I'm trying to write a Firefox plug-in that accesses data from facebook.
Now I'm not sure how to get an access token.
I tried to implement the client side flow for desktop apps (with the fixed redirect uri), but the big problem I encounter there, is that JavaScript doesn't allow me to wait for the redirect to happen.
Any idea how this could be done?
As far as I understood it, because I don't have a webpage, the JavaScript API doesn't help much, right?
I guess that you are opening https://www.facebook.com/dialog/oauth in a browser tab to let the user log in and give you access. You don't need to pass a working redirect URL here, you can rather use something that will definitely not work, like http://my.extension.local/. Then you only need to detect when the tab gets redirected to that URL. If you have a classic extension, you register a progress listener on the <browser> element of that tab and look at onLocationChange() calls - once you see a location starting with http://my.extension.local/ you can cancel the request and close the tab, the necessary data is in the URL. If you use the Add-on SDK you can attach a ready event listener to the tab, something along these lines:
var tabs = require("tabs");
tabs.open({
url: "https://www.facebook.com/dialog/oauth?...",
inBackground: false,
onReady: function(tab)
{
if (tab.url.indexOf("http://my.extension.local/") == 0)
{
...
}
}
});
Related
I am using the code below to redirect users that did not come from google. It can also prevent direct access to that link without going to google. But why does when I view the page source of my domain ( view-source:https://owndomain.com/NMkrujlS ), it does not redirect to example.com? isn't viewing page source a direct access to my domain? How can I fix this?
Thanks
My code:
var ref = document.referrer;
if (ref.match(/^https?:\/\/([^\/]+\.)?google\.com(\/|$)/i)) {
// do nothing
} else {
// redirect
window.location.replace("https://example.com" + window.location.pathname);
}
The example you linked in the comments of your original question uses a header-based redirect, which is why when you point your instance of Chrome to view-source:rshrt.com/getlink/YCy, it redirects you to the target page. This is in line with how browsers are expected to handle header-based redirects. This fact is confirmed if you open your developer tools' Network tab and inspect the requests that your browser sends to the target site, which show the rshrt.com page redirecting with a 301 Moved Permanently status code (along with the respective Location header, which points to the target page):
In your own example, you're performing a redirect using JavaScript. This JavaScript isn't executed/interpreted by the browser when using view-source. As such, the redirection never happens.
If you'd like this to function moreso like the site you've given as an example, you'll have to configure these redirection rules at a server level to correctly return a 301 or 302 status code (as well as the appropriate Location header), instead of on the client level using JavaScript. How specifically you would accomplish that is entirely dependent on the stack your server runs, and is arguably outside the current scope of the question as you've posed it.
so i know this may sound stupid, but I want to know if there is any way that i could redirect someone to a website, and then display an alert box on the web page, using either javascript or any other interface that can be weaved into HTML5. I asked some of my classmates, and they didn't know, so I just need a confirmation that this isn't possible.
I have ran a few trials i found, but on further review, they wouldn't work.
edit I have control over the site, but I wish for the box to only pop up if i redirect it.
I can give the code if it would help, but I'm doubtful it will help
sorry for wasting your time if i did. thanks.
Similar to Gerard's answer, but using query strings. A possibly more standard solution.
On the first page:
<script>
window.location = 'https://{your website here}/?showAlert=true';
</script>
Then on the 2nd page.
const urlParams = new URLSearchParams(window.location.search);
const showAlert = urlParams.get('showAlert');
if(showAlert === "true") {
alert("Hello");
}
Note this will not work in internet explorer
You could communicate to the new site that it's a redirect by appending the route:
On the site you want to redirect from:
<script>
// if you can't use a normal link, change the url with JS
window.location = 'https://{your website here}/#redirect';
</script>
On the site you want to show the alert:
<script>
if (window.location.pathname.includes('#redirect') alert('What you want to say');
</script>
If you only have control over the first site, you could alert before redirecting, there wouldn't be much difference to the user since the alert blocks execution of other code.
