Is there a way for javascript to access a variable left by the user of a specific computer? I know that system variables are out of the question.
Currently I have a POS web-app that sends HTTP HEAD requests to the server specifically for the purpose of updating the pos terminal's display pole unit.
The app:
1) Sends HEAD request to the server
2) The server receives the request with the payload and writes to a virtual port which is connected to the pos terminal's LAN > COM port which in turn writes to the pole
However when other devices like mobile phones and laptops use the pos app, all of them are sending these requests every time a line item is changed in the form. That's a lot of useless requests (because these computers don't have their own display pole).
I'd like it so that the JS can search for a specific variable that the user can put in their system. If it's there, send the request. If not, don't even try.
Something along the lines of a browser addon maybe? As in "for this domain, set this variable".
For security reasons, plain Javascript in a web browser cannot access things outside of the browser environment. A browser add-on can access things outside of the browser so it could create an interface for some outside setting.
It sounds like what might make more sense is for the pos terminal to specify a slightly different URL when it uses the POS web app and that different URL (say a query parameter) would tell your app server to place a Javascript variable in the page indicating that this use of the app does have a display pole unit attached so it should do whatever one would do when that is connected.
Meanwhile, the publicly known URL that is used from a laptop or a mobile phone would not have that special parameter in the URL and thus the Javascript in the page could know that it is not connected to a display pole unit and should act accordingly.
You can have the identical web app for the two classes of users with this one configuration variable set differently based on what URL initiated the session.
Other places you can store configuration info in the browser are cookies and LocalStorage. So, the setup process for the pos terminal could cause a LocalStorage value to get set such that your Javascript could tell from that LocalStorage value that this browser is connected to a display pole unit, but the mobile phone/laptop browsers would not have that LocalStorage value set so the Javascript could act accordingly when they were using the app.
Here's another idea. I don't know what kind of browser is in your POS terminal, but if it has a unique user agent string or it can be configured to have a unique user agent string, then your Javascript in the page could check navigator.userAgent and examine it to see if any particular markers were present in the string that indicates this is the POS terminal browser, not some other browser.
Install a browser custom browser plug-in (that doesn't have to do anything except be present with a known name) in the POS terminal browser. Then, use Javascript to detect whether that plug-in is present. If so, you know to act like it is connected to a display. If not present, then no display attached.
To summarize the options:
Use a query parameter on the URL when accessing the webapp from the pos terminal. This would tell your Javascript that there is a terminal attached. You could also then set a cookie whenever you see the query parameter such that other pages (without the query parameter, but loaded from the same device) would see the configuration too.
As part of the setup process for the pos terminal, run a page that would set a cookie to tell the JS that this viewer is the pos terminal.
As part of the setup process for the pos terminal, run a page that would set a value into LocalStorage to tell the JS that this viewer is the pos terminal.
Add some custom indicator to the user agent string in the POS terminal browser that your Javascript can then detect.
Install a custom browser plug-in on the POS terminal which your page Javascript can detect the presence of and act accordingly.
Related
How would a cloud web app get Client Device Information such as IP address, Serial Number, etc?
Looking to have an app developed for tracking asset conditions within the school. Just want to make sure my ask is possible before I list it for review.
Basically the user goes to a webpage and fills out a condition report and submits it. I'm wanting to automatically identify the Chromebook or Laptop that is submitting the condition report. With Chromebooks especially, the S/N on the board is not what always is on the case plastics (due to repairs). The aim of making this automatic is to keep data correct.
I could identify the device by serial number, asset number, or local LAN IP. Could potentially identify by any other persistent hardware id that doesn't change.
Thoughts on possible solutions / workarounds:
Maybe there is a unique hardware hash or identifier that Chrome supplies that is persistent and I don't know about. I could manually build a lookup table if its not appropriate to use it directly.
It looks like the WebRTC method no longer works for obtaining local IP address - unless there is a way to force the Chrome Flags for specific sites through Google Workplace policies.
I could create a web service that runs behind the firewall and returns the IP address of the requestor. The client side JavaScript would use that when communicating with the cloud web app and if it cannot connect to the local web service then it prompts the user for the serial number as a last resort.
I could create and force install an extension that the webpage can use to obtain the IP address...
