I have an API function that verifies a user's email but I dont really know what to do next. I want to redirect the user to an HTML page that says "your email has been verified" but I don't know if I should use res.sendFile() or res.redirect().
I tried both of them but res.sendFile doesn't work when I include images because if the API is /user/verifyEmail, any images I include in the HTML have src=/user/myimg for some reason and therefore they aren't sent or dislayed. I then tried res.redirect() with the HTML page placed in my apps static files and this works (with the images too) but it just feels wrong because anyone can open this page if they go to myapp/verification.html since the file is in the static folder.
What is the right thing to do here?
You can resolve this concern by adding middleware for securing that routes
but it just feels wrong because anyone can open this page if they go to myapp/verification.html since the file is in the static folder.
In conclusion, res.redirect() is the right thing to do here.
You have to set unique value in your path like
www.xyz.com/verification/unique_value
unique_value define that which user verify this page (you can encode user id and set as unique_value)
then you can use GET api for www.xyz.com/verification/unique_value this path
You can decode in api nad check it's user or not if it's user then you can display page(res.render()) else redirect to home page (res.redirect())
Related
I am working on an automate flow that emails a share point page to a list of subscribers whenever the page is updated.
Everything works except the links contained in the email (/page). On share point i am able to navigate to the link however in the email the page redirects me to /sites/xxx/xxx.aspx. It is missing the tenant information.
Is there a setting i missed or something that is preventing sharepoint from including the full link when sending the email?
I made sure the full link was typed when the hyperlink was created and am using an HTTP to share point (in automate) and inserting the "CanvasContent1" into the email. I checked the html being sent and the link title is given as the full link but the href is given as /sites/xxx/xxx.aspx.
Thank you for everything
On a SharePoint page, links will be converted to relative links when the page is saved.
If you copy the page content as rendered into an email, then, yes, the tenant will not be included in the link, since the link is never intended to be used outside of the context of the page, where the link works fine.
So, you need to change your approach when emailing the page. Maybe email just a link to the page, then people can take it from there. Or, manipulate the html content in PowerAutomate and replace /sites/xxx with https://Yourtenant.sharepoint.com/sites.xxx
I'm building a website for a client (real estate), and on the website are links to a different website (adverts for properties). My client routinely activates and deactivates these adverts when he rents out a certain property.
The hrefs on my links look something like this:
<a href="https://domain.xx/estate/idxx/des-crip-tion-xx-xx-x-xx/">. If the advert is indeed active, it just takes them to the advert. If it is not active, however, the website in question redirects the user to https://domain.xx/estate-for-rent/city/, effectively sending the users to my client's competition.
I wish to implement some logic where, before handing the users over to the other website, the server checks to see if it is redirected to https://domain.xx/estate-for-rent/city/, or some similar logic, and if so, uses preventDefault, or something, and notifies the user that the advert is not available instead of sending them to the other website.
I wonder if I can use the fact that only if the advert is active does the resulting url in the users browser window (after they've been directed to the other website) match the url in my href. Can i somehow get the server to try to access the url in my href, and have it see where it gets redirected, and then do something based on that? On the back-end, I'm running NodeJS with Express by the way, and if it matters, I'm relying heavily on EJS for templating. Thanks in advance for any help!
This sounds more like a problem you could solve on the client as opposed to the server. For example, at a high level here's how I would do it:
Handle the click event for each link (really simple to do a catch-all with jQuery)
Fire off a HEAD request via AJAX to the destination URL (this would be much more efficient than a GET but depends on the external service supporting this verb)
Use the status code to determine what to do next (e.g. 2xx allow redirect, 3xx pop a message and block)
I'm currently developing a bot for messenger, it works just fine for my page, now the thing is, we'd like that bot to work for multiple pages, even pages that are not ours, so a couple of questions:
How can I add others pages to my messenger webhooks? Do I have to become an admin of that page and do it manually on facebook devs everytime I want to add a new user?
When I get a new message I can retrieve it's page ID, but from there I need to get a page access token every message right? So that I know what page to message, because right now my token is just an hardcoded string... So basically, how to receive messages from different pages and distinguish them? I've been reading their pages access token docs but can't seem to make it work GET /{page-id}?fields=access_token,
(https://graph.facebook.com/1071071872997492?fields=access_token), this keeps returning "An access token is required to request this resource", I'm sure I'm not understanding something right, help would be greatly appreciated, any question ask away, thanks.
I've set up a login system for my website, where the server authorizes correct login details, then sends a hashed cookie to maintain the login session.
The issue is that when the user is logged in, I want to send the exact same pages, just with their login details in the custom header bar (most posts I have found here discuss sending an entirely new page on login, which I know how to do).
I guess I'm a bit perplexed by this, because I am reading an entire html file in, so it can't be edited on the spot, and I don't want to do a websocket call, because their information should be loaded in from the moment the page loads.
I'm sure I'm just missing something very simple here, but I haven't been able to find anything through searching.
It sounds like you want to send similar pages and not the exact same pages. If that is the case then I would suggest you use view templates to generate the HTML on the server instead of using static HTML files. I use Kiwi and I have a single layout.kiwi file that renders the main layout for many of my pages. The layout template renders links in the header section with this:
{{each headerItems}}
{{if $value.link}}
${$value.title}
{{else}}
<span>${$value.title}</span>
{{/if}}
{{/each}}
On the server I build an array {link: '', title: ''} objects and pass that to the function that renders the template. I build a different array depending on whether the user is logged in or whether the user has access to additional administration pages.
I'm trying to post a username & password from an HTML form to a protected folder on a website? Is this possible? I thought I just pass in a syntax in the URL like the below but not having any success
http://username:password#theurlofthesite.co.uk
I'm still getting the alert pop up asking for the username and password? I need to be able to auto log the person in..
Hope someone can help? Thanks
If you login via a HTML form, then this won't work. This is only for HTTP authentication, which is something else completely different.
I don't think many (any?) browsers support being opened to post data. Which leaves you hoping that the site accepts GET based logins (and they should be shot if they do.).
The address part of the URL is parsed by your web server, so the code which handles the HTML form never sees it.
If you want to pass parameters to a form, you must use url?field=value&field2=value2. This only works with forms that use the GET action. For POST, you need a program to generate an encoded document and upload that.
In both cases, your user name and password are broadcasted as plain text on the Internet, so the account will be hacked within a few hours. To put it more clearly: There is no way to "protect" the data in this folder this way. This is like adding a door with four locks to your house and keep the keys on a nail in a post on the street next to the door.
I did exactly what I did in the question and it works on all browser except Safari on a Mac