I am working in Drupal which generates JSON that can be assessed through a URL. The URL in turn is parsed by the app (made in Titanium) to show data.
Now the problem is that this URL can be publicly assessed by anyone too and one can see all the details. The app, on the other hand, shows the same data to the restrictive users.
My question is that how can I restrict anyone who opens the URL through a browser whilst allowing the app to assess the data through the same URL?
The URL looks like this:-
http://site.com/section/allowed-users-in-the-list.json
Many Thanks.
look into $_SERVER['HTTP_REFERER'] this will tell you where the script is coming from. You can do a validation there too.
Related
I am looking through the code for a chrome extension i use to see what data is reported back to devleoper/mother-ship. I see that the extension's code saves some info using 'chrome.storage.sync.set' which of course makes sense as the variables that are stored there are available to me not matter what computer I load the extension on.
My question is... does the developer have access to this data? I would guess not but wanted to make sure. I have been looking for other code that posts data or does something that could send data back to developer but this was the only thing that looked suspicious so far.
No, developer cannot access chrome.storage.sync data and no one can read this except you.
This location is access controlled by
User
Extension
Infact any other extension can not read other extension's data. You can think about this storage similar to localstorage.
Now, If I ask you a question
Does the website developer has access to different values stored in user's local storage ?
The answer is No. Developer can control what to save in this storage and the values are user specific and they remain on user's machine.
However, this comes with a catch. You have to look out for code like this in the extension:
chrome.storage.sync.get('key', function(obj) {
// Make ajax to upload the key value pair
});
But by default, developer do not have access.
Background
The UN Secretary-General and other organs issue hundreds of reports to the General Assembly each year, and there is no unified list of these reports, like there are for other documents. There is, however, a simplified url for reading these reports using their document codes http://undocs.org/[document code] with the document codes having the format A/[Session]/[Document Number]. An example document code would be "A/71/1" and the url for accessing it would be "https://undocs.org/A/71/1".
I'm trying to download all of these documents for the past 15 years, but instead of manually typing in each of these, I'd like to set up a Google Apps Script to do it for me.
Problem
When I try to use the simple method UrlFetchApp.fetch("http://undocs.org/A/71/1"); for example, it fetches an error page saying that I am using an unauthorized method of accessing the page. This is the same page that shows up if you block cookies or sometimes when you try to access the page in an incognito window.
Now, I'm not looking to hack into the UN, but simply to download some PDFs that are up for public access. I need to figure out what sort of parameters I need to pass with the .fetch() method for the request to be authorized by the page.
Note: I scoured the undocs.org site looking for any guidance, and I found none.
tl;dr
Trying to access United Nations Official Document System using the UrlFetchApp from Google Apps Script, but I can't figure out how to get the request to be authorized.
Short answer - I don't think you'll be able to get it with a one-line fetch.
If you look at the HTML returned when you fetch https://undocs.org/A/71/1, you'll see that it embeds a frame that gets its content from https://daccess-ods.un.org/access.nsf/Get?OpenAgent&DS=A/71/1&Lang=E. Then, if you look at the HTML returned by that frame, you'll see two things:
A frame that loads https://documents-dds-ny.un.org/prod/ods_mother.nsf?Login&Username=freeods2&Password=1234
A redirect to the actual PDF at https://documents-dds-ny.un.org/doc/UNDOC/GEN/N16/206/02/PDF/N1620602.pdf?OpenElement
I presume that the first link sets a cookie indicating that the login has occurred, which the second link then verifies before returning the content.
Things you could try:
A multi-step fetch, where you first get the content from undocs.org, parse it to get the link to the actual PDF, then login and fetch the PDF. Google Apps Script would have to persist cookies between fetches though.
Write your script in different tool (such as Python).
Use a spider/crawler tool to navigate the UN site as if it was a real human.
I am able to load and display files using the HTMLLoader class. http://help.adobe.com/en_US/FlashPlatform/reference/actionscript/3/flash/html/HTMLLoader.html
Problem is, when a user navigates to a download link or an upload button, nothing happens. I heard somewhere that any downloads get sent over to the user's main document folder. Anyway to intercept this and get some details? Someone in my browsing history suggested to somehow get it using the Socket class to fetch it's data and control where it would go using the File class. I couldn't make out the demonstration.
