So i am generating form on fly and posting it to another website. The problem is that when i'am using IE form post request contains no parameters. The form outerHTML is the same in Mozilla and IE 8, so i just can not understand it does not work properly in IE 8.
Is there any way to fix ?
Here is the logic that posts generates & posts the form:
function PostForm() {
var form = AddForm();
var email = hiddenEmailCtrl.value;
var password = hiddenPasswordCtrl.value;
var checked = rememberMeCtrl.checked;
AddField(form, "email", email);
AddField(form, "password", password);
AddField(form, "remember_me", checked);
form.action = 'https://somesite.com/login';
alert(form.outerHTML);
alert(document.forms[1].outerHTML);
document.forms[1].submit();
}
function AddForm() {
var submitForm = document.createElement("form");
document.body.appendChild(submitForm);
submitForm.id = 'credentialsForm';
submitForm.method = "post";
submitForm.target = '_blank';
return submitForm;
}
function AddField(formElement, fieldName, fieldValue) {
var inputElement = null;
if (typeof (document.all) != undefined && document.all) {
inputElement = document.createElement("<input type='hidden' name='" + fieldName + "' value='" + fieldValue + "' />");
inputElement.id = fieldName;
}
else {
inputElement = document.createElement('input');
inputElement.setAttribute('type', 'hidden');
inputElement.setAttribute('name', fieldName);
inputElement.setAttribute('value', fieldValue);
inputElement.id = fieldName;
}
if (inputElement == null) return null;
formElement.appendChild(inputElement);
return inputElement;
}
And here is Mozilla request :
POST /login HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: ensiconnect.groupsite.com
Content-Length: 42
Expect: 100-continue
Connection: Keep-Alive
email=some#email.com&password=somePassword
This is IE8 request:
CONNECT somesite.com:443 HTTP/1.0
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.1; .NET4.0C; .NET4.0E; AskTbF-ET/5.9.1.14019)
Proxy-Connection: Keep-Alive
Content-Length: 0
Host: ensiconnect.groupsite.com
Pragma: no-cache
IE uses a nonstandard version of document.createElement that also supports HTML code instead of a simple tag name. Since this violates the standard, and IE8 went to some length to be more compliant, it's possible IE8 only obeys the non-standard variant in quirks mode.
You should try removing the switch on document.all and pass IE8 the w3c variant in AddField. If that works then you'll need to test for IE7 rather than document.all
btw, I'm just guessing here, you'll need to test it.
Related
I am working on a JSP(tomcat6) application. (domain is different)
I'm trying to set the same-site attribute to None because The cookies have disappeared after more than 2 minutes due to the new version of the chrome browser. (Release date for a fix is February 4, 2020 per: https://www.chromium.org/updates/same-site)
I tried to solve the problem in the following ways but is still not working
response.setHeader("Set-Cookie", "user=test;HttpOnly;Secure;SameSite=None");
response.setHeader("Set-Cookie", "HttpOnly;Secure;SameSite=None");
document.cookie = "witcher=Geralt; HttpOnly; SameSite=None; Secure";
<iframe src="https://service3.smartcapsule.jp/disp/ONECLICKCOMM.do"></iframe>
By using Pop-up windows
Code is here
document.form1.division2.value = 1;
document.form1.division3.value = 1;
document.form1.division4.value = 1;
document.form1.pan.value = 4322423434232342;
document.form1.expiryDate.value = 0222;
document.form1.jspName.value = 'index.jsp';
document.form1.method = "post";
document.cookie = "HttpOnly; SameSite=None; Secure";
document.form1.action = http://service3.smartcapsule.jp/disp/ONECLICKCOMM.do;
Header is here
<html><body>
host=localhost:8080<br>
connection=keep-alive<br>
content-length=90<br>
cache-control=max-age=0<br>
origin=http://localhost:8080<br>
