another domain can be done with cross-domain XHR, but if you don't need to read the HTTP response of the request, submitting a form should be enough. Simply create an invisible <form> with its method attribute set to "post", the action attribute set to the URL on the other domain and the target attribute set to the id of an invisible iframe, add the cookies as an <input>, and submit the form.
<iframe id="foo" style="display: none"></iframe>
<form id="bar" method="post" target="foo"
action="http://www.someotherdomain.com/handle_cookies.php">
<input id="cookies" type="hidden" name="cookies" />
</form>
<script type="text/javascript">
document.getElementById('cookies').value = document.cookie;
document.getElementById('bar').submit();
</script>
Its probably better to create the <iframe> and <form> dynamically, using JavaScript, instead of having it written in the HTML, but I'm too lazy to write that at 2:30AM, sorry :P
note: If the first domain is accessed on SSL, make sure the connection to the other domain is also over SSL, otherwise you'll be transmitting secured cookies over HTTP as plain text. You can remove the scheme part from the URL of the other domain (e.g. //www.someotherdomain.com/handle_cookies.php instead of http://www.someotherdomain.com/handle_cookies.php), making it use the same scheme as the one used where the cookies are sent from. I highly recommend doing that.

The link describes a method that comes close to the requirement. But it uses the window.name property instead of cookies to send data.
Google cache copy, because the original link seized to work for a while.
Using window.name transport for cross-site POST scripting

I think due to security reasons you can't read/write a cookie for a different domain. You can apply a specific path for the cookie to be available to such as a specific folder outside of your root. I think the way the browsers work is they find cookies for the site they are accessing at the moment, and use them accordingly. But allowing for cookies to be cross domains would open up to many threats. I think, if you really want though I can't promise something like this working fully.
If you build a script on the other domain that will write a cookie based on a trigger and then you use something like PHP cURL to bring the page into the domain your working with at the moment you may be able to invoke a cookie from the other domain. This is pure theory though not something I have tested. The idea is since you own both domains its assumed you also have access to both hosting servers. So with that you need something on both ends to work with one another to do what you want, rather then hope for a one sided solution.
Reference: http://www.quirksmode.org/js/cookies.html

Related

Access cookies set on subdomain from parent

I am trying to access a cookie set on a subdomain (small.example.org) from the parent domain (example.org) and I would like to do this from a bit of Javascript within the page.
First of all I am setting a cookie for the domain small.example.org
document.cookie = "name=Mike; domain=small.example.org"
When I load small.example.org I can successfully see the cookie that I just set. When loading example.org I cannot see any cookies from small.example.org. Maybe not that surprising.
So I figured I need to make a request to the subdomain to include something onto the main domain, a script tag.
<script src="small.example.org/script.js"></script>
Now when I load example.org with the request to the script tag and have a look in the browser, I can see the cookie from small.example.org.
But when I try to access it from Javascript using document.cookie, I get nothing.
Is this the expected behavior? I thought you cannot access cookies from Javascript only if they had the HTTPOnly flag set.
Is there a way to go around this? The example above is very close to my actual use case scenario and unfortunately I cannot play too much with the architecture.
This is the expected behavior.
JavaScript can only access a cookie that if the domain of the cookie is either:
An exact match for the hostname of the current page
A substring of the hostname of the current page
example.org can't read cookies for small.example.org (although the reverse is not true).
Note that the Origin for JavaScript is determined by the URL of the HTML document the JS is running in, not by the URL that the JS was loaded from.
You can either:
Change the domain specified when you set the cookie
Dynamically generate the JS file on the server and insert the data using server-side programming (the browser will send the cookie in the HTTP request header when requesting the JS URL because the domains match).

AngularJs: How to set same cookie on different domains

I have 2 domains:
www.site1.com
www.site2.com
Important Notes:
not sub domain!
Allow-Origin are enable on both domains.
have full Access to both of domains.
Question:
How to set a cookie on site1 & get that cookie on site2 ?
I want to use it on AngularJs, no matter if using jQuery in your examples.
There is a technique that multi-site companies like google employ to keep their users logged in for all their sites per single authentication.
This question is about how A can read a cookie of B. But my answer only tells you how A can set a cookie in B. Although this technique can be employed in a useful way for OPs favor, negative points are welcome. I will still spread the awareness.
Create a php file (lets say setcookie.php) in site B. This can set a cookie for site B.
setcookie("MyCookie", "subinsb.com", time()+3600);
Now if you can call this php file from any site, it will set the cookie for site B. A famous way to call this script is via a hidden img tag. So, the site A can have this image tag - which will set a cookie for site B.
<img src="http://www.siteB.com/setcookie.php" style="display:none;" />
When this image is loaded, you know the cookie for site B is set.
Interestingly, you can send data too to the cookie of site B through the URL. Your setcookie.php can read data via $_GET and include them in the cookie.
Here is the article.

JavaScript: 404 page, how to get the requested url?

