Can webpage with window.open(url) end up with a different result because of different caches than entering the exact same url directly in the address bar?
I am convinced there cannot be a difference, but some colleagues think otherwise. Please clarify.
No, both these mechanisms use same HTTP cache.
Related
So, I've spent about 2 hours trying to get the I'm Feeling Lucky URL to work. It seems the URL doesn't like the periods in the search parameter, so does anyone have any potential tricks?
Search Value= 40.840.1/8Z
The first result in a regular Google search is the correct page.
Here's what I've tried:
http://www.google.com/search?btnI=I&q=40.840.1/8Z
http://www.google.com/search?btnI=I&q=40.840.1%2F8Z
http://www.google.com/search?btnI=I&q=40%2E840%2E1/8Z
http://www.google.com/search?btnI=I&q=40%2E840%2E1%2F8Z
http://www.google.com/search?btnI=I&q=40%2F840%2F1%2F8Z
(That one was actually pretty close)
http://www.google.com/search?btnI=I&q=40%20840%201%208Z
And all of the above surrounded in quotes (%22)
The problem is that the I'm Feeling Lucky aspect doesn't work. It finds the correct results, it just doesn't navigate to the first result. I'm open to alternatives besides the I'm Feeling Lucky URL parameters as well.
I'm trying to implement this into a .NET application that provides employees with resource information, which is best received from the manufacturer's website(s). The trick is that the resources are from many different suppliers and the links need to be somewhat automatic. Basically I don't whomever manages the software to update these links. To navigate, I'm simply using the Process.Start("http://www.example.com/") command which uses the default browser to navigate to the address.
This post helped a lot by the way.
I wasn't able to get any closer than your closest one.
But if it helps, here's an alternative way of writing the "I'm feeling lucky" URL.
http://google.com/search?q=haimer+usa+40%2F840%2F1%2F8Z&btnI
What I did to find the right url is to navigate to google.com. After this I turned my internet connection off. I entered the search details and pressed submit. You can now see the url in the address bar, but it doesn't redirect you to the first result. You can now copy the url and see how google treats your dots and other weird characters.
So to recap:
Go to google.com
Turn your internet connection off
Enter search term
Press 'I'm feeling lucky'
Copy the url from the address bar
You can create a google custom search engine of your own, and either exclude certain sites or include specific sites only, use http://cse.google.com to do this.
There is a SO tag for google custom search
I have this project where I need to know if a visitor legitimately arrived from a QR code. Document.referrer value from a QR code shows blank. I have looked at some answers suggesting to put parameter in the query string (e.g. ?source=qr), but anyone could easily add the parameter into the URL and my code would believe it is from a QR code (e.g. www.project.com/check.page?source=qr) . I have thought of adding codes to make sure it is from a mobile phone / tablet as secondary way to authenticate but many browsers have add-ons to fool websites.
Any suggestions would be greatly appreciated.
Thanks in advance.
I think the best solution for you is creating your regional QR Codes pointing to:
Region 1) http://example.com/?qr=f61060194c9c6763bb63385782aa216f
Region 2) http://example.com/?qr=731417b947aa548528344fab8e0f29b6
Region 3) http://example.com/?qr=df189e7f7c8b89edd05ccc6aec36c36d
if the value of the parameter qr is anything other than f61060194c9c6763bb63385782aa216f, 731417b947aa548528344fab8e0f29b6 or df189e7f7c8b89edd05ccc6aec36c36d, then you can ignore it and assume the user didn't come from any QR Code.
Of course, any user can remove the source parameter. But at least he can't add a valid one, unless he really had access to the code.
...but anyone could easily add the parameter into the URL and my code would believe it is from a QR code
Well, anyone could also scan the QR code, view the link, and remove the source=qr from it.
Data collection is never 100% reliable. Users can change their browser's user agent, inject cookies with some strange values, open your page through a proxy server, and so on.