upgrade-insecure-requests=1<br>
dnt=1<br>
content-type=application/x-www-form-urlencoded<br>
user-agent=Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4252.0 Safari/537.36<br>
accept=text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9<br>
sec-fetch-site=same-origin<br>
sec-fetch-mode=navigate<br>
sec-fetch-user=?1<br>
sec-fetch-dest=document<br>
accept-encoding=gzip, deflate, br<br>
accept-language=en,q=0.9,q=0.8,ko;q=0.7,ja;q=0.6,q=0.5<br>
cookie=SameSite=None; Secure; aspGroupId=00000000; _ga=GA1.1.371271115.1600306707; _gid=GA1.1.1473986481.1600822923; JSESSIONID=15BA5A77A80B2C93969A44FE9371B135; _gat_UA-71516129-3=1; _token=8b234c913616b70c05100bb7fc141a33; _gat=1; arp_scroll_position=2986.363525390625<br>
</body></html>
-------------------------------------------------------------------------------------------
<html><body>
host=localhost:8080<br>
connection=keep-alive<br>
content-length=384<br>
cache-control=max-age=0<br>
origin=null<br>
upgrade-insecure-requests=1<br>
dnt=1<br>
content-type=application/x-www-form-urlencoded<br>
user-agent=Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4252.0 Safari/537.36<br>
accept=text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9<br>
sec-fetch-site=cross-site<br>
sec-fetch-mode=navigate<br>
sec-fetch-dest=document<br>
accept-encoding=gzip, deflate, br<br>
accept-language=en,q=0.9,q=0.8,ko;q=0.7,ja;q=0.6,q=0.5<br>
</body></html>
If I don't change browser properties, how should I fix it?
disable 「SameSite by default cookies」 in chrome://flags
「20200924」I tried the following, but the cookies was still lost
Cookies.set('name', 'value', {
sameSite: 'none',
secure: true
})
response.setHeader("Set-Cookie", "user=mcmd;HttpOnly;Secure;SameSite=None");
document.cookie = "witcher=Geralt; SameSite=None; Secure";
public void doGet( HttpServletRequest request, HttpServletResponse response ) throws ServletException,IOException {
response.setContentType("text/html;charset=Windows-31J");
PrintWriter out = response.getWriter();
out.println("<html><body>");
Enumeration e = request.getHeaderNames();
while( e.hasMoreElements() ) {
String name = ( String )e.nextElement();
out.println( name + "=" + request.getHeader( name ) + "<br>");
}
out.println("</body></html>");
}
document.cookie = "<%= s_cookies %>";
document.cookie = "witcher=Geralt; SameSite=None; Secure";
res.setHeader("Set-Cookie", "user=mcmd;HttpOnly;Secure;SameSite=None");
res.setHeader("Access-Control-Allow-Origin","*");
res.setHeader("Access-Control-Allow-Credentials","true");
crossDomain=true; withCredentials=true;Authorization; Max-Age=60*60*3600
<iframe src="https://service3.smartcapsule.jp/disp/ONECLICKCOMM.do"></iframe>
<script
src="https://code.jquery.com/jquery-3.4.1.min.js"
integrity="sha256-CSXorXvZcTkaix6Yvo6HppcZGetbYMGWSFlBw8HfCJo="
crossorigin="anonymous">
</script>
<script>
const apexUrl = 'localhost:8080';
const forwardUrl = 'https://localhost:8080';
alert(window.location.host);
if (window.location.host === apexUrl) {
window.location.host = forwardUrl;
}
</script>
Google reCAPTCHA
To edit a cookie, set its value, and then add it to the response.
and never forget to change the ExpiresDate.
I want to be able to detect user when the user browses a web page inside twitter app. By detecting, I want to just add a body class that I will use to change the way the page looks for users inside twitter app. However, all my tries so far failed.
I can detect webview inside Facebook app using the following code
var ua = navigator.userAgent;
if ((ua.indexOf("FBAN") > -1) || (ua.indexOf("FBAV") > -1)) {
return 'facebook';
}
I have looked around/ googled around/ checked other StackOverflow solutions. However, I could not find a solution where I can detect twitter in-app. That is, I want to detect when a user browses a page inside twitter app.
