I have a problem where I load a URL in UIWebView. The URL redirects to a different location.
I handle this redirect with the following code:
- (NSURLRequest *)connection:(NSURLConnection *)inConnection willSendRequest:(NSURLRequest *)inRequest redirectResponse:(NSURLResponse *)inResponse {
if(inResponse) {
NSMutableURLRequest *req = [[inConnection originalRequest] mutableCopy];
[req setURL:[inRequest URL]];
return req;
}
return inRequest;
}
However, when the page loads, I get 404 on all the images. I can load the URL in Safari without any problems. This is happening on iOS6.1 and iOS7
I'm completely stumped as to what to do.
Unfortunately, I don't have access to the server, so I have to handle everything in my app.
Thanks for any advice.
Ah okay,
So what seems to have been happening, is that the my custom auth protocol was handling the initial request, then when the redirect request came in, a second caching protocol was intercepting the request for the images and breaking the redirect.
In the authprotocol, in the startLoading method I do the following:
[NSURLProtocol setProperty:#YES forKey:#"AuthSet" inRequest:newRequest];
So in the caching protocol's canInitWithRequest method I do the following:
if([NSURLProtocol propertyForKey:#"AuthSet" inRequest:request] != nil)
return NO;
Since, when we are caching, we have no need to follow redirects. So basically if the Auth protocol grabs the request, the caching protocol should not respond to it.
Will update after some testing to see if there are any other side effects.
Related
what is the proper way to redirect to a different page in Hybris?I have been the following approach quite a lot:
link
But some people emphasized that it is better to redirect using a separate method and using redirect:
What is the correct way?
Let me first tell you basic difference between request Redirect Vs Forward.
Redirect: Server sends a header (in response) back to the browser/client, which contain redirect URL, then browser initiates a new request to redirect URL.
When can we use Redirect?
Usually, when data is posted to the server, we should redirect to get method(URL) to prevent data resubmission on browser refreshed(F5).
return "redirect:/redirectToGeturl";
Forward: Within the server, control can be forwarded to target resource(URL). Which is done by container internally so browser/client is not aware of it.
When can we use forward?
Sometimes, we want to show different page/resource in response without changing original URL, then we forward request to other controller internally.
return "forward:/404";
What is the proper way to redirect to a different page in Hybris?
public static final String REDIRECT_PREFIX = "redirect:";
public static final String FORWARD_PREFIX = "forward:";
This class level constants are defined in AbstractController. You can use that by extending your controller to AbstractPageController or AbstractController.
return REDIRECT_PREFIX + "/redirecturl";
return FORWARD_PREFIX + "/404";
< a href="< c:url value="/path" />">link< /a >
This is the correct way to declare a link on client/browser side, which sends GET request to /path once the user clicks it.
Find detail post here
I'm trying to read in a JSON reply from the Google Sheets API in a Java ME MIDP application. I've tried the following with other addresses and it receives their content fine but the actual API I want to use is Sheets and it always returns an "Certificate Failed Verification" exception.
HttpConnection c = null;
InputStream is = null;
StringBuffer str = new StringBuffer();
try
{
c = (HttpsConnection)Connector.open(urlstring);
c.setRequestMethod(HttpConnection.GET);
c.setRequestProperty("Content-Type", "application/json; charset=UTF-8");
c.setRequestProperty("User-Agent","Profile/MIDP-2.1 Configuration/CLDC-1.1");
is = c.openInputStream();
int len = (int)c.getLength();
int ch;
while ( (ch = is.read() ) != -1)
{
str.append((char)ch);
}
}
catch( Exception e ){ alert( ""+e ); }
return str.toString();
Connector.open() implicitly returns a HttpsConnection if the URL starts with Https so it should still work.
An example of a HTTPS request
https://jsonplaceholder.typicode.com/posts/1
Which won't work but the above also allows for HTTP connections
http://jsonplaceholder.typicode.com/posts/1
Which will work.
Google Sheets however requires HTTPS and thus is not obtainable via the above code. How can I make a GET request over HTTPS to the sheets API? Thank you.