I'm hosting few static web pages on GitHub (gh-pages). If the user tries to access a page which isn't available, he/she is moved to a custom 404.html.
What I'm wondering is if is it possible to access the original requested URL from the custom 404.html, using just JavaScript? There's no PHP nor any other server side technology available.
I've looked at the JavaScript's Location-object but that seems to give only the access to the current URL (in this case the 404.html) but not to the original requested URL. What I'm trying to achieve is a 404.html which gives suggestion like "Did you mean to access url ..." to the user but in order to do so, I need the access to the original URL.
your only hope would be document.referrer but of course GH would need to set it, which is highly unlikely for any page returning a HTTP 404 out of a request ...
You need to look at the url in document.referrer
Because the user is moved by the server to a 404 page, JavaScript cannot know abot the requested url.
It may be posible if you add in .htaccess to redirect the user to a page with the url: page.php?url=requested_url , then the requested_url appears in the address bar, which can be read by javascript.
I've tested this with a custom domain and location.href will actually give the current url, which in this case is the faulty one. So, while document.referrer will only give empty string, location.href will give the url you want.
I'm wondering if this has to do with what kind of GH pages you're hosting as well as if you're using a custom domain. My understand was, however, that it was only possible to serve a custom 404.html using a custom domain.

Ajax cross-sub-domain requests?

Is there a way to make an Ajax request to
s3-ap-southeast-1.s3.amazonaws.com (to S3 API)
from
s3.amazonaws.com
(from where a JavaScript app that is hosted at)?
You cannot do cross-domain ajax requests. That includes subdomains. However, it is possible to use JSONP.
yes, you can cross domain ajax calls, check cross-origin resource sharing:
http://en.wikipedia.org/wiki/Cross-Origin_Resource_Sharing
Cross domain ajax requests are forbidden by protocol. And yes, subdomains too.
Read here: http://www.ajax-cross-domain.com/ It might help;
I know this is an old post, I provided a detailed example for cross domain ajax request using JSONP, hopefully it helps those who is in trouble:
http://www.shanison.com/2012/05/11/cross-domain-ajax-request/
shazmo said this in a earlier post:
Cross domain is entirely a different
subject. But cross sub-domain is
relatively easy.
More info here:
http://www.tomhoppe.com/index.php/2008/03/cross-sub-domain-javascript-ajax-iframe-etc/
Shameless plug, but this may help:
http://alexn.org/blog/2011/03/24/cross-domain-requests.html
I guess I found the link that #Patrick had posted and it had become broken
http://hoppeweb.blogspot.com/2008/03/cross-sub-domain-javascript-ajax-iframe.html
to avoid happening this again I will just try to re-post it)
The idea is setting up an iframe html on one domain and then calling that iframe from the page on the other subdomain. Both parent page and the iframe inside it should have the same document.domain.
document.domain = "example.com"
once done, those two pages act like they are on the same domain.
the rest, just copy-pasted ((
For example, for pulling in text, setup your page on
www.yourdomain.com and set document.domain to yourdomain.com. If you
are trying to pull in an html page using Ajax from img.yourdomain.com,
setup a page that, will become the iframe, to do the ajax pull. After
that pull is complete set the document.domain to yourdomain.com. In
your page on www. create an iframe which has the src set to your page
on img. Since document.domain is set, any functions on the parent page
are available to be called via the iframe. Lets say you want to put
your newly "ajaxed" html into a div on the parent page, you can do
that via "parent.getElementById('yourDivName').innerHTML =
Response.Text".
If you are pulling in XML, you can setup the page/iframe relationship
the same as above. That iframe will make the ajax call to the XML on
img.yourdomain.com and do something with it, lets say turn it into an
array. Once that is completed, set the document.domain on the iframe
page. At this point, the parent page can access that array on its
iframe via "iframeName.arrayName". Alternatively you can have an array
read on the parent page for this information and pass it to the parent
from the iframe via "parent.arrayName = iframeArray".
originally by #Tom Hoppe

Persist javascript variables between GET requests?

ASP .NET is allowed
Storing the values in hidden input fields is allowed
Query String is not allowed
POST request is not allowed
It is possible to store JS variables between GET requests ?
I want to reinitialize them on the client using ClientScript.RegisterStartupScript
Can I use cookies for this ?
Are there other posibilities?
Where cookies are stored when Request is made ?
Can I use cookies for this ?
Yes, see this tutorial on using cookies in Javascript.
Are there other posibilities?
If you are not allowed to append anything the URL of your requests, I can't come up with any.
Where cookies are stored when Request is made ?
In the HTTP request header. The aforementioned tutorial will tell you how to read their values from Javascript. On the server side with ASP.Net, you can read cookie values using Request.Cookie["cookieName"] which returns an instance of HttpCookie.
I wouldn't highly recommend this, but the other option is to alter the window.name property.
You can save some minor bits of data here, then retrieve them on the next page load.
Pros:
Quick-n-dirty, but works
Cons:
Messes up any window references for popups/child iframes
Since its a "hack", browser vendors may break this "feature" in the future
Of course if you can exclude all the old browsers, then use Global/Client Session Storage!
At the moment using cookies is your best bet. You can serialize the JavaScript objects to strings, and unserialize them back into objects later. A good choice format is JSON, since it is a subset of JavaScript.
There is also storing objects in Flash.
Storing in Google Gears.
DomStorage
See this library that has an interface to each:
http://pablotron.org/?cid=1557
If you are in control of all aspects of the page, then you can also wrap the page in a top level frame. Then only refresh the child frame. You can then store content in the parent frame.
You can see this used in sites like GMail, and others where the only thing that changes in the URL is outside the #.
You don't even have to change the URL, that part is just put in for Human Friendly URLs. (So you can actually copy and paste URLs as is).

Categories