The things I have tried and failed are below
if (/Twitter for/i.test(nua) === true) {
return 'twitter';
}
or
if (/\/\/t.co\//i.test(document.referrer) === true && /Safari\//.test(nua) === false) {
return 'twitter';
}
or checking for the browser, device, vendor, model, device type, engine, os, os version (why was I checking this?!?). I checked using Modernizr; however, no difference was found between as standalone Safari and in-app Twitter. Also, checked using Detect if user is using webview for android/iOS or a regular browser
Also tried the following with failure
var userAgent = window.navigator.userAgent.toLowerCase(),
safari = /safari/.test( userAgent ),
ios = /iphone|ipod|ipad/.test( userAgent );
var standalone = window.navigator.standalone,
userAgent = window.navigator.userAgent.toLowerCase(),
safari = /safari/.test( userAgent ),
ios = /iphone|ipod|ipad/.test( userAgent );
if( ios ) {
if ( safari ) {
$('.debug').prepend('Yeah I am a browser in ios');
} else if ( !safari ) {
$('.debug').prepend('Yeah I am a webview in ios');
}
} else {
$('.debug').prepend('Yeah I am NOT a ios');
}
if( ios ) {
if ( !standalone && safari ) {
$('.debug').prepend('Yeah I am a browser in ios');
} else if ( standalone && !safari ) {
$('.debug').prepend('Yeah I am a standaline in ios');
} else if ( !standalone && !safari ) {
$('.debug').prepend('Yeah I am WEBVIEW');
}
} else {
$('.debug').prepend('Yeah I am NOT IOS');
}
var isWebView = !/safari/.test( window.navigator.userAgent.toLowerCase()) || navigator.platform === 'iOS' || navigator.platform === 'iPhone'
$('.debug').prepend('<br>isWebView? : ' + isWebView + "<br>");
$('.debug').prepend('<br>AM I WEBVIEW?: ' + /AppName\/[0-9\.]+$/.test(navigator.userAgent));
var is_uiwebview = /(iPhone|iPod|iPad).*AppleWebKit(?!.*Safari)/i.test(navigator.userAgent);
var is_safari_or_uiwebview = /(iPhone|iPod|iPad).*AppleWebKit/i.test(navigator.userAgent);
$('.debug').prepend('<br> is_uiwebview :' + is_uiwebview);
$('.debug').prepend('<br> is_safari_or_uiwebview :' + is_safari_or_uiwebview);
var uaSafari = navigator.userAgent.match(/Safari/i)
var uaSafariInput = navigator.userAgent.match(/Safari/i).input
var uaSafariIndex = navigator.userAgent.match(/Safari/i).index
$('.debug').prepend('<br> ' + uaSafari + '<br>' + uaSafariInput + '<br>' + uaSafariIndex + '<br>' + navigator.vendor + '<br>' + navigator.product + '<br>' + navigator.productSub + '<br>' + navigator.languages.length + '<br>' + navigator.doNotTrack + '<br>' + navigator.maxTouchPoints + navigator.maxTouchPoints);
//Check headers and see if any difference there
var req = new XMLHttpRequest();
req.open('GET', document.location, false);
req.send(null);
var headers = req.getAllResponseHeaders().toLowerCase();
$('.debug').prepend('<br> headers \t ' + headers);
if (/Twitter for/i.test(navigator.userAgent) === true) {
$('.debug').prepend('<br> Test1 ');
}
$('.debug').prepend('<br> Document referrer is : '+ document.referrer + " <br> ");
if (/\/\/t.co\//i.test(document.referrer) === true && /Safari\//.test(navigator.userAgent) === false) {
$('.debug').prepend('<br> Test2 ');
}
}
I don't believe it's possible to detect the Twitter in-app browser in JavaScript, because it uses a generic Web View with no identifiable properties.
Most of your examples rely on searching the user agent string for specific keywords. Here's a comparison of user agent strings between the relevant browsers in iOS 11 for iPad based on a test I just conducted:
Safari
Mozilla/5.0 (iPad; CPU OS 11_0 like Mac OS X) AppleWebKit/604.1.38 (KHTML, like Gecko) Version/11.0 Mobile/15A5372a Safari/604.1
Facebook (in-app)
Mozilla/5.0 (iPad; CPU OS 11_0 like Mac OS X) AppleWebKit/604.1.38 (KHTML, like Gecko) Mobile/15A5372a [FBAN/FBIOS;FBAV/140.0.0.63.89;FBBV/70896504;FBDV/iPad4,2;FBMD/iPad;FBSN/iOS;FBSV/11.0;FBSS/2;FBCR/AT&T;FBID/tablet;FBLC/en_US;FBOP/5;FBRV/0]
Twitter (in-app)
Mozilla/5.0 (iPad; CPU OS 11_0 like Mac OS X) AppleWebKit/604.1.38 (KHTML, like Gecko) Version/11.0 Mobile/15A5372a Safari/604.1
You can see that Twitter's browser user agent is identical to Safari.
