I'm trying to have the HTML code check where a client came from so they can only access this page through a link and we will say this link is from Paypal after purchase and if they don't go through Paypal they will be redirected to the home page of my website, in this case, is home.com (not really).
My Code:
if(!isset($_SERVER['HTTP_REFERER'])){
<meta http-equiv="Refresh" content="0; url='https://bypassdetected!'" />
header('location:../index.php');
exit;
You would need to check if the contents of HTTP_REFERER includes 'paypal.com', although this is a dumb sort of check since it's easily spoofed and accomplishes little of value
Regarding the action your code then takes, you can't combine HTTP header location redirects with HTML redirects, it's one or the other, but if you do try to send both, the headers have to be set before any body content
Redirecting over to PayPal should be avoided in general. You should switch to a PayPal integration that does not use any redirects at all, such as this one: https://developer.paypal.com/demo/checkout/#/pattern/client -- then, your site always stays loaded in the background, which is a far better modern web experience
I am creating an appraisal application to accept apraisal for employees and store in the backend, The first page is a login page ,If user has successfully logged in it should redirect to another page which shows employees information but the catch here is that both pages are on local system ,as the browser runs in sandbox mode window.location is not working,I have tried many other similar options but still it doesn't work,I want to know can I use apache or some other server for this purpose.If yes what would be the way to do it
Use the meta-refresh keyword and supply a path.
somebody add an example, don't have one
I tried window.location.href() and got it to work
Here is the example redirection with meta tag.
<meta http-equiv="refresh" content="0;URL='http://bing.com/'" />
I have an old website on Weebly that I would like to redirect (302) to my new WordPress site, Endelve Design. As far as I know, the only way I can perform a 302 redirect with Weebly is by adding code to the header pages, so I am limited to using HTML and JavaScript. However, I would like to redirect pages like so:
http://ericburnett.net -> http://endelvedesign.com
http://ericburnett.net/blog.html -> http://endelvedesign.com
Essentially, I would like to redirect all pages in my old site to the home page of my new site. I do not want it to do this:
http://ericburnett.net/blog.html -> http://endelvedesign.com/blog.html
I find that if I use any of the following methods, it produces the undesired results seen above.
<meta http-equiv="refresh" content="0; url=http://endelvedesign.com" />
<script type="text/javascript"> window.location="http://endelvedesign.com"; </script>
Thanks!
Sorry for the delayed response. This question is not for this board, because it's more administration, than programing. First of all you need to know your way around the .htaccess file. In your case it's more than enough to know this line:
RedirectMatch 301 ^/.*$ http://endelvedesign.com/
It redirects all hits from your old site to your new site with code 301 (Permanent redirect).
The second part of your problem is accessing the file itself. I never used weebly, but after googling around for a while I found many solutions, ranging from praying to the moon gods while sacrificing sea water, to actually solving your problem by hand. There are 2 way which caught my eye.
The first one is via the SEO panel. In order to avoid the wall of text answer, i suggest you look for exact instructions here. If you are lazy to look at the link and/or good at managing on your own it in Setting->SEO->301 redirects. Judging by the tutorials it has some limitations.
The second method is to export/import your site. Basically you export your site, add the code above to the .htaccess file and you import the site back.
A friendly reminder: I never used weebly, so those resolutions are based on what I found on the subject, as in I never tested them.
You can just add a bit of javascript in the body.
<script>
window.location = "http://www.newurl.com";
</script>
This way you can redirect, but not set a 301 or 302 header.
I have a free webspace with the address
my.freewebhost.com
and a domain
mydomain.com
which redirects to the app directory of said webspace. I can reach my index.html with mydomain.com.
The index.html contains page anchors like this:
some content
Now when I hover over the anchor, I see
my.freewebhost.com/#
but I would expect something like this:
mydomain.com/#
What do I need to change?
It sounds like you're using "masked" forwarding rather than 301/302 redirects or a META tag redirect browser forwarding rather than DNS redirection.
If you're using "masked" forwarding, then your page is still being rendered on the original domain (my.freewebhost.com) instead of the desired domain (mydomain.com), which would yield the result you're seeing. But any type of forwarding will still ultimately lead your browser to render the page from "my.freewebhost.com".
UPDATE: What you're looking for is a CNAME (or A) record from "mydomain.com" to "my.freewebhost.com", rather than a page redirect at all. It sounds like you're using "masked" forwarding, or else it would be visually obvious that your page is redirecting to the other domain (and from your question it sounds like this is not visually obvious in the address bar) ... but the behavior you're looking for should involve a CNAME record (which operates behind-the-scenes at the DNS level) rather than any form of redirect (which affects the browser behavior). Some additional reference: http://support.dnsimple.com/articles/differences-a-cname-records/
Try changing some content to some content and see what happens.
.htaccess files, read into that.
link by: whatever you want to link
and in the .htaccess file you do:
RewriteRule ^/ path/to/file.fileextension [NC,L]
I load some HTML into an iframe but when a file referenced is using http, not https, I get the following error:
[blocked] The page at {current_pagename} ran insecure content from {referenced_filename}
Is there any way to turn this off or any way to get around it?
The iframe has no src attribute and the contents are set using:
frame.open();
frame.write(html);
frame.close();
Note: While this solution may have worked in some browsers when it was written in 2014, it no longer works. Navigating or redirecting to an HTTP URL in an iframe embedded in an HTTPS page is not permitted by modern browsers, even if the frame started out with an HTTPS URL.
