I have an URL of domain1.com, that redirect to an URL of domain2.com with HTTP Location: header method.
Can i, running a javascript page on domain1.com, know the final URL pointing to domain2.com? How?
Thank you in advance.
Unfortunately not, most browsers will not give you this level of access and anyone visiting domain1.com will get redirected before executing any code on the page.
Even if you could execute the javascript from domain1.com and make an ajax request to domain1.com, the webbrowser will redirect the ajax request to domain2.com under the hood and return success without giving you any notification of the redirect.
Related
I've noticed one interesting thing in Chrome browser. For example, we have two pages on our site: A and B, both pages load script X which makes AJAX call to a server. When user goes to the page A, requests to the script X and AJAX call has URL of the page A as referrer. That's fine. On the page A we have a link to page B. If user click on it he will be redirected to the page B. Here we load the script X and make the same AJAX call. Now the referrer in headers for the script X and AJAX call is the URL of page B. That is still fine. Now if user click back button he will be redirected to page A. The script X will be requested with referrer A, but the AJAX call has referrer B.
I hage two questions:
Why? If you try it in FireFox browser then it works as expected. All AJAX calls have the actual page URL as referrer.
How to fix it? Is there a way to fix it the referrer header or I can only set the referrer as GET/POST parameter?
Thanks
I've also found that the request is loaded from cache. I've added cache buster and now it's working fine.
I am trying to redirect to another URL from node js by using response.writeHead method
response.writeHead(301, {Location : <redirecturl>})
I need to have this redirection is being executed by POST method, however it is always executed by GET. What is the way that the redirection can be made as a POST request.
A redirect by default sends a GET request. According to the HTTP spec, a 301 redirection means sending a GET request. If you want to redirect with the same method (POST), you can try doing a 307 redirect instead.
There is no difference between redirection in both GET and POST methods. Both method should work find. Better you can your expressjs framework in which it is
res.redirect('http://example.com');
Be careful, when using status code 301 which means Moved Permanently. Once browser gets 301 status code, it will directly try the redirected URL from the next time.
Without seeing more of your code, I believe this is what you are describing:
The client has made a request to your application using an HTTP method (get, post, etc.) You are responding to that request by sending back a 301 error and a new URL (redirecturl)
The client then decides to implement a get request for the redirecturl.
You can't change how a client responds to a 301. That is out of your control and it is normal for browsers to initiate a get for the redirecturl.
You could initiate a post request from your server to the redirecturl.
You could send back a webpage which would then submit a post request from the client.
What are you trying to achieve?
How to stop loading of iframe when the response for first request come.i have include this but this will load complete url which i don't want.i only want to set cookies from first request response
This is cross domain request
i have tried JSON get request but it is not setting cookies in my browser whihc i can use in next request.
please help us
this can be done by the window.stop():
try
window.frames[0].stop()
When I use this code, it works:
ajax.open("post","a.php",true);
but when I try to send data to a external file like:
ajax.open("post","http://www.example.com/a.php",true);
it doesn't work.
Are there any solution?
The URL of the file that must be opened - the location of the server side script. This can be a absolute URL like(http://www.foo.com/bar.php) or a relative one(/bar.php). A note of caution - this URL should be in the same domain as the script is. You cannot call a script in google.com from a script that is running in yahoo.com. This is a security measure implemented in most browsers to prevent XSS.
Regards,
Cyril
On which domain is your script executed? Is it www.site.com or some other?
The reason your code might not work is because for security reasons you are not allowed to send AJAX request to other domains.
Edit: One workaround would be to implement a web service on mysite.com, send AJAX request to it. The service should then proxy the original request to othersite.com (server-side) and subsequently return the response to the script being executed on mysite.com.
I am just trying to access a webservice or any webpage for that matter through ajax(only ajax is allowed for some reasons).The webservice is protected by coroporate SSO. In the sense, when the webpage X is requested for the first time, you get redirected to the login page Y,which is outside of the app. Upon authentication,you get auto redirected to the page X. Subsequent requests to page X will work without authentication. Of course, all these are handled through cookies. Whether or not to display login page Y is determined by the presence/validity/content of a few cookies.
Now, I am trying to access this protected resource X through ajax. Is it possible to achieve this using ajax? How can cookies be handled in an ajax request?
AJAX uses GET and POST requests, so cookies are sent in the same way as when you do a GET or POST request when loading a new page.