I developed a contact form for my site and it is working and redirects to another url inside my domain when it is sent (for example lets say domain.com/sent). The thing is, if someone by chance decides to access the url domain.com/sent directly, it can be accessed like if he had submitted the form and was redirected there. I also have configured a 404 error custom page for any other page outside the existing ones, is there any way of disabling the domain.com/sent external access and redirecting to the error 404 page and keeping the sent page only for the users who really submitted the form?
Have the response to the POST request to the form handler set a cookie.
Have the handler for /sent test for that cookie and:
If it is set:
Delete the cookie
Display the sent page
If it not send:
Do something different such as displaying an error or redirecting
Related
I have configured a web server (based on Apache2) and thereĀ“s a contact form which redirects to domain.com/sent once information is sent by the user. However, this domain.com/sent page can be also accessed if it is manually searched in the URL. Is there any way of blocking external access to this page and throw a 404 error (already configured as a custom page) if this URL is searched manually instead of reaching it by the contact form?
Thanks in advance.
I have a situation, when I should to send a POST request to authenticate user, if it's succeed then server set a cookie and then we can get a protected page:
First request by Postman:
Second request (after first):
I need to implement it on web page. As I understand now, it's possible only via frames. How to do it? First request should be sent automatically after opening a page, so, user should open the page and see a protected page.
Cookie Authentication is you are trying to achieve?, here is are some links which will help to you with that.
https://dzone.com/articles/cookie-authentication-with-aspnet-core-20
I have a webpage /example with a form that has action="/submit". submit will process the data sent to the server, and return a 302 redirect back to /example.
I would like to have (the second) /example display some sort of response to the user based on what the user submits to /submit, such as an indication of success or failure.
Sending a 302 redirect doesn't seem to have any way to tell the client to send any additional message to /example, so the server is unable to determine if it should indicate success or failure when fetching /example for the client.
I could append the success or failure message to the 302 redirect url, i.e. redirect to /example?message=Succeeded, but that url will stay on the user's address bar as long as he continues to browse my /example page, which isn't very nice.
I could change the form to have action="/example", but I have multiple forms on the /example page, so I would need to use hidden <input> elements or other means to distinguish the requests submitted by the user to /example. This seems to be more of a hack than a proper solution.
What is the usual way this can be accomplished?
I am trying to build a front end application which will an input text box.
When a user enters an URL in the text field(ex www.google.com, wwww.facebook.com, www.linked.com, etc..), the web app should tell the user whether if the provided address has a re-direction?
Can it be done from ajax?
You can send a GET request to the URL and see what it returns.
Every HTTP response will come with a status code.
You can see the full list of HTTP status codes here: https://en.wikipedia.org/wiki/List_of_HTTP_status_codes
A 301 means the URL has a permanent redirect and a 302 means there is a temporary redirect.
I have a simple login form that submits to a service.
The service has the following behavior
If proper auth details are provided, the service accepts the login and redirects the user to the destination
If the login credentials are incorrect, the service responds by setting a 'abc-xyz' header. The html page submitting the form needs to read the 'abc-xyz' header and display and error message to the user.
I converted the form to make an AJAX call. Now I can read the response header and show the error message. But I'm running into CORS issues and limitations on the service doesn't permit me to configure the service to add the appropriate CORS headers. So I have to submit the form normally without AJAX. But when I do so (with wrong credentials for testing), the html form page refreshes thus losing all the headers.
Is it even possible to read the response headers with a regular form submission? Thanks.