You can call an alert box in a HTML document with JavaScript like this:
window.onload = function () {
alert("Hello World!");
}
-> https://jsfiddle.net/u8x6s31v/
You can also redirect somebody, if the page he's visiting is yours. Is that what you mean?
Update:
I think you can't see the URL where someone comes from with JavaScript. The only way to trigger scripts for some people is to add a hash.
window.onload = function () {
hashUrl = window.location.hash;
if (hashUrl == "#alert") {
alert("Hello World!");
}
}
Then call for example: domain.tld/path/index.html#alert
-> https://jsfiddle.net/u8x6s31v/1/
This is a vague questions with a lot of possible answers but seeing as how you're new, I'm going to speculate on what you might be asking and try to answer it.
It's not clear what you mean by "redirect".
Is this a server-side redirect like when you move/change a URL and you redirect the old URL to a new URL? Is this a Javascript meta refresh that you put in a 404 template? Is this a redirect that occurs after a user takes an action?
Regardless, you're going to have to "annotate" that user and then take action upon that annotation. The most obvious method would be based on the "referrer" HTTP header but it is also possible to do it based on the presence of a cookie.
Additionally, adding URL parameters to a redirect is trivially easy and often used for stuff like this.
The immediate things that come to my mind would be via Google Analytics (preferably implemented via Google Tag Manager because it'll make it easier).
Look into "outbound link tracking", "cross-domain tracking" and "UTM campaign tracking" (all related to Google Analytics and/or Google Tag Manager) and you'll probably find something that suits your needs.
URL shorteners are commonly used to mask parameters in links and there are open source libraries that allow you to host your own URL shortener (which you could integrate into your redirects) or do some other type of link tracking like is often used for affiliates.
I'm writing an extension which surfaces links to gmail messages. As the UI loads right in Gmail, I should be able to click on one of these links and have Gmail load it (without refreshing). I have "x-gm-msgid" available and theoretically, I should just be able to navigate to "https://mail.google.com/mail/u/0/#inbox/[x-gm-msgid]".
I've tried using
location.hash = "#inbox/[x-gm-msgid]"
I've tried using
history.pushState(null, null, "/mail/u/0/#inbox/[x-gm-msgid]")
Neither of which works. Gmail just thwarts any attempt to change the URL (unless it is done via user interaction)
Any thoughts on how to get around this restriction?
chrome.tabs.update should work.
Modifies the properties of a tab. Properties that are not specified in updateProperties are not modified. Note: This function can be used without requesting the 'tabs' permission in the manifest.
I'm developing an extension in Chrome 4 (currently 4.0.249.0) that will show the user's StackOverflow/SuperUser/ServerFault reputation in the status bar. I've designed an options page to get the user's profile IDs and I save them to localStorage and read them well in the extension. It all works great.
The problem is I cannot find a (programmatic) way to refresh the extension upon options saving. I tried calling location.reload(); from the extension page itself upon right clicking it - to no avail. I pursued it further and tried looking at what Chrome's chrome://extensions/ page does to reload an extension, and found this code:
/**
* Handles a 'reload' button getting clicked.
*/
function handleReloadExtension(node) {
// Tell the C++ ExtensionDOMHandler to reload the extension.
chrome.send('reload', [node.extensionId]);
}
Copying this code to my event handler did not help (and yes, I tried replacing [node.extensionId] with the actual code). Can someone please assist me in doing this the right way, or pointing me at a code of an extension that does this correctly? Once done, I'll put the extension and its source up on my blog.
Now the simplest way to make extension to reload itself is to call chrome.runtime.reload(). This feature doesn't need any permissions in manifest.
To reload another extension use chrome.management.setEnabled(). It requires "permissions": [ "management" ] in manifest.
window.location.reload() works for me
I am using chromium 6.x so it might be fixed in newer version
The chrome.send function is not accessible by your extension's javascript code, pages like the newtab page, history and the extensions page use it to communicate with the C++ controller code for those pages.
You can push updates of your extension to users who have it installed, this is described here. The user's application will be updated once the autoupdate interval is hit or when they restart the browser. You cannot however reload a user's extension programmatically. I think that would be a security risk.
