This might be a silly question which I'll delete if I realise, so if you are reading this then I didn't yet figure it out.
I have some software which is online (addressable) and available but it's a bit of a secret, so instead of just hitting my software when you come to my domain, you are shown a blog that I wrote and hidden within that blog is a link ;)
All well and good.
Now the problem is that users of my software always post screenshots which gives my 1/2 secret URL away. EEEEK yep! So I wanted to have the url be just the plain old normal domain, so as not to make things too easy for them hacky types :p
I have full control over everything here. Clientside / Server / Everything. Initially you hit some jsp and then the GWT app (inside of Tomcat) - you have to provide login details in the GWT app. So I have plenty of places to do this URL hiding / faking but any ideas to help would be great.
...and yes I'm posting this (perhaps isn't too dumb)!
Many thanks in advance.
You can use the javascript history.pushState() here
history.pushState({},"Some title here","/")
For example, on http://yourwebsite.com/secretlink.html, after the JS runs, the URL bar will show http://yourwebsite.com/ without having refreshed the page1. Note that if the user refreshes the page they will be taken to http://yourwebsite.com/ and not back to the secret link.
You can also do something like history.pushState({},"Some title here","/hidden.jsp"), so that if the user refreshes the page you can show them an error page that tells them to find the secret link and open it again.
1. If you pushState() some other domain than your own, a refresh will happen so this cannot be abused to phish sites
Include the inner page as an iFrame
Related
I am doing work for a client and I am beating my head against the wall trying to figure out what is happening on this site. First, he uses godaddy as his host and uses their express email marketing. One of the campaigns he was sending out had a wrong url in it. So that was easy enough to fix once I got logged in. Now, on the email that is sent out there is a link that says "To view this message as a printable PDF document, Click here." and it opens it up in the browser. NOW, I've tried finding the file it opens to change it with no luck. I've tried changing the html file in the directory it points to, but that does nothing and doesn't update the page. Any test page I create and try and open in a browser keeps the url but pulls in a different page (one in particular).
SO, as I've mentioned, in the email version of this, I've gotten it to work, just not in the browser version because I have no idea where it's pulling from or what is overwriting it.
Here is the link
http://nationalproduct.com/emailcampaigns/racing_stepmats/
At the bottom of this page there is a "Printable Version" button. This button should point to here:
/racing_stepmats/pdf/stepmats_racing.pdf#zoom=70
But instead points to here:
/regular_stepmats/pdf/stepmats_regular.pdf#zoom=70
I've also looked at the .htaccess file and there's only one line on there rewrite engine on so there's nothing in the .htaccess that's automatically loading or redirecting that I can see. Any wrong url that a user puts in doesn't go to a page not found, it just keeps what's been typed in the url bar but loads the racing rv mat page. ?:O
I've tried changing it in chrome and firefox in the developer tools and I know how to change the link to be correct, but I have no way of saving it from google or firefox to overwrite, that I know of at least. Any help on this would be greatly appreciated! Thanks in advance!
you just have to edit this part of the source of the page
<area shape="rect"
_mce_shape="rect"
coords="281,787,406,837"
_mce_coords="281,787,406,837"
href="http://nationalproduct.com/emailcampaigns/regular_stepmats/pdf/stepmats_regular.pdf#zoom=70"
_mce_href="http://nationalproduct.com/emailcampaigns/regular_stepmats/pdf/stepmats_regular.pdf#zoom=70">
replacing the wrong URL with the correct one
The owner has 15 different domains and was hosting this site, and all of it's content, in a subfolder. It was on the backend of godaddy where I found all the domains and where they were being hosted. Normally this would have been easier to find but there were hundreds of files and folders on the backend. Thanks for the pointers though ;) Fixed
We've got a number of content managed sites that use the same functionality. We added a site recently, and the Facebook like button is failing with an error on-click (following Facebook login):
This page is either disabled or not visible to the current user.
