I understand that I can do browser authentication with Javascript, and then grab, say, an XML file with that javascript. My use case is a bit different though: There's a link on a webpage to a PDF on a different server. That server does browser authentication. The username and password are NOT secrets, in fact right now, we publish the link like this:
"Download PDF (use guest/guest as username/password)".
What I need: the user clicks the link, but does NOT have to fill in the username/pass, because we see many users getting confused by this (in usability tests).
We do not have access to the other server where the PDF is hosted.
Any ideas?
You can write the link like this: http://gast:gast#mis.vlaanderen.be/cognos7/metadata/mp_v_i_im_020_e100_az_algemeen_overzicht.pdf
This URL is a test case: http://mis.vlaanderen.be/cognos7/metadata/mp_v_i_im_020_e100_az_algemeen_overzicht.pdf
The username is "gast", the password is "gast" (as it says in the authentication box).
If you can embed that in a page in a link, and make it open without triggering the browser authentication box, you're my hero :)
http://gast:gast#domain.com/file.pdf
Related
Mailto URI does not allow to attach file due to security concern. Is there any other way to achieve this functionality?
When user clicks on sendmail button in my application, it is populating outlook desktop application (as I have used mailto URI), so I can only allow to use mailto option in my coding.
My application constructed by HTML,JS,Node.js (I should not use nodemailer)
This is not possible. There will be security concerns if it was. You can ask the user to upload the file to the server, retrieve the file and add the URL to the uploaded file in the message body in mailto:.
I made a webpage which can provide some direct downloads. Therefore I only want real human, not crawler, to download my files. I tried to use Google reCAPTCHA but it is part of the webpage - visitors can still use the download links and doesn't have to worry about the reCAPTCHA at all. Is there a way to mandate visitors to pass the verification first? For example, is it possible to pop up reCAPTCHA before the whole page is loaded? If that's doable, how can I do it? Thanks!
What I can recommend here is the captcha form be on the current page that you have and create a new page with the download links that's not indexable.
Upon authorizing the captcha code, use header('Location: download.php'); or something similar to redirect the user.
A captcha before loading a webpage is possible, but it always uses client side code such as javascript which bots can easily bypass.
Is it possible not to show Open/Save dialog? I would like to save the pdf file straight to specific disk location on client PC. Need in NOdeJS
I am automating a LogIn in NodeJS which after a successful login, on clicking a 'Download Report' should download the pdf directly to the computer. On manually testing it does so. However when i run my script after clicking the 'Download Report' it would give a javascript popup for confirmation to save. –
EDIT: After reading your comment again, I noticed you are adding some settings to your profile that sound like they should make it do what you want. Since it isn't working, I think it would be good for you to try what I describe below.
END EDIT
You stated in a comment that you are using Selenium Webdriver to do the login automatically, and the download popup only appears when Selenium is driving the browser. The reason it doesn't keep your settings (to not show the popup) when Selenium is in control, is that Selenium creates a new profile, which has the default settings. You will need to manually create a profile for your browser (I see you are using Firefox), open Firefox with that profile, change the settings to not display the download popup, and tell Selenium to use that profile when it runs.
I'm not sure what your environment is, but I run Selenium from linux, so to create a new profile, I run Firefox from the command line with a -P flag, which opens the profile manager. If you use windows, you may need to look up another way to do this.
Once you have the profile created, and have changed the settings appropriately, change your code to the following:
FirefoxProfile profile = new FirefoxProfile(new File("path/of/firefox/profile"));
Hopefully that will work for you.
In a certain webpage that I was inspecting I saw some redirect links that didn't redirect directly to that link. For example: A button says "Go to Google" and then opened "www.examplesite.com/redirect_google" instead of just opening Google via <href>.
I wasn't sure if I trusted that link so a question came up: "How can I inspect that page to know what kind of scripts they do there?". But as you already understood I can't open it in my browser because I get redirected, so where can I type it so it inspects the page instantly?
If the redirect is implemented at the network layer, then there's no page to inspect; it's just a http 301 response (or 302, etc.)
If the redirect is via a meta tag or Javascript, then you can request the page via curl without rendering the HTML or having a browser act upon the meta redirect.
In the case of Javascript, you could also disable JS in your browser (methods of how to do that vary depending on the browser you're using).
Using CURL in command line on the given page, you will get the source code of the page.
Added to another programming language you can simply parse the files to check if it contains a redirect.
I'm also pretty sure a few tools exist over the Internet to check such behavior on websites, but I don't know any.
Linux/UNIX command line:
$ curl -i www.example.com/redirect_google
There are many variations of this; some small utility that downloads content from URLs without caring about what the content is and showing you information about the responses (here -i to show HTTP headers).
But if your concern is that the page may not be trustworthy... well, why this Google redirect page in particular? Any site could try to attack you with some "bad content"...
You can download the whole html file or whatever is stored there with tools like WinHTTrack or WSSniffer for example.
Yes. I know most developers avoid this because the browser does not allow such hidden downloads, and ask the user if and where to save the file (Known web security issue).
And also I could not know when the download is over.
But
If my client realy insist that he will be able to click once on a web page an have an outlook window open and filled,containing an attachment. can I do so using my own customized browser?
Using a customized browser, yes. (If your client runs windows and has office installed...)
For example, create a .Net winform-program with a IE-browser-control in it.
Add hook to IE-control to get when user clicks a specific a-link.
Then perform a download of file from winform-program, use office-api/automation/3rdpart-control from winform-program to fire up a new mail and add attachment to the mail.
There is no way you can push a server side existent file into a local email window as attachment. It is not sure your client machine runs windows or has MS Outlook at all.
there are mailto link specifications to have urls made in a way that most of the Email clients will receive certain commands from the browser and act accordingly, for example as you can see here: Mailto Parameters Test try the link in the page and you will get a new email window in your default Email Client with To, CC, BCC, Body and subject prefilled.
There is nothing else you can do because you cannot embed file streams in such mailto url.