You could create your own device or App for scanning the QR-code. If you read the post I've linked, you will see that this is a waste of time and resources.
So, what is left is to make a solution which will work for most of the users. Appending a source=qr parameter to your URL seems to be the simplest solution. You could also link to an entirely different domain and redirect the request, so it would be more fraud-safe. But it will never be 100% accurate.
I have got a site running on apache. Now I have a domain. Lets say: [www.mysite.com][1]. When I enter this it goes to for example to [www.sites/sitedirectory][2] this I see in the address bar.
How can I make sure (i think it shoult be done with .htaccess) that it will still show in my address bar [www.mysite.com][3] and not [www.sites/sitedirectory][4]
Thanks very much.
You cannot make a browser's address bar show a domain different from where the data was loaded from, for security reasons.
There are a few options:
You can set up www.mysite.com to be a proxy, which fetches content from www.sites/sitedirectory, and re-serves it, but I suspect that isn't really what you want.
You can put a web page at wwww.mysite.com which consists of one large HTML frame containing the real site at www.sites/sitedirectory. This is widely considered to be a bad idea, as (without a lot of messing about) it means that you can only ever link to the home page, and links to other sites have to be specially written to jump out of the frameset, etc, etc.
You can sort out your Apache configuration so that there is a proper vhost entry for www.mysite.com, rather than a redirect to the other URL.
Without knowing why you have got to where you are, I would strongly suggest investigating option 3.
While trying to debug my openid implementation with Google, which kept returning Apache 406 errors, I in the end discovered that my hosting company does not allow to pass a string containing "/id" as a GET parameter (something like "example.php?anyattribute=%2Fid" once URL encoded).
That's rather annoying as Google openid endpoint includes this death word "/id" (https://google.com/accounts/o8/id) so my app is returning 406 errors every time I log in with Google because of this. I contacted my hosting company who told me this has been deactivated for security purposes.
I could use POST instead, for sure. But has anyone got an idea why this could cause security problems ???
It can't, your host is being stupid. There's nothing magical about the string /id.
Sometimes people do stupid things with the string /id, like assuming no one is going to guess what follows, so that example.com/mysensitivedata/id/3/ shows my data because my user has id 3, and being the sneaky sort, I wonder what happens if I navigate to example.com/mysensitivedata/id/4/, and your site blindly lets me through to see someone else's stuff.
If that sort of attack breaks your site, no amount of mollycoddling by your host will help you anyway.
One reason a simple ID in the URL could be a security concern is that a user could see their ID and then type another one in, such as if its an integer they may select the next integer up, and potentially see another users info if it is not protected.
We're in the middle of writing a lot of URL rewrite code that would basically take ourdomain.com/SomeTag and some something dynamic to figure out what to display.
Now if the Tag doesn't exist in our system, we're gonna display some information helping them finding what they were looking for.
And now the question came up, do we need to send a 404 header? Should we? Are there any reasons to do it or not to do it?
Thanks
Nathan
You aren't required to, but it can be useful for automated checkers to detect the response code instead of having to parse the page.
I certainly send proper response codes in my applications, especially when I have database errors or other fatal errors. Then the search engine knows to give up and retry in 5 mins instead of indexing the page. e.g. code 503 for "Service Unavailable" and I also send a Retry-After: 600 to tell it to try again...search engines won't take this badly.
404 codes are sent when the page should not be indexed or doesn't exist (e.g. non-existent tag)
So yes, do send status codes.
I say do it - if the user is actually an application acting on behalf of the user (i.e. cURL, wget, something custom, etc...) then a 404 would actually help quite a bit.
You have to keep in mind that the result code you return is not for the user; for the standard user, error codes are meaningless so don't display this info to the user.
However think about what could happen if the crawlers access your pages and consider them valid (with a 200 response); they will start indexing the content and your page will be added to the index. If you tell the search engine to index the same content for all your not found pages, it will certainly affect your ranking and if one page appears in the top search results, you will look like a fool.