for developement reasons (working with facebook-connect) i put the connect iframe in an iframe. on that way i am able to work on the connect-thing independent of my ip and don't have to develop on the live-server.
the iframe holding the connect-button iframe is on my server, accessing the same db-server as the developer version (developer version is running on localhsot).
as far as good ... BUT
how can i let the parent site know, that the user has connected, so that i get his profile-picture displayd as reaction to this?
how can i react in generally on an action/event/JS in an iframe? is there a way?
can the iframe post data to the parent site? like a time-stamp and fb_userid?
if the iframe stuff doesn't work ...
i thougt of saving the ip to the fb_userid (to db) and check matches ... but i don't like this idea.
You can pass variables to frames using query string format through src attribute of the iframe, eg:
<iframe src="mysite.com?var=test"............>
Well thanks to #Sarfraz Ahmed, your post was the inspiration for my solution:
With the src of the iframe, I send the current session id as GET parameter.
<iframe src="http://www.online_host.com/scriptxy.php?id_session=<?=session_id()?>"></iframe>
Then the script in the iframe makes a callback after some action, like
<script>
location.href="http://localhost/localscript.php?id_session=<?=$_REQUEST['id_session']?>¶meters_here=something";
</script>
It should be noticed, that the GET parameters name has not to be "sessionid", or "sessid", because this is not allowed with the most apache installations.
In PHP localscript.php, you do something like:
session_id($_REQUEST['id_session']);
session_regenerate_id();
$_SESSION['param1'] = $_REQUEST['param1'];
...
Now you can access the sessiondata in your current locally running PHP. Together with a triggered AJAX request interval this works good enough for development.
The thing is, i'm using CodeIgniter (with PostgreSQL and the session-plugin ecko) and getting a memory problem in the PostgreSQL driver script, which i didn't figure out until now.
Related
I want to speed up my Selenium tests and noticed that a lot of time is being spent on login procedure.
Login on web application is implemented via localStorage session token (probably OAuth 2.0). I know how to set it once a browser starts and login page loads:
localStorage.setItem(key, value)
It works great. But is it possible to make the browser to pick up custom localStorage using Selenium (Java).
Is it profile?
Well this works for me in python
driver.excute_script('javascript:localStorage.(funtion of localStorage)')
so I suppose well you can set up a validation token like I use for test, and of course I get my auth_token from the database first, but it works like this
driver.excuteScript('javascript:localStorage.token="your validation token";');
should work
I set the authentication in control panel as below:
and i call the viewer by this code:
$.ajax({url: 'http://192.168.17.31/viewer',
headers: {'thisistheheadername':'thisistheheadername'},
type : 'GET'
});
but still request redirects to login page:
http://192.168.17.31/viewer/login
I'm not totally sure what you're trying to do. I've never seen AJAX used with Datazen like this, although I suppose I can understand how it might work. Of course, it won't be secure, because the browser could always indicate who the user should be--there's no checking.
The top chart in this answer might help you. But beyond that, what tells you it's sending to the login page? Where are you trying to display the results?
The two things I would check on outside of those, though, are:
Your header is not correct, unless you've got a user named "thisistheheadername" as well. You should be passing a username through that value. I don't recall specifically, but it could send you to the login page if it doesn't recognize the username.
Are you sure external authentication is enabled? I would check in the "Configuration" section on the server to ensure it isn't still "default." The core service must be stopped before changes are persisted.
I'm looking to do some dead-simple logging from a web app (client-side) to some remote service/endpoint. Sure, I could roll my own, but for the purpose of this task, let's assume I want an existing service like Logentries/Splunk/Logstash so that my viewers can still log debugging info if my backend goes down.
Most logging services offer an API where I can import some <script/> onto my page and then use an API like LE.log('string', data); [Logentries example]. However that pulls in a JS dependency and uses cross-domain XHR for probably well-founded reasons (like URI length limitations).
My question is if anyone can point me to a service that will let me send simple query params to a "pixel" endpoint (similar to how Google Analytics does it). Something like:
<script>
new Image().src = 'http://something.io/pixel/log/<API_TOKEN>?some_data=1234';
</script>
-- or, in pure HTML --
<img src="http://something.io/pixel/log/<API_TOKEN>?some_data=1234" style="display:none" />
I'd assume some of the big names in the logging-as-a-service space would have something like this but I've not found anything (or it's too specific to turn up any search results).
This would not be for analytics so much as error logging, debugging, etc. Fire-and-forget sort of stuff.
Any advice appreciated.
It's possible to do this with Logentries, they offer a pixel tracker.
They require that data is sent in a base64 encoding, but that's quite simple in Javascript.
