in my project i gave people a restful link,the link would redirect to a page with a lot of params ,i hope people to copy and share the short address instead of the long one.
i use redirect to do it but when the page redirecting, the url on the web browser also change, is there a way to avoid this?
i give a try to use iframe to build an inner page,that seems works,at least on ie10,newest fireforx and chrome
<html><body style="margin:0;padding:0"><iframe src="http://xxxxxx" height="100%" width="100%" frameborder="0"></iframe></body></html>
but it didn't work on some page for example 'www.google.com',and it is said it used x-frame options, but that's the case i didn't need to worry,2 domains both owned by the project. so would that be a solved problem?
Yes. X-Frame option is set if the website doesn't want u to run it in a frame on another domain. Its safe if you want to only run it on your sites. The sites must not have this header or the browser won't allow it to be loaded
Related
I have a static website, it only contains html and css. No javascript, no php, no databases. On this site, I'm using images, which I get from image-hosting websites (like imgur).
I've noticed when I visit my website (on Google Chrome at least), if I click the information button next to the URL, it says there are cookies on this site. If I click on the cookies button, it says The following cookies were set when you viewed this page and has a list from cookies, including from those sites that I use for image-hosting.
If I delete them, they come back after a while, but not immediately. I'm trying to avoid cookies as the site is very simple. Are they considered part of my site? If so, is there anything I can do, except hosting the images myself?
I always though that if you link to an image directly (as in a link ending in .png for example) it would be the same as if you were hosting the image yourself, and there would be no javascript being run (to save cookies).
Are they considered part of my site?
That depends on your perspective.
The browser doesn't consider them to be part of your site. Cookies are stored on a per-domain basis, so a cookie received in response to a request for an image from http://example.com will belong to http://example.com and not to your site.
However, for the purpose of privacy laws (such as GDPR) then they are considered part of your site and, if they are used by the third party to track personally identifiable information, you are required to jump through the usual GDPR hoops.
If so, is there anything I can do, except hosting the images myself?
Not really.
I always though that if you link to an image directly (as in a link ending in .png for example) it would be the same as if you were hosting the image yourself, and there would be no javascript being run (to save cookies).
Cookies are generally set with HTTP response headers, not with JavaScript.
Whenever a browser requests a file from a server it automatically forwards any cookie data along with the request. Image Hosting services may use that for different purposes.
I always though that if you link to an image directly (as in a link ending in .png for example) it would be the same as if you were hosting the image yourself, and there would be no javascript being run (to save cookies).
So the question is, how to they set these cookies?
Let's say, you use a simple img tag to load an image from a hoster.
<img src="imageHoster.tld/123xyz.png">
The site imageHoster.tld can handle that request by redirecting all requests to e.g. requestHandler.php and that file can set the cookie before sending the image with a simple
<?
setcookie("cookieName", "whateverValue", time()+3600);
header('content-type: image/png');
...
?>
What happens there is actually the same as if you would set the image source like that:
<img src="imageHoster.tld/requestHandler.php?img=123xyz">
Are they considered part of my site?
Since these so called third party cookies are set when visiting your site one could consider them as part of your site. To be on the safe side I would at least mention the use of third party services in the data privacy statement.
If so, is there anything I can do, except hosting the images myself?
Third party cookies can be disabled in the clients browser. But you can't disable them for the visitors of your site. So no, to avoid third parties setting cookies on client browsers visiting your site you can only avoid using their services.
Is there a way to create a Chrome extension to trick a site loaded in an iFrame into thinking it's not in a frame?
We load clients' sites into an iframe for demos, but some resources get blocked due to them disallowing being loaded in an iFrame. We'd like to load these sites into a frame as though you were browsing directly to the site in a standalone tab.
You should use the Chrome's webRequest in order to intercept the server response. See the API. Here you go for onHeadersReceived event where you are in control of any response headers => you need to remove X-Frame-Options header from the response.
