is there any way that I can inform the google bot that to get additional languages it needs to have a cookie set?
for example, at https://www.famistar.com the user can click at the bottom of the page to change language. What really happens under the hood is that the button via js will set a cookie and will reload the page.
Is there any way (withought modifying the urls or adding a url parameter for language) that we can notify google bot to crawl all provided languages?
Google can't ready cookies and sessions, and to prove this user "Web Developer Tool" on any browsers and disable the cookies.
The only way that Google can index and crawl your languages is to add them as a level in the URL "mydomain.com/en" or add them as sub-domain "en.mydomain.com" or parameter.
Also don't forget to add "hreflang" in the to make sure Google will understand your structure.
Related
On Vimeo (using their API), is it possible to generate private links that automatically expire? If not, what would be a good workflow to approximate this function, based on the API's limitations?
Basically, we would like to provide subscribers to our website limited time access to our videos. We would embed the player links in a private area of the site.
We wouldn't want users to have the ability to copy the link code and keep accessing the videos after their access has expired. Also, in the case of multiple users wanting access to the same video, we wouldn't want any updates to the privacy settings of a video to interfere with previous user access granted (that has not yet expired).
The Vimeo API can only toggle a video's privacy settings, the API cannot grant playback to a viewer outside of the privacy settings available.
For example, the API can be used to set a video as password-protected and set the video's password, however the API cannot be used to authenticate and bypass password protection and allow playback.
You could deal with this by providing a redirect from your own site and have the redirect expire. That would provide the functionality you’re looking for, but it’s also very easy to circumvent. It depends how strict/hard you want to make the expiry.
Situation:
I am writing test automation for a website. There comes a point where there is a link button on my website. Clicking this I am redirected to an external website. There I have to log in and as soon as I do that I am redirected to my original web-page which contains some 'connections' that I need.
Problem:
As soon as cypress clicks on the redirection button it does into a blank page.
Ideal solution:
I would want to automate the entire scenario. If not then at-least a work around.
As suggested in the Cypress Docs, you should really be using cy.request() to log in. You don't control a 3rd party site, and that makes your test very flakey.
For example, a lot of login pages are constantly changing and are A/B tested for the purpose of preventing a bot from logging in, including testing bots. The data:, url is probably the result of a http redirect.
Thankfully, using cy.request() you can 'fake' logging in by making a request to the server through code (which doesn't change as much) and you will never have to leave your app to log in
Here's a recipe for Single Sign-On for example.
Hope that makes sense!
I'm curious if chrome extension overlays are delivered securely and unadulterated, and whether or not someone can "listen" to internal events.
If a user were to enter a password via a chrome extension, could I guarantee that no other browser script has recorded the password? I will hash the password with 2FA so the network request is secure, but I'm curious if anyone can get the innerHtml of an <input> within a page action.
I'm asking because I know that generally iFrames are insecure if they're hosted in an unsecure environment where they could be "replaced" with lookalike, man in the middle, phishing palettes
Thanks
Only if you injected some element into a web page it will be a part of the web page (e.g. code in an injected <script>) open to any other page script.
Internal pages and scripts of an extension like page action or toolbar popup or background page and even content script environment (variables/functions) are inaccessible from the web. With a few exceptions, you can't even directly access one from another inside your extension as those are just like different tabs/windows: messaging should be used.
The only way a web page can know what happens inside your extension is to explicitly provide it with the information from your extension. You would have to explicitly send the info via DOM messaging, for example. Or via an explicit externally_connectable mechanism.
Maybe other scripts can't record the password, however you would also need to protect the input from native components like KeyLogger, they can always get what you typed before bubbling up to browser process. So I guess a native component is also needed, it could fight with malicious keyloggers and ensure they can't get valid user input.
When a user clicks a link on my page they go to a click tracking service and then are redirected to the "real" page. When I try to share the link using the Google Plus share plugin, the share message states "redirect notice."
Anyway for Google's Share plugin to actually go to the redirected destination instead of the notice? The Facebook Share plugin has no problem with the redirect.
Example of link on my page: https://plus.google.com/share?url=www.myclickservice.com?ref=www.realpage.com
The click tracking service logs the click and then returns a 302 and redirects to the "real" page.
The Snippet documentation makes no guarantee about handling redirects. If you would like to see the current behaviour change, please file a feature request.
I am adding the ability for a user to link their foursquare account with their account on my website. Foursquare's oauth account authorization takes the user to foursquare's website, and after authorizing my website it redirects the user back to a url.
I want to avoid breaking the user's context on my website when they decide to add foursquare functionality to their account, so I'm planning on doing foursquare's account authorization in a new window using
var foursquare_popup = window.open("foursquare_url_to_authenticate_user");
and redirecting the popup to a static success page once the authorization has been completed.
I've seen oauth popups done in a couple places like Wired's tweet button.
Is this a good way to handle oauth with things like twitter/facebook/foursquare?
i would recommend against opening a popup window as part of the oauth signin process, purely because some browsers do not support popup windows - particularly browsers on mobile phones. also, the browser may support popups but the user may have a popup blocker turned on.
a better way would be to redirect the user from your website to the service provider all in the same window.
i am currently working on a way to do this with an invisible iframe on the page of my website. this way, if the user is already logged in to the service provider then they would not need to be directed away from my website. however, i am half way through this functionality so i cannot confirm that it will work yet.
You can specify display=webpopup if you want to use a pop-up window (see https://developer.foursquare.com/overview/auth#display).
Also, you can specify additional parameters in your callback URL, which will be preserved by the oauth flow. So if you passed "&state=settings/accounts" or something as parameter of your redirect_uri, you can parse it out upon success and resume your session with the user appropriately.