From their documentation:
var encoded = encodeURIComponent(btoa("Log message"));
This data can then be used in a pixel tracker like this:
<img src="https://js.logentries.com/v1/logs/{API-TOKEN}?e={ENCODED_DATA}/">
I'm building a Chrome extension that will let you add a bunch of new reactions to Facebook posts. You can see the first version of it here: http://reactions.us/
The way I'm handling it now is a bit inelegant. When a user adds a "reaction", I'm adding a custom emoticon as a comment and then parsing it, removing the original comment from the dom, and adding the corresponding "reaction" to the post.
Here's what I would like to do
I would like to reach out to an external api, say at http://api.reactions.us, in order to set and get the reactions for a certain story. In order to do this I (think) I need to add an ajax call to the page. But when I add the ajax call to a "web_accessible_resources" script that's loaded onto the page via an init script in "content_scripts" I get this error:
Refused to connect to 'http://reactions.us/getReactions?id=111' because it violates the following Content Security Policy directive: "connect-src https://*.facebook.com http://*.facebook.com https://*.fbcdn.net http://*.fbcdn.net *.facebook.net *.spotilocal.com:* https://*.akamaihd.net ws://*.facebook.com:* http://*.akamaihd.net https://fb.scanandcleanlocal.com:* *.atlassolutions.com http://attachment.fbsbx.com https://attachment.fbsbx.com".
Here's the relevant code in the plugin: https://github.com/ollerac/New-Facebook-Reactions/blob/master/reactions.js#L161
Any help would be greatly appreciated. Perhaps there's a way to pass messages between the content scripts and the web accessible resources?
I found the answer. I had followed the advice of this post when I first started: Insert code into the page context using a content script
It suggests injecting your scripts directly into the page if you don't need access to any of the chrome API functions and that's exactly what I did because I didn't need them before.
But you can do pretty much the same thing (access and modify the dom -- and now even make ajax requests) merely with content scripts.
This post is helpful when talking about Cross-domain XMLHttpRequest using content scripts: Cross-domain XMLHttpRequest using background pages
I would like to create a relative link that switches the current protocol from http to https. The last place I worked had something set up on the server so that you could make that happen, but I don't remember much about it and I never knew how it worked.
The rationale for this is that I wouldn't need to hardcode server names in files that need to move in between production and development environments.
Is there a way for this to work in IIS 6.0?
Edit:
I am using .NET, but the "link" I'm creating will not be dynamically generated. If you really want the nitty gritty details, I am using a redirect macro in Umbraco that requires a URL to be passed in.
Here's a simple solution in VB.NET:
Imports System.Web.HttpContext
Public Shared Sub SetSSL(Optional ByVal bEnable As Boolean = False)
If bEnable Then
If Not Current.Request.IsSecureConnection Then
Dim strHTTPS As String = "https://www.mysite.com"
Current.Response.Clear()
Current.Response.Status = "301 Moved Permanently"
Current.Response.AddHeader("Location", strHTTPS & Current.Request.RawUrl)
Current.Response.End()
End If
Else
If Current.Request.IsSecureConnection Then
Dim strHTTP As String = "http://www.mysite.com"
Current.Response.Clear()
Current.Response.Status = "301 Moved Permanently"
Current.Response.AddHeader("Location", strHTTP & Current.Request.RawUrl)
Current.Response.End()
End If
End If
End Sub
Usage:
'Enable SSL
SetSSL(True)
'Disable SSL
SetSSL(False)
You could add this to the Page_Load of each of your pages. Or you could do something like I did and create a list of folders or pages that you want secured in your global.asax and set the SSL accordingly in the Application_BeginRequest method. And this will work with relative links and the HTTP or HTTPS status of a page will always be what you tell it to be in the code.
I have this code in place on several websites. But as an example, if you go to https://www.techinsurance.com you'll notice it automatically redirects to http because the home page doesn't need to be secured. And the reverse will happen if you try to hit a page that needs to be secured such as http://www.techinsurance.com/quote/login.aspx
You may notice that I'm using 301 (permanent) redirects. The side benefit here is that search engines will update their index based on a 301 redirect code.
Which language/framework are you using?
You should be able to create your own function in which you pass in the relative page and you deduce from the HttpRequest object and the Server object (again depending on the language or framework) what the host and URL are and then just simply redirect to that URL but with https as a prefix.
Here is a good CodeProject article on doing this by specifying certain directories and files that you want to use SSL. It will automatically switch these to and from https based on your needs.
I've use this for a project, and it works really well.
This is the same answer I gave here:
Yes you can. I recommend this free open source DLL that lets you designate which pages and folders need SSL and which don't:
http://www.codeproject.com/KB/web-security/WebPageSecurity_v2.aspx
So you can setup a page to be secure in your web.config like this:
<secureWebPages encryptedUri="www.example.com" unencryptedUri="www.example.com" mode="RemoteOnly" >
<files>
<add path="/MustBeSecure.aspx" secure="Secure" />
</files>
</secureWebPages>
We ended up buying ISAPI Rewrite to perform redirects at the web server level for certain URLs. That's not quite the answer I was looking for when I asked the question, but it's what works for us.