Is it possible to replace the origin of the URL without reloading the page? Say I am at www.example.com, how can I change the URL to be www.foo.com or whatever without reloading the page? I tried using pushState() and replaceState() to no avail. I get an error saying: Failed to execute 'pushState' on 'History': A history state object with URL 'foo.com:4041' cannot be created in a document with origin 'http://example.com:4041' and URL 'http://foo.com:4041/'.
For your information. the two URLS are ones which I generated with my /etc/hosts file, they simply pass to an express server at localhost:4041.
Thanks
Related
How can I add un-secured HTTP links on this page without causing the error "Not Secure."?
I have a secured web page with SSL HTTPS.
This web page is a dashboard with 100+ buttons which all contain links of external websites.
Unfortunately, not all of these websites support HTTPS ...common its 2020!
Is there any way to resolve this issue while maintaining the site lock?
Attempt #1
<link rel="ampHtml" href="http://example.com/">
Attempt #2
I used TinyURL to convert my HTTP links into short URLs which have
HTTPS. ...this works for most of the links (which is great!)
The remaining links when clicked have additional Javascript which is
adding URL querystrings to the end of the URLs. These strings apply on
the TinyURL successfully, but does not on the final destination URL.
The only other solutions I can think of (if even possible) is ...
JavaScript to convert specific links onClick to HTTP before opening a new tab and loading the website.
JavaScript to delay the load of the HTTP link.
You can make a redirect page. The most basic way is making a redirection page with JavaScript.
if (window.location.search.includes("?url=")) {
var url = window.location.search.replace("?url=", "");
window.location.replace(url);
}
Basically, what's happening is that it redirects from a secure page to a non-secure page without causing a 'Mixed Content' error. It gets the url parameter from window.location.search and then it redirects to that.
Impossible to execute function in Iframe from Parent without the sandbox : allow-same-origin. (when I put it, it works)
But I need to avoid this for the security of my modul.
Blocked a frame with origin from accessing a cross-origin frame
The domain, port and protocol are the same. Only the path to file is different
If you have a server side language skills, you can scrape the url that you want to post to and deliver it locally. Some would call this a router page.
So, myrouter.php receives $_POST['url'], php validates the url through a hash or some other means, then delivers the content to your app. Now you are able to post into the container. Otherwise, and I just digested the rest of your problem, you could use a server side include and "Bam", problem solved.
I have a upload script in another host and after remote file upload with Ajax I call a function like this :
echo '<script language="javascript" type="text/javascript">window.top.window.stopUpload('.$result.' , \'res2\' , uploaded , dkey);</script>';
the stopUpload function in the main page should run and do some thing (show pictures and ...)
but I get Permission denied error
Error: Permission denied to access property "stopUpload"
tip : Imagine I have stopUpload function in pageA and I call send file with ajax to upload in my another Host page called pageB I have a stopUpload function in pageB which should run on pageA after upload complete but face to above error ...
Can I call javascript function in another page remotely?
Thanks.
You are probably violating Same Origin Policy.
An Iframe can access parent window content only if they both belong to same origin.
An origin consists of Protocol (http/https), domain name(example.com and port(default 80). If any of these are different then sites are considered from different origins. If you are able to modify content of both the sites then you can manually set the document.domain=domain.com. After that you won't get the error.
#Edit
Both the sites should at least have super domain in common for manual domain setting to work.
For example, facebook.com and google.com can never be compatible since their super domains are different.
However docs.google.com and developer.google.com can be compatible as they have super domain google.com in common.
They both would have to declare document.domain=google.com in a script tag.
i am developing facebook application, and i need to get the facebook root page url not iframe, all these methods: document.location,window.location and top.location... return the iframe url ( my hosting server ) not facebook url.
any suggestions ?
Try parent.location.href. It might not work if the iframe isn't coming from the same domain, and if so you will just need to get the request url referrer with your server code.
Edit: To get the current url in PHP try $_SERVER['HTTP_REFERER']
This could be a little off the ballpark, but a friend asked me about it and it's kind of bothering me. How do you figure out the current path in your address bar if the server redirects all requests to a default file, say, index.html.
Let's say you entered:
www.example.com/
And your server configuration automatically redirects this request to
www.example.com/index.html
But the address in your url bar does not change! So how do you figure out using Javascript that the path on this url is index.html?
I looked into location.pathname but that's only giving me /.
Any ideas?
The problem is that it's not actually a redirect. When you type 'www.example.com' into your web browser, the browser generates an HTTP request like the following:
GET / HTTP/1.1
User-Agent: curl/7.16.3 (i686-pc-cygwin) libcurl/7.16.3 OpenSSL/
0.9.8h zlib/1.2.3 libssh2/0.15-CVS
Host: www.example.com
Accept: */*
Note that it's requesting a document named literally /. There are two possible responses by the server:
HTTP/1.1 200 OK
(more headers)
Content...
And
HTTP/1.1 301 Moved Permanently
Location: (location of redirect)
(more headers)
(Optional content)
In Case #2, you can get the redirect location since it's actually a redirect. But in Case #1, the server is doing the redirection: it sees a request for / and instead serves up the content for whatever its index page is (e.g. index.html, index.php, default.aspx, etc.). As far as your browser is concerned, that's just the content for the document /. It doesn't know it's been redirected.
If the redirect happens on the server then the browser is not aware of it and you cannot access the actual resource in javascript. For example, a servlet might "forward" to another resource on the server.
If the server sends a redirect command to the browser and the browser requests the new url then the browser does know about it and you can get it.
There is no way to do this, except somehow embedding the webserver's filename into the document. As far as the browser is concerned, there is no index.html, the page is just /.