Bonus question...what properties do I have to set to make Google understand that this browser is not a bot? I get this in plain text when trying to navgiate to http://www.google.com . It's other services work completely fine though.
Google
Sorry...
We're sorry...
... but your computer or network may be sending automated queries. To protect our users, we can't process your request right now.
I am currently making a processing program, where a part of it will be to acess some information from at website. The website will be an HTML file, where some information is stored, which i need to acess and parse. I know how to open a html file, but my problem is that it is supposed to acess a list, which is generated after a login on the website. How do i do that?
This is the website, right after loading the HTML file:
http://i.imgur.com/kGIkyle.png
After a login, the website will begin to spit out data every two seconds.
I wanna acess the data in the ordered list, and i wanna acess it every two seconds in my processing program. How do i do that?
This is the website, after a login, after a moment.
http://i.imgur.com/O743fNJ.png
When you use a web browser to submit a login, you're really interacting with the server. Usually the web browser submits a POST request containing the login information (like a username and password), and the server responds with the next webpage to load.
The details of this are going to depend on the website you're interacting with. Some websites might use AJAX to submit the data and then trigger some JavaScript to run.
The point is, you're going to have to understand exactly how the underlying web server and webpage works. Then you're going to have to use the rules of those interactions to issue the appropriate requests from your Processing code.
It might be as simple as submitting the login credentials in the url itself and then just scraping the information from the webpage.
More likely, you're going to have to interact with some kind of web API and do the requests yourself. Google "Java post request" for more info.
Of course, all of this assumes that the website is open to people using it. If this website isn't yours, it could also be locked down and unavailable to you.
I'm trying to use the Google Docs Viewer. It seems to work fine for PPT. Example this works:
http://docs.google.com/viewer?url=http://www.microsoft.com/presspass/download/press/2008/02-01yahoo.ppt
In my app I have files uploaded as private for security. This appears to be breaking Google Docs or maybe I'm encoding something wrong.
The URL I'm sending to Google Docs Viewer is like so (sample URL):
https://s3.amazonaws.com/dev/1/attachments/243/1/original/02-01yahoo.ppt?AWSAccessKeyId=17VVCSSS3H6Y3129H3G2&Expires=1294131584&Signature=3141havYNS7JCpsTLE6Ppo3yXkc%3D
That breaks google docs, it can take it. Do I need to encode this differently?
Thanks!
You need to encode at least the ampersands (&) to %26
In whatever language you are using there should be a function for url encoding. In php it is urlencode(). In javascript you will want to use encodeURIComponent()
You can't. Your documents must be publicly accessible for Google's servers to view them and render them. When I try to view the URL you posted, it gives me "Access Denied."
Imagine trying to view a powerpoint on your computer at /Users/you/Desktop/mypowerpoint.ppt. Since it's not a publicly accessible file, you wouldn't expect anyone to be able to view it, let alone Google's servers. Google would not be able to access http://docs.google.com/viewer?url=file:///Users/you/Desktop/mypowerpoint.ppt, just like it can't get to your Access-Restricted page.
If, however, the URL you provide has an access key (which I see is a part of your "sample url") which allows anyone with that access key to view it, it should work, and #Mike is right -- you will need to URL encode it so as to not confuse Amazon's URL parameters with the Google Docs Viewer's parameters. In that case, if you're working with Ruby on Rails, which your history of questions suggestions, you'll want to use
<%=u "http://www.yoururl.com/?someparameter=true&file=myfile.ppt" %>
Well you can do this if you can download the files from the instant url generated by s3 php library. All you have tp do is to put google url + encoded ( instant generated file ).
Google view will be able to read it if the link is not expired.
that's it
$generated_file = $obj->gs_prepareS3URL($file);
$encoded_url = rawurlencode($generated_file);
$google_docs = "http://docs.google.com/viewer?url=";
redirect($google_docs.$encoded_url);