Getting current URL from inside an iframe - javascript

I need to check the referrer from inside an iframe. If accessing the page via the bookmark, I cannot do this. Instead I grab the URL, with client side javascript as I cannot get the masked URL with server side requests.
Now I have the URL in clietn side javascript - how do I feed it into my server side code execution on the first page load?
Is there a much simpler way of getting the current URL in the address bar, from inside an iframe?
Thank you,
Chris

You can use Ajax to exchange data between client and server without refreshing the page.
To do the Ajax request only on the first page load, you could combine sessions with cookies:
Check server side if the sessions
variable not_first_page_load is
already set. If it's not set it
means it is the first page load:
create a cookie first_page_load
and after that set the sessions
variable, so that forthcoming
requests won't trigger this any more.
On the client side you should
check for the cookie
first_page_load. If you find it, then
you should make the Ajax
request.
Back on the server side, where
you handle the Ajax request, you
should remove the cookie
first_page_load.

Related

How to get response headers using express.js

I'm trying to get a response header using express js but no way i try is working.
Here is where i set the header:
return res.status(400).header('loginError', error.details[0].message).redirect('/login');
This works and i can see the header in the network tab on inspect element but when i try to access it it doesn't return a value.
I've tried:
res.getHeader("loginError"), res.get("loginError"), res.header("loginError")
Here is my ejs code:
<div class="login-form-error">
<div class="login-form-error__inner">
<span id="login-form-error__span"><%=loginError%></span>
</div>
</div>
<% } %>
I set the loginError var when i render the page:
res.render('login/index.ejs', {
loginError: res.header
});
Any help is appreciated, sorry if this is a dumb question
From your proposed solution, it sounds like you're trying to do a redirect, but send some data with the redirect that will come back to the server when the client requests the redirected URL (on the next request).
You cannot use a custom header with a redirect. The header will go to the browser, but the browser will NOT include the header on the request that follows to the redirect URL. So your server won't get the header back again.
You can send data from one request to the next request from the same client in the following ways:
Set a query parameter on the redirect so that when the browser sends the redirected URL to the server, the data you attached as a query parameter will be part of the URL where your server can look for it and use it. This would be useful for data that is not particularly secret.
Use a server-side session such as express-session. Then, you can set a client-specific piece of data in the session object (which is a unique object for each user), send your redirect response and then when the redirected URL comes back on the next request, your server can check the session for the data (read that data and perhaps clear it).
Set a cookie along with sending the redirect response and then when the redirected request comes back to your server, you can check for the cookie and grab whatever you want in the cookie (and delete the cookie).
Using data in a server-side session is the most secure (as the data never leaves the server) if that's relevant for your particular use case.
You cannot use req.app.get() and req.app.set() because those are global to your server and thus multiple users will compete for the same values causing concurrency problems (where one user's value trounces that from another user or one user gets the data that belonged to another user). This is a buggy experience that will only hit you every once in a while and is hard to reproduce and figure out why things went wrong. Don't do it this way. It's analogous to trying to store data from two users in the same server-side variable. Only leads to problems.
For anyone wondering: Instead of using headers I found that if you use req.app.get(var) and req.app.set(var, value) you can easily send data from one request to another. I don't know if it is a secure way to send store data or not if anyone else has more info on that feel free to respond.

How to wait for an HTML page and get result when page complitely created?

I have a page (page1.html) and I want to send an ajax to page2.html (http://m-kermani.github.io/getapp.html) and page2.html has an iframe that made by javascript
I made it by javaScript because I need to send a parameter to the page3
In page1.html I have:
$.get('https://m-kermani.github.io/getapp.html', function (data) {
alert(data);
});
and I just need the iframe content but beacuse it made by JavaScript I can't get it and that did not created! (This is the way JavaScirpt is)
I need to send ajax request and get the iframe content because I need an https domain for some reasons that GitHub.io is!
No I need to know is there anyway I can get the content of the iframe from GitHub page?
Is there any other way I can direly just have GitHub page and give the parameter to it and can get the content of the page3 (not using server side language)?
And suggestion about what can I do?
Sounds like you're trying to circumcent the same-origin policy. Unless the API you're trying to access specifically supports a way to do it (CORS, JSONP, etc), you can't do it. You should read the documentation of the API you're trying to access to see if they support accessing it from the client side.
An Ajax request is just a request for a resource. It just gets whatever the server is going to send. It doesn't automatically render the HTML and fetch dependant resources.
If you want the content of a frame, then you have to request the URL for the frame instead of the URL for the page with the <iframe> tag in it.
(The Same Origin Policy will still apply).

How to use cookie set by JS in PHP

I am setting cookie using JS script on my page, but I need to use this value while generating HTML on server side PHP.
Let me expalain.
User requests page - > Of course PHP starts generating HTML -> User get response from server -> JS sets cookie.
Am I correct ? I understand this in this way.
But I need to use cookie set by JS while PHP generating response.
Of course it will work if reload the page,because new request is sent with cookies. But I need to use this cookies at a time I set it in JS.
Of course I can set in JS to reload page, but I don't think that is good solution.
What are possible solutions. I don't need to adhere to cookies. Maybe there are other possible ways to get data from JS to PHP.
If I understand your question right, there are at least 2 different ways:
load an initial page which purpose is to redirect (via JavaScript or Refresh header) to the main page;
load the entire main page in the first request, containing a placeholder block. Then set the cookie. Then fill the placeholder using AJAX technique (send another request using JS and replace HTML content of placeholer with a newly generated one).
For the 2nd approach you don't even need cookie, as JS can pass the value with a query string (GET request parameter).

How to redirect a website from the server on an Ajax request

Is it possible to redirect a web site from the server on an ajax request?
Eg.
The website (www.myapp.com) makes an ajax request to the server.
The server redirects to the same URL with a hash eg. www.myapp.com#page=main.
Website is redirected to www.myapp.com#page=main.
I need to redirect it to the same url but with a hash.
Using window.location.href = http://www.myapp.com#page=main won't work since it will just update the location with the hash.
Aeah, it is. You can use meta or javascript redirect. Just append following code into an ajax reponse & make sure that reponse is placed into actual page
<script>document.location.href='newpage.php'</script>
or to refresh, return
<script>document.location.reload(1);</script>
No.
An AJAX request just returns data to the client; the browser does not act on it at all.
Instead, you need to make the server tell your client code to do a redirect in its response, then write client code to check whether the server asked it to redirect and navigate to the new location.

What is a non intrusive history back button or alternative if Javascript is disabled?

If JavaScript is disabled what's a way of linking to the previous document in the session history?
Can PHP be used to simply link to the REFERRER or is there a better alternative?
Edit: Further to this, can previous post variables be retained?
You're really mixing the idea of previous document in client session history vs. server session history.
Since Javascript is client-side, executing a history.back() renders the control to the browser, which then decides which page was last in the history (keeping in mind that the last page may not be a page within your domain). When you're using server-side PHP, the HTTP header referrer is whatever the browser supplied to you. If your server-side URI wasn't called as a result of an explicit click on a link, form GET/POST, etc. , your script probably won't get a referrer header value.
If you only want to capture the referrer within your site's domain, you can start maintaining a breadcrumb trail server-side (in the user's session). eg: $_SESSION['breadcrumbs'] = array( 'page1', 'page2', ... )
POST variables can be persisted in the SESSION too though I've never seen a good reason to do so. If you're trying to return an error message for a form and expect to get back the POST, you shouldn't be saving the state of the original POST.

Categories