So I know I can load cookies in Watir from a file using:
browser.cookies.load("cookies")
The problem is that this will only load cookies for the page I am currently on. So if I want to load the cookies for a webpage I have to visit it before doing so. Is there any way to load cookies before you visit the page?
Watir mimics what a user can do on a browser. A user must be on a page to load cookies for it, so also does Watir/Selenium. You would need to go to the site, load the cookies then you can refresh page / navigate to where on the site you need to be.
Related
I am trying to use node with Puppeteer to log in to a website but it doesn't let me navigate to the login page. Instead I am re-directed to a page that says that I need to enable cookies in my Chromium browser. When I navigate to the login page manually, I'm not re-directed and my cookies are enabled so I don't know how to fix this.
This problem has been solved by using a different login URL.
I want to host a webpage that can only be served via iframes within my own domain.
An example of this in the wild would be Codepen. They sandbox the content of a "pen" in an iframe, but if you try to load the url from a browser it responds with an empty page.
I understand there might be multiple answers to this question but I'm hoping someone could point me in the right direction.
Would I be checking the referrer server side? Are there any other options?
Referer is a good start for the server side.
Also you can try using CORS headers:
Only allow iframe to load content
Or validating using client side javascript code:
How to identify if a webpage is being loaded inside an iframe or directly into the browser window?
Also check info about referrerpolicy
https://developer.mozilla.org/en-US/docs/Web/HTML/Element/iframe#attr-referrerpolicy
I have an application that embedding the content from another server via iframe. how to prevent the iframe content accessed directly over browser?
this is my page that embedding with iframe :
http://10.1.1.1/pustaka/random/parameter
and this is my iframe content server :
http://10.1.1.2/flipbook/folder/related/to/random/parameter
How to use .htaccess to allow page access in my iframe but not directly?
Try searching around for answers =] I believe this one will help you out, though.
My website has an iframe used for loading my client's websites (only 5).How can I make sure the iframe is secure? Also by editing iframe src It allows to load any other websites.How can I prevent it?
I mean editing the iframe src from web browser (Like Chrome->Inspect element)
You cannot possibly prevent the user from changing anything and everything in the page they are viewing in their browser.
To inject a malicious website, a user would have to deliberately attack themselves. This does not constitute a threat.
HI all! I am working on a JAVA/JSF app that runs within an iFrame. The client authenticates Outside of the iFrame, then redirects back to a page that contains the application inside of an iFrame. If the client has 3rd party cookies disabled, the iFrame will not be able to access the cookie, and it will never see the jsessionid.
What I would like to do is test for the cookie in the app, and if not found, redirect using JS to the current page, with ;jsessionid appended to the end. I tried that with
;jsessionid=#{session.getId()}
Which looked OK...but would never maintain the current session. I then added an
<h:form><h:commandButton/></h:form>
to the page, turned off cookies, viewed the page in a browser, and saw that the jsessionid listed on the form was different than the one provided by session.getId().
My question is this......how can I get the correct jsessionid, the one that would be part of the form?
Thanks! Mason
--Update--
I should mention that this is on the same domain, webserver, and application. an and the #{session.getId()} on the same page will return a different jsessionid at the same time.
Sessions are by default domain- and context bound. Your issue indicates that the page which the iframe is serving runs at a different domain and/or context.
If the page in the iframe runs at a different domain, then you'll have to write a "local" servlet which acts as a proxy with help of java.net.URLConnection or Apache HttpClient and let the iframe link to that instead.
If the page in the iframe runs at same domain but at a different context (and runs at same webserver), then you need to configure the server to share the same session among all running webapps. How to do that exactly depends on the server in question. If it's Tomcat or a clone/fork, then check the emptySessionPath attribute of the HTTP connector.