E.g. https://github.com/DoctorLai/what-is-my-ip/
Just wondering if there is an easier way than the above ... One that would work even if the Chromebook wasn't on site...
Thanks
Is there any way to prevent a web app from being stored and operated from local file system.
The app has proprietary front end work-space, built with JS & many other libraries, which must be available for usage only if the user is logged in over the domain with active internet.
If any user attempt to save the page and relevant files to local file system and try opening the workspace, it must be prevented.
Is there any possibility to achieve this
If someone really wants to look at the code that's being run, there's no way to prevent it, because it's running on their machine, and they can do anything they want with their machine, including examining network requests (such as from their browser, or from their OS).
If there is information that the client should not be able to access under any circumstances, the only solution is to not send that information to the client in the first place.
Now, there are methods to check whether a script is being run from a webpage or a file, eg:
if (window.location.href.startsWith('file:')) {
throw new Error();
}
But the user may still examine the script and tamper with it if they desire.
We are creating a simulator to test our new system. The simulator will be used for performance testing using varying payloads. But we are stuck while trying to create multi-user scenario due to an embedded functionality of our new system. Given below is the workflow of the new system under question:
User logs in the system
When page is loaded, a hidden iFrame is rendered with url to User Authentication Service via HTTP Post
User Authentication Service executes a javascipt in the user browser and gets the following - (A) User ID, (B) IP Address, (C) Browser details
User is authenticated and next page is loaded
The javascript mentioned above is maintained by external group and we don’t have access to it (don’t have the source code yet but we may get it).
Our Scenario: We have to simulate multi user condition for varying pay load. We have created a simulator for this purpose. We want to simulate for different concurrent users connecting from different machines (different IP, browser). Since we are talking about simulated condition, the simulator is expected to generate it from the server machine only.
Challenge: How wan we suppress the execution of the javascript mentioned in the Step#3 above? Is it possible at all? What do we need to know from the external group regarding the javascript to achive it? Will it help, if we have the source code of the javascript?
Please refer to the image for the scenario mentioned here. Any help is appreciated:
I am trying to implement session kill feature for my application.
I need to show user all the devices from which he has logged in.
But I am not able to get the users machine name from http request.
I have tried this:
Another similar question in stack overflow
But it gives user's machine name only if it is explicitly specified in hosts file and is the first entry there.
Google has implemented the similar feature
google's implementation to review devices/sessions
It shows the user's machine name
My machine name CITRUSPN135 is shown here.
How can I implement the similar feature for my application?
I am open for implementations both at front end or server side.
server side code is there
String browserType = request.getHeader("User-Agent");
it contains all the information
TL;DR: Can't find clear information on how to set/get the Client ID to make any server-side tracking request. Need to understand how to work with the Client ID.
I'm planning to use Analytics Measurement Protocol to send a custom pageview from the server (I'm using PHP).
Standard page-track request looks like this:
v=1 // Version.
&tid=UA-XXXXX-Y // Tracking ID / Property ID.
&cid=555 // Anonymous Client ID.
&t=pageview // Pageview hit type.
&dh=mydemo.com // Document hostname.
&dp=/home // Page.
&dt=homepage // Title.
In order to make the request, I need to set cid (Client ID). This is what the documentation tells about it:
Required for all hit types.
This anonymously identifies a particular user, device, or browser
instance. For the web, this is generally stored as a first-party
cookie with a two-year expiration. For mobile apps, this is randomly
generated for each particular instance of an application install. The
value of this field should be a random UUID (version 4) as described
in http://www.ietf.org/rfc/rfc4122.txt
For me, the whole point of using the Analytics Measurement Protocol is not to use JS to track specific hits. JS can throw errors, older browsers might not be so developer-friendly, users tend to use browser extensions to block not only ads, but trackers as well. Having said that:
Is there any way to get the Client ID in PHP, and do I even need to
do that?
Can I just generate a random UUID (v.4) every time I need to send a
pageview or an event?
I understand the Client ID should be unique per client. How do I make sure it really is?
Let me add, I'm using a legacy code with the old ga.js library fueling Google Analytics.
UPDATE:
I found a post by Dave Meindl from 2013, showing an example implementation. Seems like he basically creates the an UUID every time and uses it as the Client ID. If someone could confirm that that's the way to go, I would be so happy.