adding context information to the URL - html

I need to add context or the current state of my website to the URL of the page.. So that if a user copies and sends the URL to another user. The other user can see the exact state of the website that the sender was watching, i.e. the tab he was in,and the data he was viewing. I have seen similar things being implemented in other websites like facebook, gmail, etc but I don't know how to do that in my application. How should I approach this problem?

Use pushState and friends to modify the URL to one which your server can use to deliver a page that starts in the desired state.

Related

What is the correct way to change html dynamically using django

Suppose we have a login page where, in the first stage, we are asked to enter our email. We send this information to the server, which searches whether there is an account with this email, and if there is, our goal is to change the state of the page, to a page where the user is asked to enter the password for this account. If, on the other hand, there is no account with that email, the state of the page changes to one where the user signs up. And let's say that, for the sake of aesthetics, all this happens using the same url.
My question is, what is the correct way to inform the client's page to what stage to go into?
Sending the whole html code is an option, but this seems like it will put too much pressure on the server. Is there a cleaner way, that we can send less information, and still be able to have the same result?
I am new to django and web dev so please explain thoroughly.
For a browser engine submitting a form with email is a new page request and a new rendering of HTML after that. The source of new HTML code is your server with Django, so you should generate a new HTML with a relevant template and send it as a response.
Such user provoked events change a state of your application for a given user session, not a page.
For speed you can use caches for styles, for menus, for HTML snippets (headers and footers).
Also you can make a one-page application, but you must use JavaScript framework for it. Then your JavaScript code executing in client's browser can request concise JSON with necessary information instead of full HTML.
Then your JavaScript framework is responsible for a correct insert new dynamic HTML elements in the current document object model (DOM).

How to add a hyperlink to a password protected area of a website bypassing password login?

I am trying to add a hyperlink to an area of another website requiring login to view files. The target website will be a photo gallery website which then will be accessible on my website.
My question is this. Is it possible to encode login information into a hyperlink therefore bypassing login when hyperlink is clicked? Please let me know your thoughts.
Short answer: Client-side, this would be near-impossible, considering you cannot send form data via a hyperlink (though you can receive it, but then that gets dynamically added to the URL via method POST.) You can do this, however, by using Javascript by using a submit button (if the page doesn't have protection against csrf) which can dynamically inject parameters via a form, but then you would need a POST request cross-domain which is where my point with needing admin access comes in;
If you were to attempt to do this server-side, you would have to have admin access to both sites, certainly not just to site A. From then you can inject parameters into the hyperlinks via server-side scripting languages such as PHP or Python, which would then add the required information to the form upon landing on site B. But you must (must) be careful, this opens up the potential of a serious security compromise depending on how you allow users to log in to your site. Assuming it's yours. Either way, this is still a bad idea, which concludes to my
Shorter answer: No.

redirecting webpage programmatically

I have a feedback page in my website. In my website's homepage, when someone clicks on 'Feedback', it will open a modal window to ask a human verification question. If the response is correct, i want to programatically open the url to my feedback page.
My concerns is:
The feedback page should not be accessible by directly entering the url,i.e., www.mysite\feedback.html. How can i prevent this from opening my feedback page?
I'm also aware that my anti-spamming effort isnt the best option, but for now i dont need a robust mechanism.
Any solution?
Thanks.
Why don't you just put the CAPTCHA on your feedback page?
If that's not an option you need to use sessions to store the "captcha passed" flag and check for it on the contact page (also in your server-side code). After successfully submitting the form you need to clear the flag so someone cannot spam manually after completing just a single captcha.
You should be able to access the Referrer header of the request in your web platform. You can check this value to see if the referrer is from a page you accept. If not, you can return a 403 or whatever response, and if so, you can return the actual page. You will need access to a server-side framework, such as PHP or ASP.NET. Note, however, that it is easy to create HTTP requests and spoof the Referrer header.

Reveal Tab with Unique content based on location

Lots of marketing articles suggest using a coupon as an incentive in a reveal tab, but I don't see how you would prevent people who have liked your page from abusing the coupon by accessing it over and over.
In my app, I want to offer a coupon that the user sees only the first time they like a page. Users who have been to that page before would not be able to access it again.
I also want to limit who can see it based on location.
When your iframe fan page is rendered, Facebook sents an HTTP POSt to your page with a signed_request post parameter. If you decode it, you will get details about whether they like your page and what country/language they are from. If country works for you, then you are all set for that part. Restricting the coupon to only being viewed is not possible based on the anonymous information Facebook sends. You would need to create an application and have the user approve your application so you can get their ID and log that they have seen it. This would also give you more detailed information about where they are located.

When redirecting users from a legacy website to the new one, what is the best way to detect whether or not to show them a custom welcome message?

Say you have a legacy website running on an old code-base that offers certain functionality. The successor website is up and running, providing all the old functionality and more. For some time, there has been an HTML link on the old site pointing to the new one, for those users that care to click over.
Now, the legacy site is reaching its end of life, and you want to automatically redirect users to the new site, for example via a 301 or 302 redirect. However, when a user encounters this redirect, you want to also display a friendly message on the new site welcoming them and explaining why they are not seeing the old version.
When the user clicks an HTML link, the HTTP_REFERER header is populated, and the welcome message can be triggered via that value. However it appears that the same is not true when using 3XX redirect codes.
The top Google hit for this issue has this to say:
"HTTP 1.1 specification states it clearly: if a 3XX code is given, no
Referer value is passed. (eventualy, the URL that pointed to 3XX site)."
(http://www.usenet-forums.com/apache-web-server/37811-how-set-referer-redirect.html#post145986)
However I could not find this statement in a quick read through the spec (https://www.rfc-editor.org/rfc/rfc2616).
Can anyone suggest the proper way to achieve this functionality?
Note: This is not meant to be an all-encompassing solution. We understand that some clients don't even send the HTTP_REFERER header for privacy reasons, but for the sake of argument, let's ignore that use case.
First, This should be a 301, not a 302 redirect. Your redirection is permanent, so you want to indicate that. As to how to indicate the redirect, just add a parm to the url. Instead of redirecting to http://www.newsite.com redirect them to http://www.newsite.com?FromOldSite=Y
Could you just redirect them to a specific launch page? Like if try try to visit http://oldsite.com/desired/page, just send them to http://newsite.com/welcome?nextpage=/desired/page. The welcome page could show the message and then pass them over to the content. Alternatively, you could send them right to the new page with a ?show_welcome=true in the URL.
Not sure how you plan to redirect your users, but if you don't want to "ugly" up your URL, you might just set your own custom header when hitting the old site and then check for it at the new.