That's pretty much it, if this is the only problem in loading those sites.
However, for the sake of completeness, in order to fully trick the browser (which you most likely do not need) you need also to inject a script into every page that would clear up some things like window.parent by simple removing them from window object and some other things like origin etc. However removing the header would work for 99.9999% of your use cases.
When I upload my website files to my server and goto my website, i see the index.html at the url bar of the browser. How can I hide this?
http://bakpinar.com/about/about-us.html
I would like it to look like in this example;
http://www.royaltyline.com
as you can see, you only see the website address in the url bar of the browser. And when you click to another page, it doesnt show the .php, .asp or .html extension, just shows the folder name.
To hide the extension shown in the address bar, you have two options.
If you control the server, you can define rules that rewrite the URL based on the one the user is trying to get to. In PHP you can use the .htaccess file to define mod_rewrite rules. For similar features to .htaccess you can install the application request routing module in IIS 7 and above. In IIS (Windows) you can set up default pages that come up when users go to particular sites.
You can also make that all of your pages are accessed through the same page using AJAX, or put all the content on the same page and hide it using CSS and display it with CSS and/or JS.
This is a very high level answer, because the specifics vary greatly from situation to situation.
An easy way to do this, in case someone is still looking, is to use a full-screen iFrame. No matter where on the page your users are, they will always only see the main url. This used to be very popular back in the day, but it was a terrible practise in terms of usability.
<html><head>the stuff</head><body>
<iframe src="http://bakpinar.com/about/about-us.html" width=100% height=100%></iframe></body></html>
Write that into the index.html file at http://www.royaltyline.com
Yes, you can do by javascript.
<script>
window.history.replaceState('','','/');
</script>
It's not actually a folder name. It's rewritten URL.
To do such things you should redirect all requests to one file (index.php for example), then parse URL and basing on its parts, show particular file.
To redirect everything to index.php, use mod_rewrite module of Apache + .htaccess file.
To choose specific file you can implement one of several approaches. It's usually called routing in design patterns.
Completely other approach would be to use AJAX for reloading content. But it's not the way it was made on the website you gave as example.
In general there is a lot of information about routing urls in PHP on the web. Just do some research.
You are effectively looking to rewrite URLs. If your web server is Apache you will be able to use the rewriting module (mod_rewrite) to direct requests to http://bakpinar.com/about/ to http://bakpinar.com/about/about-us.html
If you are not running Apache, most web servers will serve index.html as the default page when requesting a directory, so renaming
about-us.html
to
index.html
and changing incoming links to
/about/about-us.html
to simply
/about/
Will give you the same results.
I have a service and would like clients to be able to place this service on their website. I am looking at doing this by using an iframe. I will provide the code and they can just copy and paste the code to show the functionality. Each client will be discovered by the query string.
There is a concern that anyone can look at the source of the website, copy the iframe and add it to their own website therefore using the service and charging the original client. I obviously want to stop this.
Ideally, I would like to verify that the website that is using the iframe is linked to the client who registered to use the service. Is this possible at all? I know there are issues with cross domain security.
If it isn't possible, I guess I would need to create a widget instead.
For each client, have a whitelist of web sites that can embed the iframe. Then check the 'referer' header against that list whenever the page inside the iframe is loaded.
Or if http headers prove to be unreliable try using javascript, via parent.document.location.href
Is it possible to find out which page the user was previously browsing from current web page?
if you’re using PHP you can use $_SERVER['HTTP_REFERER'] but this information can be faked by browsers, so it’s not 100 % foolproof
Only if the page links to your page. Then you can look at the referrer.
http://en.wikipedia.org/wiki/HTTP_referrer
Or if it's a page on your domain, you can use analytics.
http://www.google.com/analytics/
You can look at the Referer HTTP header.
Try referrer (server side), but other than that - no.
It can't be done client side for security reasons - imagine you page checking visitors browse history - a big no no.