I'm using Firebug and NetExport on Linux to save all web browser communication (mostly HTTP and HTTPS requests and responses). However, in my .har file I see messages like this:
The resource from this URL is not text: http://...
Instead of these messages I want to see the actual, full binary content (not even a single bit transformed or changed or lost). How do I get that?
I have root access on the local machine. A solution using Chrome or Firefox is fine.
Please don't recommend that I download binary files manually, there are too many of them, and I need to time the downloads perfectly, with the correct set of cookies (which may expire by the time I download manually). Please don't recommend non-Linux solutions, I have access only to Linux systems. Please don't recommend Wireshark (or tcpdump), because it can't save decrypted HTTPS traffic if I don't have the private key of the server.
In about:config I've set extensions.firebug.cache.mimeTypes to a space-separated list of MIME types, restarted Firefox, and everything got saved.
application/x-shockwave-flash image/gif image/jpeg image/png application/octet-stream
Please note that some documents are still missing from the .har file, I get this:
Reload the page to get source for: http://...
Related
i have some problem with .htaccess file.
For prevent download or print of pdf documents , i am using PDF.js for reading contents.
Now i want to disable direct http connection to those files.
Inside the pdf.js folders, i put a directory called "doc", that contains all items and this .htaccess:
Order allow,deny
Deny from all
<Files ~ "viewer\.html$">
Allow from all
</Files>
Where viewer.html is the page that contains the documents reader.
So, when i try access from my browser to
localhost:8080/test/pdfjs/web/viewer.html?file=doc/mondia.pdf
i get:
Unexpected server response (403) while retrieving PDF "../test/pdfjs/web/mondia.pdf"
Where i am wrong?
If PDF.js is running inside the user's web browser, then the user needs to be able to download the PDF document. Apache can't (reliably) tell the difference between "PDF.js on the user's computer" and "Google Chrome on the user's computer" - both are HTTP requests from the user's computer for the resource.
If you really wanted to, you might be able to detect some header set by PDF.js when it requests the PDF, and refuse requests without that header. That would stop casual users directly accessing the file, but anyone who presses F12 in their browser could see the PDF being downloaded by PDF.js and save the contents from there.
Even if you served it in some form other than PDF, the user could copy and paste the resulting HTML, or take a screenshot of how it renders to the screen.
Stopping a user doing something with their own computer is fundamentally hard; if they can read something on their screen, you have sent it to them in some form. To really block them, you need a trusted "DRM" encryption system that renders directly to screen without ever making decrypted data accessible to the user. In the vast majority of cases, that would be completely overkill, and just annoy your users (for instance, blind users probably won't be able to access the content, as their screen reader software will not be trusted).
You can try with this plugin
https://it.wordpress.org/plugins/editionguard-for-woocommerce-ebook-sales-with-drm/#description
or similar,
DRM is the best solution for wordpress site.
Or try with this header in pdf-js
How to set range header from client with pdf.js?
Please edit the .htacess file present in Vtiger_root_location/storage
add 'pdf' option as follows:
How do I get my website to save images to clients computer and use them, not redownload them every page reload?
I tried to send header("Cache-Control: max-age=3600"); but that had no effect.
You'll need to sand caching headers for the image files, not for your HTML document. You can use the header function only if the files are actually served by a PHP script - not if they are static files handled by the web server. If they are static files, check the documentation for your web server of choice.
Also consider sending en Expires header, and disable ETags.
Our IIS server has Dynamic and Static HTML Compression enabled, but when I browse to our website and view the Response Headers in Fiddler, I only see the "Content-Encoding: gzip" header for one resource (a flash file).
Why would the other response types not have this header? Does it mean that compression is NOT working for the other responses?
The only way to be 100% sure that compression is active is to compare the size of the downloaded resource against the original file on the server. The network tab of the Firebug extension can help you here.
It looks like our company network was actually stripping out the Content-Encoding header. (I have no idea why). When I browse from home the gzipping seems to work fine. This post on StackExchange.com helped me figure it out.
HI
I have the following (apparently simple) problem: I have to install a simple website, made by someone else, on a web hosting account. The site consists of lot and lot of HTML pages, no dynamic content, created some in MS Word and saved as html, some in frontpage, etc. A mixed bag.
I uploaded initially on a test account on my server (Win Server 2003) and it works ok.
Then I uploaded on the real web hosting (fedora / apache).
When I loaded the site in browser I see lot of odd craracters (instead of diacritics, used in html pages). Duacritics were saved as escape code, like & #350; for Ș (using codepage 1252).
The problem is, when I load the page from my own test server, the browser select automatically correct codepage (1252).
But when I load the site from public host, the same bowser loads the page using utf-8 encoding, rendering page with odd caracrets.
The test site on my server can be seen at http://radu-stanian.dnsalias.com and on public server at http://radustanian.scoli.edu.ro/
This happens no matter what browser I use (IE, ff or chrome)
What should I do to force browsers to load the pages in correct codepage?
Making changes to every page is not an option, because there are hundreds of pages, created by various peoples which could edit them further for update
Thank you
I did a quick google search and this is what I came up with:
http://www.w3.org/International/questions/qa-htaccess-charset
I've never messed with the .htaccess files with this scenario, but from what I read up it seems like you can force a certain character codepage mode based on file extension, which is what you need.
I'm not sure if it works, but hopefully it does :)
Most web servers allow you to edit HTTP headers. One of them can specify the exact codepage for a browser to use.
For example:
Content-Type: text/html; charset=ISO-8859-4
I've added a SSL certificate to an existing site, and now in IE I get a mixed content warning. Problem is, I don't know what's the non-secure content IE is warning me about. It's a simple html page, with a few Flash, a few images, a loaded CSS and JS.
How can I find out what's the non-secured content..?
Edit:
I found the culprit: it's the JS AC_RunActiveContent.js used to display Flash movie. So anyone has an idea on how to prevent SSL mixed content when using AC_RunActiveContent.js.?
This means that something is requesting content using the http protocol specifically, or you have an absolute path to an image or other content that begins with http instead of https.
A few tips: Use relative paths everywhere you can. If you must use an absolute path, and it's to a server you own, use https. If you're loading stuff from off your site, you're probably stuck with the mixed-content warning.
This also goes for your scripts, check out the JS, and the CSS template and make sure they're not the guilty parties - if they are change them to use relative paths, or to request items via https instead of http (assuming you're positive that the server they're referencing supports https, if it doesn't you're stuck).
There are a few other details, this might be helpful.
Ok, so here is the solution for my particular problem. It was the codebase value in my code that needed to be https as well (I didn't think it would trigger the warning, as my Flash were displaying correctly, oh well)...
AC_FL_RunContent( 'codebase','https://download.macromedia.com/pub/shoc...
Link to Adobe info on this: Security Information error in Internet Explorer
I use the Firefox console -- it reports the http resources it blocks from fetching on a mixed content page.
Search your source for http: only. Another great tool to help you out is Fiddler with which you can see what's getting downloaded upon requesting your page.