Make tracking codes disappear from URL bar - javascript

I'm using tracking codes to know where do the visitors of my website come from.
Example:
Facebook "Use App" button http://www.example.com/?fb_useapp=1
An emailing campaign : http://www.example.com/?mailingjuly2017=1
etc.
But then this is what gets displayed in the browser:
This is not very user-friendly: the users shouldn't see this information. How to get this parameter hidden on browser? (but still present in the server logs, that's where I'll do my analysis!)
Shoud I do it from JS or PHP, or even in an .htaccess RewriteRule?
PS: instead of using parameters ?param=1, I could also use a different approach and have a RewriteRule redirect example.com/mailingjuly2017/ to example.com.

If you just want to remove the appearance of the parameters in the address bar without the need to refresh the page, you can try the following JS:
if (history.pushState && window.location.href.includes('?')) {
history.pushState({}, null, window.location.origin);
}
This will remove the parameters in url address bar and should not affect server-side logs. Note that it will also remove them in the history so if the user clicks the back button and then forward, the page will be loaded without the parameters. See MDN for details and browser compatibility.

Related

How to redirect users when they access the website's view page source?

I am using the code below to redirect users that did not come from google. It can also prevent direct access to that link without going to google. But why does when I view the page source of my domain ( view-source:https://owndomain.com/NMkrujlS ), it does not redirect to example.com? isn't viewing page source a direct access to my domain? How can I fix this?
Thanks
My code:
var ref = document.referrer;
if (ref.match(/^https?:\/\/([^\/]+\.)?google\.com(\/|$)/i)) {
// do nothing
} else {
// redirect
window.location.replace("https://example.com" + window.location.pathname);
}
The example you linked in the comments of your original question uses a header-based redirect, which is why when you point your instance of Chrome to view-source:rshrt.com/getlink/YCy, it redirects you to the target page. This is in line with how browsers are expected to handle header-based redirects. This fact is confirmed if you open your developer tools' Network tab and inspect the requests that your browser sends to the target site, which show the rshrt.com page redirecting with a 301 Moved Permanently status code (along with the respective Location header, which points to the target page):
In your own example, you're performing a redirect using JavaScript. This JavaScript isn't executed/interpreted by the browser when using view-source. As such, the redirection never happens.
If you'd like this to function moreso like the site you've given as an example, you'll have to configure these redirection rules at a server level to correctly return a 301 or 302 status code (as well as the appropriate Location header), instead of on the client level using JavaScript. How specifically you would accomplish that is entirely dependent on the stack your server runs, and is arguably outside the current scope of the question as you've posed it.

How to achieve authorization ? How to prevent a user from directly accessing my html pages by writing URL?

I'm working on a node-red project with uibuilder node.
It's basically [html, css, js(with vue)] pages.
I want to make the login authorization part where each user opens the allowed pages only.
How can I achieve that? by tokens? by permitting direct access to pages using URL?
P.S. I'm new to this part of web and I tried searching but couldn't find what I need.
I searched a lot, all was dead-end until I found this question
Detect if page was redirected or loaded directly(Javascript)
Instead of getting into trouble with tokens, and checking at each page if it is valid or not.
I permitted accessing any page (except the login) by the URL. If you want to access a page, it's only by redirecting.
I achieved that by checking a variable at page loading if the page has history or not. if no history, it is redirected to the login page.
I added this part to my vue-js file:
window.onload = function() {
if(document.referrer == "") window.location.href = "http://localhost:1880/Login/login.html";
}
P.S. If all the Internet said preventing accessing by URL is impossible, Don't be disappointed. Search more, because it's actually possible. 😉 😉

Set Referrer value on a following called url

I have an Html file containing the following code:
<script>
Object.defineProperty(document, "referrer", {get : function(){ return "myreferrer.com"; }});
//document.location="somelink.com";
</script>
From what I've read,maybe the thing I'm trying cannot be done,but I wanted to be sure.
I want to visit the site somelink.com but when my browser finishes the redirection to the location,the document.referrer value to be "myreferrer.com".
If I run the html with this format(document.location in comments)
the command in url --> javascript:alert(document.referrer) is the one I want.
But if I erase the comments and activate the document.location line,the above command will show up an empty document.referrer and not the one I want.
Can I achieve what I have in mind?
Some browser versions allowed you to customize the referer header using the approach of overriding the document.referer property in javascript, but that doesn't appear to be reliable. Even if some browsers still allow that, there's no guarantee it would work in future versions.
If you need a workaround, you could link to the desired referrer domain and serve up an intermediate page that performs the navigation to the final destination URL via an HTML form submission. That should preserve that intermediate page as the referrer.
Within the context of a browser extension however, you can alter the headers via onBeforeSendHeaders

Mobile site script redirect

I have a joomla site and i have build a jquery mobile website so i use this this code below,
<script type="text/javascript">
<!--
if (screen.width <= 680) {
window.location = "site.com";
}
//-->
</script>
But the my problem is that in my jquery site i have a view full site this code i have put it in index.php of my main template so in every page that joomla creates so user can see this code exist
My question is how i can write this script when the user click from mobile jquery site "view full site" and not again redirect him back to mobile site.
Because when the user press the button view full site went to the full site and after seconds he turn back to mobile cause of this script..
Ideally, the switch should be done server-side, as the overhead in sending the page to the browser only to be redirected is unnecessary.
Here is a link to get you started with that but to focus on a your specific question: You can store the preference in a session variable which is then checked in your conditional above. This can be done either in JavaScript or php.
If you were to stick to your client-side approach above, you could modify the if statement to if (screen.width <= 680 && readCookie('screenpref') != 'desktop') {} after creating your setCookie() and readCookie() functions.
Like Joe said I also reccomend a serverside solution which is way more efficient check this link I just found, which is a quite comprehensive list of user agents you can check to redirect on : http://detectmobilebrowsers.com/
For those of you that don't know the user agent is part of the header of the request and describes the client software that oriniganated the request. Basicly its a string that you can use to identify which device requested your web page.

How to open email by x-gm-msgid in Gmail with Javascript

I'm writing an extension which surfaces links to gmail messages. As the UI loads right in Gmail, I should be able to click on one of these links and have Gmail load it (without refreshing). I have "x-gm-msgid" available and theoretically, I should just be able to navigate to "https://mail.google.com/mail/u/0/#inbox/[x-gm-msgid]".
I've tried using
location.hash = "#inbox/[x-gm-msgid]"
I've tried using
history.pushState(null, null, "/mail/u/0/#inbox/[x-gm-msgid]")
Neither of which works. Gmail just thwarts any attempt to change the URL (unless it is done via user interaction)
Any thoughts on how to get around this restriction?
chrome.tabs.update should work.
Modifies the properties of a tab. Properties that are not specified in updateProperties are not modified. Note: This function can be used without requesting the 'tabs' permission in the manifest.

Categories

Resources