This only happens when the Facebook user isn't an administrator of the page, or of an application we've created for the page.
The site where this is failing is here: http://beachhousemilfordonsea.co.uk/
An example of a site that works (same code): http://monmouthash.co.uk/
The Facebook like code:
<fb:like href="http://beachhousemilfordonsea.co.uk/" width="380"></fb:like>
Actions already taken
I've checked with the FB Linter and there are a couple of Opengraph warnings that do need to be fixed (add a description, increase the image size) - but these are the same for all sites so should be affecting this (it's on the dev plan to get these rectified in the next release).
I've taken a look at the Facebook App we've got running on the problem page, and checked it against other working applications and the settings are the same as far as I can see, except there are missing options with this new application:
Encrypted access token (assume this is default, not changeable now)
Include recent activity stories
It doesn't feel like the application should have much of an impact on this though, as we use the application for the other functionality within the page (which is all working fine!).
I've searched for possible issues, and checked the more common ones:
There are no age/geographic restrictions
I've submitted 2 requests to Facebook in case the content is blocked, but no response or change
Any recommendations as to what else to try?
Thanks in advance,
Kev
P.S. I asked this question a week ago but it wasn't well formed - hopefully this is a better attempt, but if you need anything else please do let me know.
I just switched to a new host, changed all the information on my Facebook application settings page, and added the Open Graph namespace URL to my HTML element. What's the deal? On my old domain it was working and both accounts are subdomains. The difference between mine and other complaints of similar issues is that likes are not going through for me. Please help. Thanks.
This is Facebook's anti-spam measure. It will go away once people have started like-ing it.
See Facebook Like without Confirm?
This is Facebook's anti-spam measure and It will go away once people have started like-ing it.
One note to people seeing this issue. Majority of the time when you see this and you KNOW you're not phishing for likes, it's mostly likely because your QA team has liked and unliked content multiple times and short amount of time. This behavior sets off facebook's spam flags and thus adds the confirm button.
Hope that helps.
I am doing research on a subject. The sites which are developed in javascript for eg. https://hp.taleo.net/careersection/2/jobsearch.ftl# . If we click on the paging, the URL doesn't change and yet the contents of the page are changed. Whether there are some variables which are getting submitted and if yes then what are these variables. What would one have to do if one wants the actual hard link the next page for this site or the similar sites. Thanks in advance.
There are no hard URLs... The site is loading it dynamically through ajax.
Inspect the website using Firefox or Chrome/Safari Dev Tools. Open the network tab and submit the form.
Network Tab
As you can see, it's posting the data to that page. Do some investigation and see what you come up with.
You can also try turning off javascript and seeing if it falls back to hard urls.
Is there any way I can detect when my page has been set as the user's homepage in their browser?
I'm most interested in something in javascript, but I'd be happy to hear about other approaches as well.
Edit: I'm not looking for anything sneaky. I'm wondering if there is anything that is explicitly allowed through the browsers to find out this information.
There isn't likely to be a foolproof method, as that's an intrusion into the privacy of the user.
One thing that comes to mind is checking for a referrer. If the user arrived at your page without following a link, they a) typed the url, b) followed a bookmark, or c) have your page set as their homepage. But that's about the best I can do.
Nope. You can tell if they got to your page by following a link or not. Check the referrer. However, the browser going to your page as the home page will not appear any different than the user typing in your page or using a bookmark.
Mozilla/Firefox has a window.home() method which loads the user's home page. This method could be used (in an iframe, maybe) combined with server access logging, to see if the site's home page is instantly requested loaded by the current user.
However, other browsers don't seem to support this javascript method.
Simple solution, you shouldn't be checking if you or anyone else's site is set as the user's homepage. If they want it as their homepage, they'll make it so.
However, if you've got some Javascript that will check their email and see if they've sent links to your site to their friends or colleagues, I'd be very interested in that functionality ;-)