From the browser's point of view, I'd like to check if a specific site is logged in.
No developer wanted to check with these needs, so I couldn't even find a similar question.
There are many ways to login, so I think it is difficult to check the exact login status of all sites. Is there a way to check with pure browser function (DB, config? etc) rather than using JavaScript or Selenium?
Related
I have a question regarding executeJs function.
page.executeJs("$0.click();", downloadAnchor.getElement());
This line of code is not working in real iPhone Safari browser, though it works in mobile responsive mode from desktop safari. Appreciate your help on this
Browsers will be "suspicious" of anything starting a download that isn't a direct reaction to interaction by the user. This is done as a security precaution since starting to download files without the user's explicit consent can be dangerous in specific cases. Different browsers and configurations have different policies for exactly where to draw the line.
In your case, the download isn't started as a direct consequence of user interaction but instead as direct consequence of receiving a message from the server. This kind of pattern will simply not work reliably no matter what you do.
Instead, you need to design the interaction so that the download is directly triggered by the user. The easiest way of doing that is by having the user directly click on the actual download link. If you want to have some indirection, then you still need to make the action work directly in the browser without going through the server.
I would like to offer the possibility to delete the last hour web history of my users (in order to protect people who used the website but don't have technical skills) or at minimum the url of the website and the referer (google search, social media link, etc.)
Is it possible with a html/js button which would interact with history like some extension ( https://developer.mozilla.org/fr/docs/Mozilla/Add-ons/WebExtensions/API/history/deleteUrl ) ?
Thanks for your help
Clear-Site-Data is a header, implemented to different degrees by different browsers, to indicate to the browser that you'd like the browser to clear cookies, caches and other kinds of storage for your site. This can be a useful security practice for your site -- to clear any sign that the user has logged in, or to make sure that no one who uses the device later will be able to access that user's account.
While I can see important and legitimate use cases for it, it isn't possible to force or prompt the browser to delete the browsing history, even just for your site. You can see how there might be security issues with that, like an attacker clearing evidence of their malicious site from the user's device, or just annoying websites that hide themselves from history and so the user can't see where they were. See these other questions that have also longed for this capability:
How to clear browsing history using JavaScript?
How to clear browsers (IE, Firefox, Opera, Chrome) history using JavaScript or Java except from browser itself?
You might consider exploring the History.replaceState method and other parts of the History API. That won't let you delete URLs and referrers in general, but it can be used to modify the URL of the current page in the history. So if a user arrives on your site visiting a page about something particularly sensitive or revealing, you might be able to modify the current history so that their browser only records that the user visited your domain, and not that particular page.
I'm trying to scrape a login-only, bot-sensitive website. After logging in, when I perform a simple selenium function like driver.find_element_by_id('button').click(), the website displays a message along the lines of We think you are a bot. Please complete the CAPTCHA below to continue.
Is there any way for me to make selenium more human-like so I don't trigger CAPTCHAs?
Hopefully not.
You are scraping, i.e. you are developing a bot, and if you try to avoid being identified as a bot, it will just be a question of time until the captcha gets improved to detect your strategy.
DonĀ“t do it. The captcha is there for a reason, which is: to detect and lockout bots!
Better check if the page you want to scrape supports an API that allows computer-to-computer communication. If there is one, use it. If there is none, suggest one, but depending on whether the web page owner wants to support your goals, or not, he might say "no".
If I'm building a simple page to which one person (or a small number of people) will have admin access, how do I (ideally language-agnostically, but in Ruby if relevant) conceal the log-in link from most users, but reveal it to those who should have access?
I feel like this is something people must do all the time, and the answer is presumably all over Google, but I'm not quite sure what question I'm asking. I don't know what info I'd have to condition on (IP? What if admins want to log in from a different Wifi network?).
Is the normal approach to just not have a link, and use cURL or similar tools to log in? (which seems unwieldy)
Ah, I just realised at least one way of doing this is to have a page that I need to direct link to as the login page, so no-one sees a login link they can't use.
Feels obvious in retrospect :\
I was redirected here by Shopify support. I have three main questions for a project I'll be working on and wanted to see how possible some of the things would be.
We are looking to develop a plugin for use with Shopify to track purchases through the use of a link shortener (to see which link referred what purchases, etc.). I have a few questions that I'm not 100% sure on even after reading through the documentation.
The first problem that I seem to have is tracking the query string that the link shortener appends to the URL once it redirects. For this service, they use "?visit_id={hash}" and I need to be able to access this--at the very least on the "Thank You" page after an order. I saw in the docs that there is "landing_page_ref" (http://wiki.shopify.com/Order#landing_site_ref) but considering our query string is "visit_id" instead of one of the acceptable parameters, how would I be able to use that query string?
Lastly, I just have a question about how webhooks work with plugins that are on the app store. I know I can just call webhooks to wherever I want, like my personal server, but if this app gets onto the app store, I obviously don't want to hook everything to my own server. Is there a way to make it run on the store itself, and which URL should I use?
Lastly, what is the preferred method for handling configuration options for the plugin? Is there a way to hook into the admin backend or would all configuration have to be in a file within the plugin?
Thanks,
Andrew
I'll do my best to answer these for you. It sounds like you're used to building plugins for something like Wordpress - Shopify apps are a bit different.
You can't access anything on the thank you page for the order.
The thank you page/checkout process goes through a secured Shopify page that you don't have access to - so if you want information about what your URL shortener attached to the store pages, you'll need to retrieve it while they're on the page (using something like a ScriptTag + Javascript to track the query string), or hope that it's inside the Order when you retrieve it later (using the API or a webhook).
Webhooks need to talk to a server you run.
They send the information to you, and then you process it and deal with it. If you want to use webhooks, you will need to run a server with your app on it for the webhooks to talk to.
You manage your own config.
Because you're running your own server to handle those webhooks, you handle configuration for your plugin there. The apps I've worked on typically have their own database for managing configuration options, as well as an admin panel to manage them (it's what the user accesses when they click 'Log Into [Your App]' on the "Manage Apps" screen).
You'll need to run your own server to host your Shopify app.