I have links that looks like this on my website:
https://website.com/view?id=8d23iva
When users go to the link, I want the URL to change based on information related the id parameter like this:
https://website.com/view?id=8d23iva/amazing-book-title
I have been messing around changing the req and res object data before the user is sent to the page similarly to this.
app.get('/view', (req, res, next) => {
res.baseUrl = "/test";
req.url = req.url + '/test';
req.originalUrl = req.originalUrl + '/test';
next();
});
As an HTTP server, the primary way you can influence the client (i.e the users browser) is with your HTTP response. To change their location you can return a redirection response.
A redirection response is any HTTP response with a 3XX status code and a Location header set to the new destination. In express you can use res.redirect(/*your location here*/) to send a redirection response. For more information about different types of redirects check out this MDN article.
As a side note, you could also consider making the change to the location using javascript on the client once the page is loaded. Though this will depend on other factors. You could investigate the History api for this.
Related
I have this code with session check and i want to pass data from server to client
I want to display the session name in the lobby.html page
but im new to nodejs express and i dont know how to.
app.get('/lobby', (req, res) => {
// check session
sess = req.session;
if(sess.name) {
// redirect to lobby.html passing the session name
}
else
res.sendFile(path.resolve(__dirname, './public/client/error.html'));
});
```
Redirects are by their definition GET requests. The ways to get data from one get request to the next are as follows:
Add a query parameter to the URL you're redirecting to and then have the client or the server parse the data out of the query parameter and adjust the content accordingly.
Set a custom cookie with the data, then do the redirect and have the client or server pull the data from the cookie on the redirected request.
Have the server put some data into the server-side session and have the subsequent redirected request get the data from the session and adjust the content accordingly.
Both #2 and #3 are vulnerable to subtle race conditions if there are multiple incoming requests, the cookie or session data may get acted upon for some other incoming URL rather than the redirected URL unless the data also includes exactly which URL it is supposed to apply to. Option #1 is not susceptible to that type of race condition.
Looks like req.sess is passed from browser, so why not get name through document.cookie on the browser side directly?
I need to build a small nodejs app that receives a request as such:
http://localhost?url=http://www.someurl.com
The server needs to receive the request, download the page from given url, modify its HTML, and return it to the client (proxy?)
router.get('/', function(req, res, next) {
// Get url from the query
var url = decodeURIComponent(encodeURIComponent(req.query.url));
request(url, function(error, response, html) {
// ...
// DO SOME MODIFICATIONS TO THE HTML HERE
// ...
res.send(html);
});
});
My current problem is that css/js files that have relative URLs aren't being forwarded to their origin, but instead, they're being sent to download from my server like this:
http://localhost/css/some-css-file.css
http://localhost/js/some-js-file.js
This is just part of the problem, all other resources with relative URLs, and all HTTP requests that page makes that aren't an absolute URL request, are also going to the root host which is localhost in my case.
I've done some research but couldn't quite get the whole deal of how to do this properly.
Is the pipe function what I need ? I don't quite get how to use it.
I am trying to implement login feature in Express.js version 4 app. I need to determine whether an user is logged in before he can do certain actions. So I have a middleware called as isLoggedIn which solely checks if user object is in session, if not, the user is redirected to login page. After the user successfully logs in, he must be redirected to the original URL.
app.get('/someaction', isLoggedIn, 'actual function to be executed');
Now inside isLoggedIn method, I see that req.url and req.originalUrl contains the requested action. However if the user is not logged in, when redirected to /login page, both req.url and req.originalUrl has /login as the contents. From what I read here, I can override req.url for internal routing purposes. But in my case both req.url and req.originalUrl gets overridden by /login action.
What am I doing wrong?
From the Express.js documentation:
req.url is not a native Express property, it is inherited from
Node’s http
module.
This property is much like req.url; however, it retains the original
request URL, allowing you to rewrite req.url freely for internal
routing purposes. For example, the “mounting” feature of app.use()
will rewrite req.url to strip the mount point.