Obviously this is not a solution to your problem, but more of an explanation why you haven't found an actual answer.
You can check if navigator.mediaDevices is undefined. Since webRTC isn’t supported in webviews, it will be undefined in Twitter but present in Safari.
Twitter uses t.co to warp the shared URL, so there is a redirect before reaching the real content.
https://developer.twitter.com/en/docs/basics/tco
When checking all the headers sent from Twitter in-app browser, the referer header filed shows the wrapped t.co link.
referer: http://t.co/ 0JG5Mcq
Maybe this header can help distinguish with Safari's User-Agent.
I have an unusual error as follows. When I am using my webpage in IE 32bit. In all other browsers it works fine. My error as follows:
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2)
Timestamp: Mon, 23 May 2016 14:53:02 UTC
Message: 'which' is null or not an object
Line: 37
Char: 2
Code: 0
My code as follows:
function btn_contactus_clicked() {
window.location.href = "ContactUs.jsp";
}
function btn_login_click()
{
//if (typeof alert_vu !== "undefined") {
// tcalert_close("alert_vu");
//}
document.getElementById("msg").value = "";
if (document.getElementById("input_username").value.trim() === "") {
document.getElementById("msg").value = "Invalid user name!";
} else {
if (document.getElementById("input_password").value.trim() === "") {
document.getElementById("msg").value = "Invalid password!";
} else {
//Add checks for valid username from db here
}
}
if (!(document.getElementById("msg").value === "")) {
// One or more values entered is incorrect
tcalert("alert_login", document.getElementById("msg").value);
} else {
// All values entered are good
document.getElementById("alert_login").innerHTML = "";
document.form_login.submit();
}
}
document.onkeydown = function(e) { submitClick(e);};
function submitClick(e){
if(e.which === 13){
btn_login_click();
}
}
Please guide me what is the error. It is a simple login page.
im trying to make a post request to the server but the jquery doesnt sent any post date.
i already tried to use: (suggestions i found on the web)
var postdata = {'username':username,'password':password,'src':'web'};
instead of
var postdata = 'username=' + username + '&pass=' + password + '&src=web';
this is my jquery code:
var username = $('#uForm_un').val();
var password = $('#uForm_pw').val();
var postdata = 'username=' + username + '&pass=' + password + '&src=web';
console.log(postdata);//output: username=administrator&pass=password&src=web
$.post(
"inc/api/do.login.ajax",
postdata,
function (data) {
console.log(data);//output: a vardump($_POST) wich is empty.
}
);
browser data:
Remote Address:62.***.**.**:80
Request URL:***********/inc/api/do.login.ajax/
Request Method:GET
Status Code:200 OK
Request Headersview source
Accept:*/*
Accept-Encoding:gzip,deflate,sdch
Accept-Language:nl-NL,nl;q=0.8,en-US;q=0.6,en;q=0.4
Cache-Control:no-cache
Connection:keep-alive
Cookie:anonymous=-81523622186; windowtop=100; LanguageId=1; CurrencyId=1; space_history=%7B%221%22%3A%2220%22%7D; eventId=1; OrderId=201424754035; filter_starttime=6%3A00; filter_endtime=12%3A00; _ga=GA1.2.2031844175.1410181977; __atuvc=13%7C37; PHPSESSID=4x1xc4ca4238a0b923820dcc509a6f75849b; filter_display_mode=grid; filter_search=; filter_where=eindhoven; filter_startdate=01/09/2014; filter_enddate=05/09/2014; filter_order=itemdate; filter_dayparts=; filter_distance=100000; filter_categories=; list=%2C2797
Host:********.nl
Pragma:no-cache
Referer:***************/index.php?action=editvisit
User-Agent:Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.103 Safari/537.36
X-Requested-With:XMLHttpRequest
Response Headersview source
Connection:Keep-Alive
Content-Encoding:gzip
Content-Length:156
Content-Type:text/html; charset=utf-8
Date:Thu, 11 Sep 2014 09:15:03 GMT
Keep-Alive:timeout=5, max=88
Server:Apache/2.2.22 (Debian)
Vary:Accept-Encoding
X-Powered-By:PHP/5.4.4-14+deb7u14
EDIT:
now i use this code, but with the same result...
