We have a simple web site for our company, deployed under IIS. it contains 5 html pages with CSS, and some HTML web pages have links to other HTML pages, such as go to home page. now i want to check if my web site generated cookies at users machines or not? so can i do so? and usually does HTML web sites that do not have any login generated cookies?
Edit:
Using chrome development tools (F12) i have found the following:-
Load the development tools in your favourite web browser, then load your website.
In Chrome, the cookies will appear in the 'Application Tab' of the development tools, and under 'Storage' you will see 'Cookies.' Microsoft Edge has them in 'Debugger> Cookies'
Expand that and it will show all the cookies that have been delivered by your website.
It's possible for a 'HTML only' site to be delivering cookies, especially if you have 3rd party content.
Most of the cookies are generated on your Server Side and sent to the client.
You will have to go through your code and see whether it generates cookies.
Usually, if it's a regular HTML page, your server won't create a session for that and most likely that no cookie be sent to the client.
Otherwise, If you use .aspx pages or MVC (for example..) most likely that your server will generate Session Cookie and send it with the response to the client.
Another thing you'll have to check is whether your pages contain references to 3rd-party websites i.e includes of .css / .js files from CDNs like
Cloudflare - these CDNs usually put their own cookie in your client's browser.
And lastly, your pages might contain scripts like Google Analytics which put some cookies in your client's browser.
A HTML Page is not creating any cookies. Maybe you are mixing up Cache with Cookies? For example in PHP you have to define what shall be saved into a cookie. If you don't define any Cookie Variables, there won't be any cookies.
Related
I am making an ASP.NET application and would like to be able for my file upload to allow attachments to be dragged straight from Gmail. The problem is that I cannot load the data from the links dragged in because of cross-origin rules.
There are 2 problems:
First, cross-origin rules prevent me from making requests to the gmail attachment server.
Second, even if I were to make the request with cross-origin, the cookies would not be included.
I am using Chrome and only interested in doing this on my own computers.
One option is I could make a Chrome extension which allows cross-origin requests but only from my website.
Another option would be for my locally hosted server to communicate with Chrome to make the request itself.
Which of these would be the best option and how would I do it?
I have a site whose pre-production environments use HTTP basic authentication to prevent unauthorized access. Recently, we've added a CDN (AWS Cloudfront) and we intend to use basic authentication (FWIW, using Lambda#Edge) for those pre-production CDN environments, as well.
While we've already implemented basic authentication on the web application (we're able to access the site after authentication), and have rudimentarily implemented basic authentication on the CDN (we're able to, say, access an image directly, after authentication), we're having trouble combining the two.
The web application includes images in the normal ways (e.g., via HTML and CSS includes). For instance, my site, https://www.example.com, has the following in its HTML:
<img src="https://cdn-files.example.com/foob.png" />
Using Chrome, when hitting the web application, I get a double-challenge (one for the app's domain and one for the CDN, each in turn), and the image loads.
Using Firefox, I get a single challenge, and the page loads, but the image fails to load (that request's response is 401).
Question 1: (Most streamlined option.) Is it possible, through the right configuration settings, to get the browser to pass through the credentials from the app's domain to the CDN domain? If so, what configurations are needed?
If not:
Question 2: (Less streamlined: Double-challenge.) What's the right combination of configurations (presumably, headers, etc.) to get the images, etc., to load on the web app?
I would prefer not to embed the credentials in the URLs, if at all possible.
I am new to computer networks and have a simple question. Assuming that we want to visit a website www.aaa.com, and the website includes a picture . When we try to access aaa.com, who launched the resource request on bbb.com, the aaa.com server or the user-side browser? I have two thoughts:
User first downloaded the html file of aaa.com and the browser executed the code in it, so the user browser finishes resource request.
The aaa.com launches the request, and prepares all the sources, then gives back to user browser.
Which idea is right?
Unless a visitor is using a proxy which redirects all traffic through website aaa.com then what bbb.com site will see is a request made from the users browser.
Your HTML file essentially acts as a pointer to all the resources needed by the website; browser then fetches all the resources accordingly. This is usually called a Cross-Origin call.
You can open up your Developer Tools in your browser to see the calls under the Network tab.
If you want to delve deeper into the subject take a look at CORS on MDN.
Hi we have a mobile app (iOS and Android) that needs to display a few web pages using embedded UIWebView or WebView. These pages need to support offline browsing for 7-10 days. We are considering two alternatives - AppCache and cache-control header:
cache-control: max-age=604800
We ran many proof of concepts using both approaches. Both approaches seem to give us what we need. Cache-control seems to have the slight advantage that we can set its value in web server configuration using wildcard for all JS, CSS and image files. Where as for cache manifest we need to list each file individually.
Having said all that, I do not find anyone attempting to build an offline app using cache-control. Nearly all article and blog post uses AppCache. Is there something I am missing here?
One problem with using cache-control for offline is that the user would need to visit all the pages in the app before leaving, otherwise they would not get cached for use next time they visit. The App Cache lists all the required pages and caches them all straight away.
cache-control is also not designed to support offline apps (it would seem), and there are catches, such as browsers not loading from the cache in some circumstances. So you cannot guarantee that the browser will not try to send a request for the resource while offline (resulting in the page showing network failure).
Basically, if you want it to work reliably, you should use App Cache or Service Workers.
I added a operation to use the microphone for my GitHub Pages hosted blog. But Chrome keeps on asking for media permissions again and again. I found out it Access Camera & Microphone in Chrome supports. The error message is:
"If you select Allow on a "http" URL your preference will not be remembered in future visits."
How do I set up or use HTTPS on GitHub Pages? Or at least how can I make Chrome remember to Allow in the preference.
Since June 2016 (three years later), GitHub pages do support https!
See "HTTPS for GitHub Pages"
GitHub Pages now officially1 supports HTTPS for all <username>.github.io sites. HTTPS provides a layer of encryption that prevents others from snooping on or tampering with traffic to your Pages site.
You can now visit *.github.io sites using HTTPS and configure HTTPS enforcement for your site.
With HTTPS enforcement enabled, any HTTP requests to your github.io site will be transparently redirected to HTTPS.
No need to adjust anything in your Chrome.
Github pages does not support https see https://help.github.com/articles/what-are-github-pages