How to retrieve the resolved url - javascript

I have a windows authenticated site. When I load the URL in browser, it will redirect automatically by logging into the web site using Windows Authentication.
I am trying to get a request to a site using JavaScript, also I am able to alert the resolved page data i.e. even through JavaScript windows authentication is done.
My question is after resolving to the authenticated page, my page URL also get changed, so is there any way to retrieve the URL...
For suppose if I give http://mysite.com then after authentication it is resolved to something like this http://mysite.com/{user-id}
Now I want to get the user id using JavaScript. Can some one please help me here...

You can get the URL with window.location.
If your URL really is as simple as http://mysite.com/1, for example, you can get the ID with
var user_id = parseInt(window.location.pathname.substr(1), 10);

Related

Paypal - customize return url with dynamic params

I set up a button to connect with Paypal on my website.
BUT
I would like to pass some parameters in the return url, it seems that it is not possible. I have read the documentation 10 times and got no more informations.
https://developer.paypal.com/docs/log-in-with-paypal/
For example = https://returnurl?id=12345.
Does anyone know if this is possible and who has done it before ?
Thank you..
If you set a Redirect URL in the app without the parameters and it works, does adding the parameters on to that working base URL (only to the redirect_uri in your code) not work?
If not, then assuming they are being redirected back to a page on the same server they started at, the other best/simplest solution is probably to use a webserver session to story any additional info of this type so it's available on return pageload.
If it's pure client-side JavaScript then browser local storage could work, though it's strange to have to resort to that and Log in with PayPal requires server calls to do anything useful with an authorization_code anyway.

Is it possible to prevent that a popup be opened directly as opposed to being opened by Javascript?

The application I'm working on relies on many popups. Those popups rely themselves on query strings. If someone can just type the url in the browser address bar, the page will throw an error as the query strings values are dynamically constructed.
function myFunction(id)
{
window.open("mypopup.aspx?id=" + id);
}
Is there a why to prevent the page from displaying if the requester of the page is not a Javascript? If someone type something like:
https://mycompanyname.com/path/mypopup.aspx
It shouldn't let the user do so. Or, at least check whether the requester is not javascript so I can display a message or redirect the user to a different page? Otherwise, without all those pieces of data needed to construct a request, the page will throw an exception.
Thanks for helping.
Validate the query string directly in myPopup.aspx, if something is missing just redirect or display a message.
Use the Request.QueryString collection to validate in myPopup.aspx.
There is no easy way to validate if the request came from javascript as far as I know. You could try creating a token to validate that the sender is the one you expect, but if you only need to validate the parameters, no need to worry about who is sending the request.
The page cannot differentiate how it was requested, if both requests come from a same browser.
However, you can include in query string to differentiate them.
For example,
window.open("mypopup.aspx?request=javascript&id=" + id);
If a user intentionally type in https://mycompanyname.com/path/mypopup.aspx?request=javascript, so be it. I won't worry about it.
Popups are browser windows too. So it will be tricky to check if the window requesting the page is normal window or popup.
You should restrict the users to see on what url the popup is being opened you can hide the address bar. So user can not copy or know the what's in the url.
window.open('/pageaddress.html','winname','directories=no,titlebar=no,toolbar=no,location=no,status=no,menubar=no,scrollbars=no,resizable=no,width=400,height=350');
Setup a token based validation. Make request to server(Ajax request) to get a random token(with one time validation mechanism and expire it), You can send the token in the query string and validate it on server if it's same issued token. Identify if the requested page have valid token(popup) otherwise deny the request or show error message. Think of how captcha works, you just need to do it programmatically.
Though it's also not the best solution as token information can be sniffed through network traffic tracker tools like fiddler but it's will work to prevent manual requests.