$.post( "inc/api/do.login.ajax",{
username : ""+$('#uForm_un').val()+"",
pass : ""+$('#uForm_pw').val()+"",
src : "web"
}).done(function(data) {
console.log(data);
}, "json" );
Solution:
change this:
inc/api/do.login.ajax
to
inc/api/do.login.ajax/index.php
with a get request it works fine but with a post...
sorry for taking your time and thanks! every answer was usefull!
I'm trying to use curl to post some data and retrieve it from a website that isn't mine, the websites form doesn't seem to have a form action and the page doesn't reload when you submit the data and there also seems to be some js behind the click of the button.
$url = "http://emonitoring.poczta-polska.pl/#";
$parm = "numer=RR123456789PL";
and here is the curl:
array(
CURLOPT_URL => $url,
CURLOPT_POST => TRUE,
CURLOPT_POSTFIELDS => $parm,
CURLOPT_RETURNTRANSFER => TRUE,
CURLOPT_FOLLOWLOCATION => TRUE
);
I execute and init the curl as expected, just showing the important parts. Here is also the live http headers output:
POST /wssClient.php HTTP/1.1
Host: emonitoring.poczta-polska.pl
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Content-Type: application/x-www-form-urlencoded
Origin: http://kody.poczta-polska.pl
Referer: http://kody.poczta-polska.pl/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Content-Length: 1215
Content-Type: text/html; charset=UTF-8
Date: Mon, 30 Jun 2014 03:31:59 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Server: Apache
X-Cnection: close
At the moment it just shows the page and it doesn't look like that form was submitted, I've also tried putting the url as: "http://emonitoring.poczta-polska.pl/wssClient.php" and just get told to enter the number.
In such cases you go to chrome, hit F12, go to network, submit the form and see what is sent to the server. I see this posted
s:fggsbnqu033gqiipemr50fer56
n:RR123456789PL
l:
If you view source you see
if (jQuery('#numer').val().length == 19) {
var numer = dodajck(jQuery('#numer').val())
} else var numer = jQuery('#numer').val();
jQuery.ajax({
type: 'post',
cache: true,
dataType: 'html',
data: ({
s: 'fggsbnqu033gqiipemr50fer56',
n: numer,
l: ''
}),
url: 'wssClient.php',
The s:.... could mean you need to have a session on their server to be able to call the wssClient - if so, you will need to CURL with sessions
If you can call their server without a session or you have a session before you call you can curl using the parm is n= and not numer= and you need to have calculated the checksum using their function which can easily be translated to PHP
function dodajck(numer) {
// dodatkowe sprawdzenia i określenie wag oraz części numeru, która
// ma zostać zważona
//String wagi;
//String doWazenia;
var wagi = "3131313131313131313";
var doWazenia = String(numer);
// wyliczenie sumy iloczynów waga * cyfra
var suma = 0;
for (var i = 0; i < 19; i++)
suma = suma + Number(doWazenia.substring(i, i + 1)) * Number(wagi.substring(i, i + 1));
// ostateczne sprawdzenia
// przykład numeru 20-cyfrowego
// 00
// 1 - rodzaj?
// 590 -- kraj 590 = PL
// 0773 -- firma 0773 = PP
// 3 -- rodzaj przesyłki
// 12345678 - numer przesyłki
// 9 - CK
// ważone są numery od 1 do 19
var ck = 10 - suma % 10;
if (ck == 10) ck = 0;
return String(numer) + String(ck);
}
The form is submitted via AJAX. To see the exact HTTP request simply fire up the developer tools in Chrome or Firefox (F12). Navigate to the 'Network' tab, and hit the submission button on their website. You should see a request being fired off. If you open it up, you will be able to see everything you need to make the request yourself - URL, Parameters and their format, HTTP header values, etc. - and the response you're supposed to get.
Hope this helps!