I had a similar problem when implementing an online highscore system for one of our games. It would fetch highscores fine on some phones but didn't work on other phones. The explanation:
Some phones have their own built-in "MIME-type checker". When you call (HttpConnection)Connector.open(urlstring) the phone expects a text/html response. When it instead gets a application/json (or other) response, the phone gives its own "Not found" error.
Not sure if your problem is related, but worth a try? See if you can add a mime-type "application/json" in the request header of the HttpConnection.
From what I've gathered it seems that when connecting over HTTPS the phone uses an older version of SSL or TLS which has since been deprecated causing some API's to not respond.
I found that if you make an API request over HTTPs with the Opera Mini web browser it works. Giving you the desired response but on closer inspection it seems Opera gets the response for you and gives it back via a different URL. In attempt to furnish these older devices that cannot use a newer version of SSL/TLS to make the secure connection themselves.
The app I'm working on has a controller that issues templates to the front end (single page app). It's very basic, and simply consists of
#path = params[:path]
render template: "templates/#{#path}", layout: nil
Here my concern however is the direct use of the users input. Everything about this to me feels like it can be attacked with something as simple as path traversal. The route for this is
get "/templates/:path.html" => "templates#file", constraints: { path: /.+/ }, defaults: { format: 'html' }
I've tried multiple things to attempt a path traversal attack, such as
request /templates/path/to/../somewhere/else.html
request /templates?path=/path/to/../../something.rb
request /templates/index.html?path=/path/to/../../config/something.html
request /templates/path/../../../file.html
Fortunately, I haven't had any success with this. The requests that just start with /templates and don't specify anything after it, don't match the route thanks to the constraint so that is good.
It seems as though when that route is matched, rails doesn't allow you to override the path parameter through a url parameter, so I don't seem to be able to inject it there.
The ones that interest are the first and last examples above, where rails seems to internally be changing the requested URL before invoking the routes file. When I request /templates/path/to/../somewhere/else.html, my console output shows a request for /templates/path/somewhere/else.html. When I make a request for /templates/path/../../../file.html, the log shows a request for /file.html.
Am I missing something somewhere that will leave the app open to security issues, or is this just rails being sensible and protecting itself for me?
UPDATE
I've done some more digging, and if I try doing some URL encoding then I can cause the server to simply not respond at all. If I request /templates/%2e%2e%2f%2e%2e%2f%2e%2e%2ffresult.html then I just get an empty response with a connection: close header.
I assume that the parameter parser higher up in the rack is checking all urls for this type of attack? Regardless, my original question still stands. Am I missing something here?
I am trying to append few extra parameters to the url that user typed (before the page gets loaded). Is it possible to do?
For example, if user types www.google.com, I would like to append ?q=query to url (final: www.google.com?q=query.
Thanks
The webRequest API might be what you need. This code goes in your background page:
chrome.webRequest.onBeforeRequest.addListener(
function(details) {
if( details.url == "http://www.google.com/" )
return {redirectUrl: "http://www.google.com/?q=defaultquery" };
},
{urls: ["http://www.google.com/*"]},
["blocking"]);
This is an extremely specific rule that redirects visits to http://www.google.com/ with http://www.google.com/?q=defaultquery, but I think you can see how to expand it to include more functionality.
Note that this will reroute all attempts to reach http://www.google.com/, including Ajax requests and iframes.
Per the documentation, you will need to add the webRequest and webRequestBlocking permissions, along with host permissions for every host you plan to intercept:
"permissions": [
"webRequest",
"webRequestBlocking",
"*://*.google.com/",
...
],
This is an old question still I am answering it for future readers.
Modification of query parameters is a little tricky because you can endup in an infinite loop and Chrome/Firefox may detect it and process whatever is the current state of the request URL.
I have faced this situation in my chrome extension Requestly where Users used Replace Rule and replaced www.google.com with www.google.com?q=query or did something similar.
The problem with this approach is browsers intercept the request URL after adding query parameter so the parameter will be added multiple times and corrupt the URL. So you have to ensure either of the following:-
Do not intercept a request once it has been redirected.
Check if the parameter already exists, then do not redirect it.