The best solution I created is to simply use google as the ssl proxy...
https://www.google.com/search?q=%http://yourhttpsite.com&btnI=Im+Feeling+Lucky
Tested and works in firefox.
Other Methods:
Use a Third party such as embed.ly (but it it really only good for well known http APIs).
Create your own redirect script on an https page you control (a simple javascript redirect on a relative linked page should do the trick. Something like: (you can use any langauge/method)
https://example.com That has a iframe linking to...
https://example.com/utilities/redirect.html Which has a simple js redirect script like...
document.location.href ="http://thenonsslsite.com";
Alternatively, you could add an RSS feed or write some reader/parser to read the http site and display it within your https site.
You could/should also recommend to the http site owner that they create an ssl connection. If for no other reason than it increases seo.
Unless you can get the http site owner to create an ssl certificate, the most secure and permanent solution would be to create an RSS feed grabing the content you need (presumably you are not actually 'doing' anything on the http site -that is to say not logging in to any system).
The real issue is that having http elements inside a https site represents a security issue. There are no completely kosher ways around this security risk so the above are just current work arounds.
Note, that you can disable this security measure in most browsers (yourself, not for others). Also note that these 'hacks' may become obsolete over time.
Based on generality of this question, I think, that you'll need to setup your own HTTPS proxy on some server online. Do the following steps:
Prepare your proxy server - install IIS, Apache
Get valid SSL certificate to avoid security errors (free from startssl.com for example)
Write a wrapper, which will download insecure content (how to below)
From your site/app get https://yourproxy.com/?page=http://insecurepage.com
If you simply download remote site content via file_get_contents or similiar, you can still have insecure links to content. You'll have to find them with regex and also replace. Images are hard to solve, but Ï found workaround here: http://foundationphp.com/tutorials/image_proxy.php
I know this is an old post, but another solution would be to use cURL, for example:
redirect.php:
<?php
if (isset($_GET['url'])) {
$url = $_GET['url'];
$ch = curl_init();
$timeout = 5;
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $timeout);
$data = curl_exec($ch);
curl_close($ch);
echo $data;
}
then in your iframe tag, something like:
<iframe src="/redirect.php?url=http://www.example.com/"></iframe>
This is just a MINIMAL example to illustrate the idea -- it doesn't sanitize the URL, nor would it prevent someone else using the redirect.php for their own purposes. Consider these things in the context of your own site.
The upside, though, is it's more flexible. For example, you could add some validation of the curl'd $data to make sure it's really what you want before displaying it -- for example, test to make sure it's not a 404, and have alternate content of your own ready if it is.
Plus -- I'm a little weary of relying on Javascript redirects for anything important.
Cheers!
add <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests"> in head
reference: http://thehackernews.com/2015/04/disable-mixed-content-warning.html
browser compatibility: http://caniuse.com/#feat=upgradeinsecurerequests
You will always get warnings of blocked content in most browsers when trying to display non secure content on an https page. This is tricky if you want to embed stuff from other sites that aren't behind ssl. You can turn off the warnings or remove the blocking in your own browser but for other visitors it's a problem.
One way to do it is to load the content server side and save the images and other things to your server and display them from https.
You can also try using a service like embed.ly and get the content through them. They have support for getting the content behind https.
Using Google as the SSL proxy is not working currently,
Why?
If you opened any page from google, you will find there is a x-frame-options field in the header.
The X-Frame-Options HTTP response header can be used to indicate whether or not a browser should be allowed to render a page in a <frame>, <iframe> or <object>. Sites can use this to avoid clickjacking attacks, by ensuring
that their content is not embedded into other sites.
(Quote from MDN)
One of the solution
Below is my work around for this problem:
Upload the content to AWS S3, and it will create a https link for the resource.
Notice: set the permission to the html file for allowing everyone view it.
After that, we can using it as the src of iframe in the https websites.
You could try scraping whatever you need with PHP or another server side language, then put the iframe to the scraped content. Here's an example with PHP:
scrapedcontent.php:
<?php
$homepage = file_get_contents('http://www.example.com/');
echo $homepage;
?>
index.html:
<iframe src="scrapedcontent.php"></iframe>
Use your own HTTPS-to-HTTP reverse proxy.
If your use case is about a few, rarely changing URLs to embed into the iframe, you can simply set up a reverse proxy for this on your own server and configure it so that one https URL on your server maps to one http URL on the proxied server. Since a reverse proxy is fully serverside, the browser cannot discover that it is "only" talking to a proxy of the real website, and thus will not complain as the connection to the proxy uses SSL properly.
If for example you use Apache2 as your webserver, then see these instructions to create a reverse proxy.
Try to use protocol relative links.
Your link is http://example.com/script.js, use:
<script src="//example.com/script.js" type="text/javascript"></script>
In this way, you can leave the scheme free (do not indicate the protocol in the links) and trust that the browser uses the protocol of the embedded Web page. If your users visit the HTTP version of your Web page, the script will be loaded over http:// and if your users visit the HTTPS version of your Web site, the script will be loaded over https://.
Seen in: https://developer.mozilla.org/es/docs/Seguridad/MixedContent/arreglar_web_con_contenido_mixto
All you need to do is just use Google as a Proxy server.
https://www.google.ie/gwt/x?u=[YourHttpLink].
<iframe src="https://www.google.ie/gwt/x?u=[Your http link]"></iframe>
It worked for me.
Credits:- https://www.wikihow.com/Use-Google-As-a-Proxy