Adding jquery AJAX to send string into python script - javascript

How can i send a simple string, called accessToken (from Facebook API), to my python script? Is my way of thinking correct?
$.ajax({
traditional: true,
type: "POST",
url: my server ip:port?,
data: accessToken,
success: ok,
dataType: "String"
});
Lets say that python script will work on my local PC, should i then just tell my script to listen to POST requests on a given port? Does the string need any additional processing? I am not sure about whether this is correct, because it is my first time setting any ajax calls, or serverside python scripts, therefore i have, for now, no way to check whether this works.

Related

How to pass an object from client to server Nodejs

How do I pass a large object from my client to my node.js server, the object is stored in a variable in my script tags.
You need to run an ajax request and I would probably use JSON for it. This is an example using jQuery (the template engine is irrelevant, this is just JavaScript):
var data = {'bob':'foo','paul':'dog'};
$.ajax({
url: url,
type: 'POST',
contentType:'application/json',
data: JSON.stringify(data),
dataType:'json'
});
Just like you would any other client/server. Since clients and servers are detached, the server-side technology is irrelevant (though it does depend what type of endpoints).
Assuming you are using HTTP endpoints, you would simply use AJAX. You'd take your data, turn it into JSON, and then send it along.
With vanilla JavaScript on modern browsers, the easiest approach is with fetch(), which looks like this:
fetch('url-to-endpoint', {
method: "POST",
body: dataVariable
}).then(response => console.log(response.json()));
That's a basic POST. You can read up on all the ins and outs on MDN if you want to do something fancier.

Changing a ajax request to a different php file vulnerability, potential exploit clarification

I am creating an application, that accepts a ajax call (jquery) and returns the validated user an entry token to the website.
Say for example the ajax is called checkAuth.php and there are all the other php files in this directory. By changing the JS to validate another file like checkMail.php for example:
var xmlRequest = $.ajax({
url: "checkAuth.php",
processData: false,
data: xmlDocument
});
change the url to checkMail.php and create a vulnerability in the site?
var xmlRequest = $.ajax({
url: "checkMail.php",
processData: false,
data: xmlDocument
});
Although the result would return a different object but by doing so would this create an "open door" perhaps where the malicious user would keep sending requests in order to gain access? I understand that the user would have to know that the php file exists however I am unsure how to process this securely whilst maintaining my directory structure.
Please note this is not my actual code and I cant clarify the answer with these other posts or I am not understanding this correctly.
Edit: In addition - would this mean that any site using jquery would be able to ajax request any file from the server and create a vulnerability?
How to authenticate an AJAX request to a PHP file?
Question regarding Ajax Hacking
Ajax Security questions
How to send secure AJAX requests with PHP and jQuery
In general, any AJAX request can access all files which accessible via http request like as user types full URL as the browser address.
So, you have to check security token or something else in the begining of PHP-scripts.
You can restrict access to folders or files using .htaccess, see https://stackoverflow.com/a/11729748/3325396

Jquery AJAX request with hash deep in URL

I am working on embedding Sisense into my site and I would like to explore embedding via AJAX rather than the dated Iframe (since I'll have to use a hosted JS file to bind to events, only accessible via a GUI).
I have the following AJAX call (url masked with fake IP):
$.ajax({
url: 'http://99.9.9.123/app/main#/dashboards/4251cc98nc83/widgets/n128cm836chna1?embed=true&r=false',
type: 'GET',
dataType: 'html',
data: {},
success: function(result){
$("#container").html(result);
}
});
When I make this call, the request URL looks like it has been truncated to the location of the hash:
(Ignore the Access-Control-Allow-Origin error. I will be changing that in my environment)
Any idea what is going on here and why I cannot access the full URL via AJAX? I have no access to changing the URL.
This is an issue with $.ajax in jQuery < 3. Indeed everything after # is stripped out from URL. It was fixed in jQuery version 3:
https://github.com/jquery/jquery/pull/2721
With hints from the comment provided, I'm seeing that the hash is never passed to the server:
Can I read the hash portion of the URL on my server-side application (PHP, Ruby, Python, etc.)?
My thought was to decode the hash, hit it via AJAX, and decode it on the server.
Another solution I'm thinking of is to create an endpoint on the server that I can call and pass parameters that correspond to the appropriate dashboard/widget ids. Haven't implemented yet; just a thought.

Phonegap: cannot get data from external php server

I've been having problems for 2 days now. Before I didn't face this, but now it gives me a lot of headaches.
I can't get the json data from external php server using jQuery get method in phonegap (newest version).
Here is my data and code:
Sample data: {"name":"test"}
var url = 'http://website.com/app/user.php';
$.ajax({
type: 'GET',
url: url,
data: {mb: user},
success: function (data) {
alert(JSON.stringify(data));
},
error: function () {
alert('error');
}
});
I get the result, but not the 'test' data but totally different.
The alert is an html page rather than json data. I really don't know what is this.
I already tried the origin * and allow internet in android manifest.
I'm receiving a full valid html file instead of the data I expect
My guess is the problem came from the server itself?
Any suggestions?
You can not make requests from the localhost to a remote domain via javscript environment, the error will be "cross browser"
Recommend making an abstraction in order to pass the data for a webservice via java and not javascript.

Setting cookies in flask vs JS

I'm writing a small web-store, The backend is written in Flask, and I'm using jQuery to display popups, filter some inputs, etc.
There's a very simple cart, and I've ran into one question while making it.
I was thinking of storing the id's of each product selected (along with the amount) in cookies, and to generate the 'cart' part of the page via JS by accessing them.
Currently, I'm setting the cookies by POSTing an AJAX call to the server, which then updates the cookies.
Javascript:
$('#addcart_' + this_id).click(function() {
$.ajax({
type: "POST",
url: '/cart/',
data: JSON.stringify({"id": this_id, "amount": total_amt}),
contentType: "application/json; charset=UTF-8",
datatype: 'json',
async: false
});
});
And in Flask:
#app.route('/cart/', methods=["POST"])
def cart_update():
if request.method == "POST":
data = request.get_json()
# more code
return resp # response with cookies
Now, I was wondering, is there any point in actually doing that? I just need to store some data in cookies, and doing a call to Flask doesn't seem to add anything, so perhaps I could just set them via JS and live happily ever after?
Or are there some downsides?
There is absolutely no need to make a server-side call to set the selected products cookie. Updating it on the client side is much preferred, as it takes out all of the latency from the transaction.
Another thing to consider though is that your cookie will be sent along with every server-bound request. If you don't need this behavior (and you are fine with the browser support for it) you can use localStorage and only send back the selected values when the user checks out.

Categories

Resources