As correctly pointed out by #apsillers in his answer, you have to use webRequest API to perform any modifications to the URL. Please have a look at his answer
and write your code accordingly.
Just in case, you are looking for an already available solution, consider trying Requestly's Query Parameter Rule. Here is a screenshot of how it looks like:-
For Firefox, you can download Requestly from its home page.
How do you track outbound links for your web site, since the request is logged on the destination server, not yours?
You can add a quick JQuery script to the page that will track external links and can either redirect them to a file on your server that will track the link and then forward to it, or add an ajax request that will submit on click for external links, and track them that way.
See:
http://www.prodevtips.com/2008/08/19/tracking-clicks-with-jquery-and-google-analytics/
https://web.archive.org/web/20090214024330/http://www.justskins.com/development/how-to-track-clicks-on-outgoing-links/132
Method #1: target="_blank", onclick and Google Analytics Events
Format your outgoing links with the following attributes:
outgoing
Define a javascript tracking function (requires google analytics to be loaded already):
function trackOutgoing(el) {
ga('send', 'event', {eventCategory: 'outbound',
eventAction: 'send',
eventLabel: el.getAttribute('href'),
eventValue: 1});
};
Pros:
Does NOT interfere with normal link behavior
Does NOT require redirecting to another url
Cons:
The onclick is not guaranteed to execute (user or browser could terminate the main window)
Method #2: Redirecting with Javascript and Google Analytics Callbacks
Format your outgoing links with the following attributes:
outgoing
Define a javascript tracking function (requires google analytics to be loaded already):
function trackOutgoingAndRedirect(el) {
var url = el.getAttribute('href');
ga('send', 'event', {eventCategory: 'outbound',
eventAction: 'send',
eventLabel: url,
eventValue: 1,
hitCallback: function() { document.location = url; }});
}
Pros:
Does not require target="_blank"
Higher chance of your event being registered with Google Analytics (compared to Method #1)
Cons:
Overrides the default behavior of links with return false;
Cannot open outgoing links in a new window
Method #3: Using a Redirect URL
Format your outgoing links with the following attributes:
outgoing
On your site you will need to implement a redirect script which is beyond the scope of this answer.
Your redirect script would most likely track the outgoing link and then redirect to the provided url.
Pros:
No Javascript required
Does NOT require Google Analytics
Does NOT interfere with the normal link behavior
Cons:
Harder to trigger Google Analytics Events
Links do not link to their original URL. Which may have negative SEO implications.
Add an onclick or onmousedown handler to the anchor tag. You can see many sites doing this, such as Google.
I don't like the redirect as described by Eric Tuttleman, as you unfortunately lose the 'search engine friendliness' of the link.
I handle this on a site I own by adding an onClick to my outgoing links, which fires a function which sends the link URL and a timestamp to my database. I then wrote a backend which retrieves the data, and lets me view it by such categories as 'Most clicked / 24h', 'Most clicked / 1w' etc.
I hope this helps.
On one system I've worked on, we ended up storing redirects in a database table and creating a redirect page that takes an id as an input. On our content pages, we link to the redirect page with an unique id from this table. Once the redirect page looks up the url via the id from the table, it then sends the client a redirect response, sending them to the ending page.
This does give us logging of external links, and as an added bonus, it makes mass changes to external urls a bit easier in some cases.
Some newer options that work without any hacks as explained in https://css-tricks.com/send-an-http-request-on-page-exit/ are Fetch with the keepalive-flag or navigator.sendBeacon.
keepalive is not yet (Aug. 2022) supported by Firefox (Can I Use), but navigator.sendBeacon works in all modern browsers (Can I Use).
// normal fetch, not guaranteed to work
someLink.addEventListener('click', function(event){
fetch('http://www.testing.local/?origin=classic-fetch');
});
// fetch + keep alive (not working in Firefox as of 103, Aug. 2022)
someLink.addEventListener('click', function(event){
fetch('http://www.testing.local/?origin=fetch-keep-alive', {
keepalive: true
});
});
// navigator.sendBeacon (all modern browsers)
someLink.addEventListener('click', function(event){
navigator.sendBeacon('http://www.testing.local/?origin=beacon');
});