I want to help users change privacy settings in a third party web application.
My first thought was loading the web application in an iframe and interacting with it via JavaScript. But the same-origin policy would prohibit that.
To avoid the same-origin restriction I could use a web proxy, but I doubt many users would trust logging in.
I could build a browser extension, but that makes it more cumbersome to use and harder to support all browsers.
Any suggestions?
You can use OAuth redirect mechanism to support your use case.
Related
I have a website and I need to know which device is used by my users.
Is there a way to know which device is used by a user on a website?
I know some website like webkay.robinlinus can demonstrate all a browser knows about a user.
The best will be to have the device (iPhone/Android) and the type of iPhone (8/XR,etc..) would be perfect.
Thank you for your advices
Is there a way to know which device is used by a user on a website?
No, there is not - this is by-design and is to protect the privacy of web users.
What you can do is use long-life'd cookies or use localStorage to track users on your own sites (origins) - though you'll need to ensure you comply with relevant privacy laws in your jurisdiction.
For web-applications accessed from a desktop browser, you can ask your users to manually download and install software that would run a broker-process or other helper utility that runs a webserver on localhost which your web-application could communicate with to identify the client - but be very careful as this may introduce security and privacy risks and vulnerabilities. This approach is used by Dell to allow their website to read your computer's Service-Tag through the web-browser, and by some of Microsoft's support websites as well. But I stress the importance of exercising extreme caution when implementing this because you don't want other websites or applications using your client-side program.
var x = "User-agent header sent: " + navigator.userAgent;
Send navigator.userAgent in the head tag
This saves the device and browser of the user
For More Reference Check W3schools
https://www.w3schools.com/jsref/prop_nav_useragent.asp
So I don't have any practical experience with headless browsers just yet.
Is it generally possible to have a headless browser run within the frontend javascript of a website?
If so, wouldn't that be a way to bypass cross origin policy? I mean at that point it's no security issue anyway, as it would be a freshly created browser, right?
Thank you!
While you can port parts of a browser to JavaScript, e.g. using emscripten, you are still restricted to the APIs offered by the browser itself. There are no APIs to open raw TCP connections, so you will not be able to bypass the same-origin policy.
I have a Javascript application running in a browser, and I want to access some data sitting in a server that can't enable CORS.
It's not a testing application, is meant for the end-user, even if a little techy one.
I considered:
PHP Proxy: Not appropriate. Server on the other side make decision about IP geolocation.
Java/SilverLight: Unfortunately my #1 target is Chrome
JSON: Not available
What are my options?
Please notice that I'm not trying to make any malicious application: if the user need to approve or allow me to make this request is totally fine.
You are trying to do exactly what the Same Origin Policy is designed to prevent (and what CORS is designed to allow the server to permit).
Your options are:
Find a way to work with whomever controls the server
Get the users to download and install software which isn't subject to the Same Origin Policy (such as a stand-alone application or a browser extension).
You need to ask your users to install chrome extension to overcome CORS. I used to use it while developing ionic apps and testing on chrome
https://chrome.google.com/webstore/detail/allow-control-allow-origi/nlfbmbojpeacfghkpbjhddihlkkiljbi?hl=en
https://chrome.google.com/webstore/detail/cors-toggle/omcncfnpmcabckcddookmnajignpffnh?hl=en
I am wondering if there is a way we can achieve this. I heard different things about Silverlight 4, JavaScript or ActiveX control, but I have not seen any demo of code for any of them.
Is there a web component that is available or how can I write one?
We really like to capture a client's USB drive via the Web and read/write data on it. This has to work for any operating system in any web browser.
What about WPF in browser mode? I read that I can host my WPF applications inside browser and sort of like smart client.
Here is a great example of doing this via Silverlight 4, but the author mentions about possibility of accessing USB on Mac via:
Enable executing AppleScript scripts.
This option will let us have the same amount of control on a Mac machine as we do on a Windows machine.
Add an overload to ComAutomationFactory.CreateObject() that calls the “Tell Application” command under the scenes and gets a AppleScript object.
This option would work extremely well for Microsoft Office automation. For any other operating system feature, you’ll have to code the OS access twice.
I did not quite understand it. Has any tried this?
Web browsers are deliberately isolated from the filesystem for security reasons. Only Java (not "Java Script"), Flash or browser plug-ins can accomplish this.
JavaScript cannot directly access your local disk (including a flash drive) for security reasons (would you really want any web site you look at to access, change, or even delete your files?), and ActiveX controls are IE-specific, so you should probably use a Java applet (not JavaScript). While Java's security policy normally does not allow access to local disks, signed applets can with the user's permission.
If you're willing to introduce a dependency on Flash (10), you can use the FileReference class to get access to one file at a time, first for reading using the browse method, then for writing using the save method.
Note that for security reasons, each call to these methods must be triggered as a result of user input (e.g. clicking a button), and each time they are called an OS-specific File Open/Save As dialog box is displayed.
There's a video tutorial which gives some sample code for editing a text file (load + save) directly in Flash, without needing any server-side help. It should be enough to get you started in the right direction.
What about WPF in browser mode...I read that I can host my wpf apps inside browser and sort of like smart client.
Whats the easiest way to build a simple 'web' application which is a single page, that just refreshes itself (using AJAX or something) to display continuously changing data hosted on various different servers on the internet?
I want to interface with (for example) Twitter, Facebook, Skype, Google Calendar, and any number of other services that have some type of web API.
The application does not need to allow user interaction other than to configure it with the authentication parameters needed to access those services.
It should be able to run full-screen with no UI elements showing, just the pretty information I am displaying.
I started to write an HTML file using Jquery but I am running into "Same Origin Policy" issues. Is there a way around this?
I'd love to just write this in Html/Javascript and run it in Google Chrome, is that possible somehow? I don't know how to get around SOP without hosting my own web server as a proxy to cross the domains.
Is there another alternative that is still pretty easy and simple? I looked into using the Windows Vista Sidebar but apparently you can't have a full-screen gadget.
I figured out that I can use the command line option for chrome:
--disable-web-security
And it will allow me to workaround the same origin policy, and since I am using this for a local application I can put the app in a virtual machine and let it run without too much worry.