In other words, req.url might be overwritten during the internal routing, while req.originalUrl will remain untouched.
The problem is that there are actually two entirely separate requests coming in to your server. The request for the /login page doesn't know anything about the page that the client requested before that. So when you redirect to the /login page, you need to save information about the originally-requested URL somewhere. I know of 2 solutions:
Some fancy work with session states allowing you to save the original URL as a variable, probably using promises.
Add the original URL as a query parameter to the /login request.
Check out this answer:
How do I find original request path before redirect Express 4
You could achieve user redirection post login to the originally requested Url by using expression-session.
Steps:
At the time when isLoggedIn middleware is run you should capture req.originalUrl to req.session variable e.g. req.session.returnToUrl = req.originalUrl.
Upon authentication you can check if returnToUrl is set and otherwise set redirection Url to any default value you prefer.
const redirectUrl = req.session.returnToUrl || "/anyOtherUrl";
After login redirect user to the Url using res.redirect(redirectUrl)
Credit to DevSprout and Colt Steele. A more detailed answer is available here
I'm trying out a JSONP call. I have a NodeJs app in server 1, under domain domain1.com looking like this:
server.get('/api/testjsonp', function(req, res) {
var clientId = req.param('clientId');
res.header('Content-Type', 'application/json');
res.header('Charset', 'utf-8')
res.send(req.query.callback + '({"something": "rather", "more": "fun",
"sourceDomain": "' + req.headers.origin + '"' + ',"clientId":"' + clientId +
'"});');
});
In another server (server 2) and under a different domain (domain2.com), I have created a test html page with a call like this:
var data = { clientId : 1234567890 };
$.ajax({
dataType: 'jsonp',
data: data,
jsonp: 'callback',
url: 'https://domain1.com/api/testjsonp?callback=1',
success: function(data) {
alert('success');
},
error: function(err){
alert('ERROR');
console.log(err);
}
});
I have 2 problems here:
1) Why is this working? Isn't it a cross-domain call and therefore I'd need to implement the ALLOW-ORIGIN headers stuff? I'm following this example:
http://css.dzone.com/articles/ajax-requests-other-domains
http://benbuckman.net/tech/12/04/cracking-cross-domainallow-origin-nut
2) In the server, I can't figure out which domain is making the call, req.headers.origin is always undefined. I'd like to be able to know which domain is calling, to prevent unwanted calls. Alternative I could check for the calling IP, any idea how?
Many thanks
Why is this working? Isn't it a cross-domain call and therefore I'd need to implement the ALLOW-ORIGIN headers stuff? I
Are far as the browser is concerned, you aren't directly reading data from a different origin. You are loading a JavaScript program from another origin (and it happens to have some data bundled in it).
In the server, I can't figure out which domain is making the call, req.headers.origin is always undefined. I'd like to be able to know which domain is calling, to prevent unwanted calls.
The URL of the referring page is stored in the Referer header, not the Origin header. It is, however, optional and won't be sent under many circumstances.
If you want to limit access to the data to certain sites, then you can't use JSON-P. Use plain JSON and CORS instead.
Alternative I could check for the calling IP, any idea how?
That would give you the address of the client, not the server that directed the client to you.
Is it possible to tell the difference between a request coming directly from a URL in a browser vs. a resource being called from a remote web page?
For example, I would like to serve a web page when someone visits my URL directly (types in http://mywebsite.com) in a web browser, but when a user calls a resource on my app via a url from a seperate domain (like <img src='http://mywebsite.com' />) then I'd like to serve different content.
I've looked in the request and in the headers but it looks the same regardless of
I think you are looking for the referer string in the request.header.
So the simple version would look like this:
http.createServer(function (req, res) {
var ref = req.headers.referer;
if(ref) {
// serve special content
}
else {
// serve regular homepage
}
}).listen(1337, '127.0.0.1');
edited the answer to reflect the input from anu below - it should be referer
In middleware you have to use this way "req.headers.origin"
app.use(function(req, res, next) {
//var origin=req.headers.origin
next();
});