Develop Reference

Debug javascript from a generated page

In my application I made some computing server side with a Javascript interpreter. I'd like to take advantage from F12 debug engine in my browser chroome to let the user debug his scripts. To do that a generare a new page and open it in a new window
var xhttp = new XMLHttpRequest();
xhttp.open("POST", "/test/tipoManufatto", true);
xhttp.setRequestHeader("Content-Type", "application/json");
xhttp.onreadystatechange = function() {
if (this.readyState == 4 && this.status == 200) {
var new_window = window.open(null, '');
new_window.document.write(this.responseText);
}
};
xhttp.send(JSON.stringify($scope.tc.selected));
the page is generated correctly and the server side generated scripts runs fine but if get into F12 tools
I cannot see my script in the source tab therefore I cannot set any breakpoints.
Is there a better way to open a dynamically generated page in a new window? I need to generate the page from the back-end with a POST verb in order to send some data.
Here is what my network tabs looks like

Get where requests coming from to my website

I'm having a simple PHP page that generates random json values and returns it to the user.
I want to know what website is using this page to get data using curl or javascript.
for example:
the PHP page:
$datas['random'] = ['firstValue'=>'Hello', 'secondValue'=>'world'];
header('Content-Type: application/json');
echo json_encode($datas);
now that code will return this value
{"random":{"firstValue":"Hello","secondValue":"world"}}
what I want to do is: if someone used this file in his website using curl or javascript I want to be able to know which website is using it and what website requested it.
if the website http://example.com used this code in the website
var xhttp = new XMLHttpRequest();
xhttp.onreadystatechange = function () {
if (this.readyState === 4) {
if (this.status === 200) {
resolve(this.responseText);
} else if (this.response == null && this.status === 0) {
var reason = new Error('OFFLINE');
reject(reason);
} else {
var reason = new Error('ERROR');
reject(reason);
}
}
};
xhttp.open("GET", "jsonpage.php", true);
xhttp.send();
I want to be able to know that the website http://example.php requested the file, without using extra value jsonpage.php?website=example.com
is there any way to do it using PHP.

You can check the IP address of the party making the call to jsonpage.php, but to the best of my knowledge, not the domain.
$_SERVER['REMOTE_ADDR'] contains the real IP address of the connecting party. That is the most reliable value you can find.
However, they can be behind a proxy server in which case the proxy may have set the $_SERVER['HTTP_X_FORWARDED_FOR'], but this value is easily spoofed. For example, it can be set by someone without a proxy, or the IP can be an internal IP from the LAN behind the proxy.
Finally, if your concern is that only some people should have access to jsonpage.php, I suggest you implement either a public/private API key or oAuth to ensure only the right people have access.
Further reading: How to get the client IP address in PHP

you can using $_SERVER['HTTP_REFERER'] which will gives you which website is getting your info's but it's not really reliable because it's easy to change from the source.

JavaScript: How to access to a given URL without opening its web page in a browser

I would like to know if it is possible in JavaScript to access to a given URL without opening its web page in a browser . Actually, what I'm really trying to do is parsing through a page (given its URL) and clicking on the first link that it contains without even opening that web page in my browser. Is that doable with JavaScript. In case it is, how should I do that? What function (or functions) should I use? In case it is not, what would the alternative solutions be?

What you need is to make an HTTP request to the URL and process the results. You can do that in JavaScript using the XMLHttpRequest object. Example:
var xhttp = new XMLHttpRequest();
xhttp.onreadystatechange = function() {
if (this.readyState == 4 && this.status == 200) {
console.log(this.responseText);
}
};
xhttp.open("GET", "put_the_URL_here", true);
xhttp.send();
However, it is easier to use a library like jQuery.Ajax for that:
$.ajax({
url: "put_the_URL_here",
context: document.body
}).success(function(data) {
console.log(data);
});
For this to work, the URL that you're trying to access must have CORS enabled.

Am I able to write a chrome extension that can grab a registration cookie from another website and set it with that same value on the current page?

I started writing some code for this and have ran into this exception in the console:
"No 'Access-Control-Allow-Origin' header is present on the requested resource."
I came here to ask if I should continue trying or if this is even possible. I am aware that you can also use an iFrame but from looking at other posts you cant pull cookies out of the site an iFrame points to.
The only JS ive written thus far for the extension:
(function loadXMLDoc() {
var xmlhttp = new XMLHttpRequest();
xmlhttp.onreadystatechange = function() {
if (xmlhttp.readyState == 4 || xmlhttp.status == 200) {
console.log(xmlhttp.getResponseHeader('Set-Cookie'));
var response = xmlhttp.getResponseHeader('Set-Cookie');
}
}
xmlhttp.open("GET", "https://www.cars.com/profile/global/user-summary/",
true);
xmlhttp.send();
})()

Javascript security stopping me?

I'm pretty sure it's a security issue keeping me from doing this, but I wonder if there's a workaround I don't know of...
I have a script to inject a user's email into the contact DB of my client and it's bombing in IE but working in FF, Chrome (as usual). Just wondering if I can add the server to the trust or something to make it work?
<script type="text/javascript">
window.onload = init;
//Global XMLHTTP Request object
var XmlHttp;
function CreateXmlHttp() {
//Creating object of XMLHTTP in IE
try {
XmlHttp = new ActiveXObject("Msxml2.XMLHTTP");
}
catch (e) {
try {
XmlHttp = new ActiveXObject("Microsoft.XMLHTTP");
}
catch (ex) {
XmlHttp = null;
}
}
//Creating object of XMLHTTP in Mozilla and Safari
if (!XmlHttp && typeof XMLHttpRequest != "undefined") {
XmlHttp = new XMLHttpRequest();
}
}
function init() {
var x = document.getElementsByName("btnContinue");
x[0].onclick = submitForm;
}
function submitForm() {
var x = document.getElementsByName('Email');
if (x[0].value.length > 0) {
CreateXmlHttp();
XmlHttp.open("POST", "https://app.icontact.com/icp/signup.php", false);
XmlHttp.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
XmlHttp.send("redirect='http://www.xyz.com/articles.asp?ID=97'&errorredirect='http://www.xyz.com/articles.asp?ID=256'&fields_email=" +
x[0].value + "&listid=123&specialid:123=YP7I&clientid=123&formid=123&reallistid=1&doubleopt=0&Submit=Submit");
}
}
</script>
I'd appreciate any insight.
Thanks!

My first suggestion would be to try creating XMLHttpRequest before ActiveX Objects. IE7 and up DO support AJAX the way other browsers do.
Next, you should use relative paths in the open() method. Although I think form your question it's something that'll need to be able to run on any site? In that case I'd suggest creating a form and an iframe and using the "old" method.

It is a same-origin policy issue. The allow access content headers may be set, but the IE ActiveXObject won't use them. XMLHttpRequests obey the headers and will work on browsers that support them.
See this question:
AJAX Permission Denied On IE?
Though it doesn't look like they found a solution for an IE compatible cross-domain POST...
If you could proxy it through your web server (Make a POST to your server), and have the server make the POST, your problem would be solved.

On new browsers, you can use cross-domain XHR if you can have a special HTTP header on the page you request.
http://ejohn.org/blog/cross-site-xmlhttprequest/
Or you can use dynamic script loading.