I just had this same problem with an extension.
Turns out you can listen for storage changes within background.js using chrome.storage.onChanged and have that perform the refresh logic.
For example:
// Perform a reload any time the user clicks "Save"
chrome.storage.onChanged.addListener(function(changes, namespace) {
chrome.storage.sync.get({
profileId: 0
}, function(items) {
// Update status bar text here
});
});
You could also reload parts of your extension this way by taking the changes parameter into account. chrome.runtime.reload() might be easier, but this has less overhead.
For all future Googlers - the Browser Extension spec now includes runtime.reload() - https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/API/runtime/reload
For Chrome, you might need to use chrome.runtime.reload() (but I'd handle such cases via Mozilla's awesome webextension-polyfill).
This question is a more specific description of the problem I asked on this thread. Basically, I have a web application for which I am trying to use Twitter's OAuth functionality. This application has a link that prompts a user for their Twitter credentials. When a user clicks this link, a new window is opened via JavaScript. This window serves as a dialog. When a user clicks the link, they are redirected to Twitter's site in the dialog. On the Twitter site, the user has the option to enter their Twitter credentials. When they have provided their credentials, they are redirected back to a page on my site in the dialog. This is accomplished through a callback url which can be set for applications on Twitter's site.
All I am trying to do is read the URL of the window that I have opened. I am trying to read the URL to detect a change so I can react accordingly and write to the HTML DOM on the launching page. However, whenever I attempt to read the dialog window's URL, I receive a "permission denied" error. To isolate and re-create the problem, I created the following test which shows the problem.
<html>
<body>
<input type="button" value="test" onclick="startTest();" />
<script type="text/javascript">
var dwin = null;
var timeoutID = 0;
function startTest()
{
dwin = window.open("http://www.google.com", "dialog", "height=600,width=800", true);
timeoutID = setTimeout("timerElapsed()", 1000);
}
function timerElapsed()
{
if (timeoutID == 5)
{
clearTimeout(timeoutID);
alert("We're done!");
}
else
{
if (dwin != null)
{
alert(dwin.location);
}
timeoutID = setTimeout("timerElapsed()", 1000);
}
}
</script>
</body>
</html>
How do I get dwin.location? I'm really confused. I didn't think this was going to be this difficult.
Thank you for any help you can provide.
The short answer is that you aren't going to be able to, unless you revise your strategy.
The simple reason is that you've opened a new browser window. The user could follow links away from your site, and it would be a privacy violation for the browser to let you know what site they are at. URLs themselves are private information if they are not from your site.
The way around this is that if the window popup is your site, the code in that window could post back to the parent window what the current location of the child window is.
Not really an answer to your questions, but :
using a popup, you'll get hat kind of security restrictions/problems, because you're using another domain
depending on how you are opening it, the popup might be blocked by popup-blocking functionnalities of the browser
popups are really annoying for the users !
Is there no way you could avoid using a popup ?
Few days ago, I saw this blog post about Twitter and OAuth : Writing A Simple Twitter Client Using the PHP Zend Framework's OAuth Library (Zend_Oauth)
Even if you are not using Zend Framework nor PHP, that post shows it is possible to use OAuth to authenticate on twitter without using anyking of popup :-)
Why not just have your user redirected to the authentication page of Twitter (inside the current browser's window) when they click the link ? And have them back on the site when they're done authenticating ? There's probably a way to do that with twitter's API ?
Actually, it seems it's possible (quoting your other question) :
On the Twitter site, the user has the
option to enter their Twitter
credentials. When they have provided
their credentials, they are redirected
back to my site. This is accomplished
through a callback url which can be
set for applications on Twitter's
site.
Is the problem that your are afraid user's won't come back ?
Well, if they are clicking this link, it's probably because they want to do something on your site, no ? So, they will probably come back !
Maybe you could put an explain next to the link, to explain what it does and how ; that might help them know it's normal to be sent to twitter's authentication page ;-)
You cannot access the opened window URL since cross domain access is prohibited by all browsers. So you need to think of another way to do it.