HTTP GET request working on normal session but not in 'incognito' session

Having some trouble understanding why this issue is happening, specifically within the Steam environment.
When I go to this URL and am logged in to Steam, the request goes through fine and I get the return that I'm expecting. However, when I try the request in an incognito session, I get an empty set of results. I've looked through the code that Steam itself uses to send this request (ctrl-f '// Load' and it should bring you to the relevant code). There doesn't seem to be any identifying information being passed in this request, and even in incognito mode Steam will still load up the price history charts for the item just fine. I can't understand why the request will not work in a session in which the user isn't logged in to Steam even though the page itself will still display price history using the same request.
Since this occurs on Valve's servers, this is simply an educated guess as to what is occurring.
When you visit this URL without being logged in, the server is sending back a 400 Bad Request
It appears this is due to the lack of a steamLogin cookie. When you visit the URL without being logged in, these cookies are set
timezoneOffset
Steam_Language
community_game_list_scroll_size
recentlyVisitedAppHubs
sessionid
steamCC_<IP_OF_COMPUTER>
After logging in, when the request is successful, the steamLogin cookie also exists.
It appears you need this cookie to get the information you want.
Can't comment (rep too low) but FYI, the item detail page works because the data for the graph is passed inside the html file in a bracket. You could set up a DOM environment, load the html and scrape it out without needing to login.
As the other poster mentioned, the api call you want to use requires the steamLogin cookie to work.

URL Redirect Following JSONP API

Long version:
So, im working on my schools website and I need to get past same-origin enforcement. I'm not trying to scam anyone or anything; my school uses Google Apps and a seperate gradebook system, both of which use the same username and password because the school has the Google Apps login replaced with their own single sign on deal. The problem is the single sign in form requires an AuthID that is generated on Google's side. So when you go to the google apps login page for the school, it redirects to the page with the single sign on form and the AuthID in the url as a GET parameter. If I can get at this AuthID using Javascript then I would be fine and the user would be able to sign in from my page.
Short Version:
The Problem: I need to send a request to a URL which then redirects to another URL that has something in its GET parameters in the URL (an id) that I need.
What I've tried:
AJAX - the url is on another domain and cross-domain is not allowed
iframe - not allowed to get the location of an iframe with a different domain
Basically does anyone know of a JSONP API that follows URLs and returns the URL of the redirect? Or another solution to this entirely?
Pleas let me know if I can clarify anything.
Thanks in advance!
Edit: This site for example is exactly what I need except in JSONP API form. When I put my URL in there it shows a 302 redirect header with a "Location" whose value is the exact URL that I need.
So i give it a url like this:
https://sso.thewebsite.org/simplesaml/saml2/idp/SSOService.php?app_name=Google&SAMLRequest=...
and it shows that the response was a 302 redirect with
Location: https://sso.thewebsite.org/simplesaml/module.php/core/loginuserpass.php?AuthState=[this_is_what_i_need]...

Check if logged in user liked a page on Facebook API using JS?

Im currently working on a project that require to have fan like a page before he can see several content on the site.
The webpage is not an app in Facebook, it's outside facebook. We will not use PHP or backend code, we will only use FrontEnd
I have finished the user login check to check if user is logged in or not.
I am now stuck with the check if user is a fan of our page. I try to use the function page.IsFan, but somehow it needs to have an UID.
The FQL approach is not possible due to the same reason.
Also another problem is with the appID of our page. I try to google of how to get the appID for page, but the search is mixed up with useless contents.
Is there anyway to either get the UID or check if user liked ourpage without UID?
Thank you very much
You will have to use backend code from your Facebook iFrame fan page because you have to inspect the signed_request variable that is sent in the HTTP POST request to your page, as this variable won't be available via javascript, and subscribing to edge.create in javascript won't work because the page does a full refresh when the user clicks the like button and that event won't fire.
If you are forcing the user to authenticate with your app (which is not nessary if you inspected signed_request variable, you can use a FQL query or graph api request and instead of specifiying their user id, just use "me". something like: select field from table where uid = me()
Unless you provide a UID you won't be able to know whether the user has liked the page previously. However, you can use FB.Event.subscribe to find out when the user does like the item, by subscribing to the edge.create event:
FB.Event.subscribe('edge.create', function(response) {
alert("liked the item");
});
example: http://jsfiddle.net/niklasvh/rmrE4/

Categories