I have a structure of a page which has iframe of a different domain inside a page. both the domains are owned by me only. The problem I am facing is I cannot access session of a parent frame inside an iframe. I have also tried with database session but I am not getting a session variables inside an iframe.
<body>
<?php Yii::app()->session['myvar']="iframeVar";?>
<iframe scr="https://xyz.com.au"></iframe>
</body>
and xyz.com.au looks like
<body>
<?php echo Yii::app()->session['myvar'];?>
</body>
Please guide me.
Thanks.
The following comes from this question:
session_start() creates a session or resumes the current one based on a session identifier passed via a GET or POST request, or passed via a cookie.
You could try using the following code on the page of the seperate Yii installation:
$session=new CHttpSession;
$session->open();
The open() method calls the php method session_start() which should resume the session you had in your parent frame. Try accessing your variable like so:
echo $session['myvar'];
Hope that helps. If not, try checking this question too.
Related
I got an ASP NET Core RazorPage having a button which asynchronously replaces a part of the given HTML using an AJAX request.
Besides some text content it renders another button which is intended to post back the side when clicked. It is surrounded by a form element.
However, clicking the button I receive an HTTP 400 with the information "This page isn't working" (Chrome). Other browsers like Firefox return an HTTP 400 as well.
The relevant HTML with the button which has been created by the AJAX call is the one below:
<form method="post">
<button class="btnIcon" title="Todos" id="btnTodos" formaction="PersonManagement/Parts/MyPageName?handler=PerformTodos">Execute action</button>
</form>
As the url exists (I doublechecked it using the browser with a simple GET) I wonder whether the issue could be due to some security settings along with the browser or is there anything I am perhaps missing out here?
Thank you for any hint
Two things here first add this attribute to your form asp-antiforgery="true", then send it's value to the server in your AJAX post request.
jQuery magic starts here :)
token: $('[name=__RequestVerificationToken]').val(),
Antiforgery is ON by default since .net core 2.0 (as far as I remember), so if you do AJAX post you need to send the antiforgery token with each request.
Let us know if it helps. Spread knowledge don't hide it just for yourself :P
Finally I came across a very interesting article from Matthew Jones at https://exceptionnotfound.net/using-anti-forgery-tokens-in-asp-net-core-razor-pages/ about Anti-Forgery Tokens in Razor pages. Worth reading, indeed.
However, independently from that article what solved my issue was simply not to add the <form .. element at the client-side, but already at the server-side. As there is no need for me to explicitly adding it at the client-side, but only the button itself, this is a solution for me which works properly.
A brief summary of my scenario now:
There is a Razor Page containing usual cshtml content along with a <form method="post"..
Some anchor elements also are included, one is triggering a JQuery AJAX call to the server
The JQuery call comes back from the server with some additional HTML including the post button which which I add to the existing HTML.
The button is being rendered inside the now already existing
Clicking the button causes the page to post back in the wanted manner and executes the handler as intended.
Thanks again Stoyan for your input and help with that.
I'm using an existing upload script that require user authentication. However since I did not write the upload script, it's nearly impossible for me to read the source code and make it into separate view and controller file. The problem is if the script does not get routed by the bootstrap file, it has no access to the Yii variable and thus user log in information.
I tried to set a custom session variable when the user login. However it work barely because my custom session would expire before the session set by Yii.
Any help would be appreciated.
Because of the way the script is written I've only been able to find one way of doing this. It will involve re-writing some elements of the script.
Save the filemanager in protected/vendors.
You need a controller to handle the routing of the request. This will also give you the access control that you need. Call it FileUpload and create it where you normally create controllers in your project. Right at the start of the controller, before the class is declared, import the fileUpload files from it's previously saved location; Yii::import('application.vendors.*');
You need an action to handle the incoming request. Call this actionIndex. Give it the following code.
public function actionIndex() {
//Start capturing the output from the script
ob_start();
require_once('filemanager/dialog.php');
//Finish capturing output, and save to a variable
$output = ob_end_clean();
$this->render('index', array('output' => $output));
}
Then you need a view file. Call it 'output.php' and it just contains one line; <?php echo $output; ?>
This will render the html generated by the script, and hopefully contain it within your existing template.
Your first problem is that the script sends headers which aren't discarded by ob_start. You will need to delete these from the script. It also starts a session, which will throw an error 'Session already started', which can be cured by changing the first line of config.php to
if(!isset($_SESSION))
{
session_start();
}
Your next problem will be that none of the scripts and stylesheets are loaded, because the vendor hasn't used relative filepaths, and also because you've just deleted the headers. You will need to re-write lots of the script to include the necessary files. Fortunately, you now have access to Yii functions, so can use the asset manager to publish all the js and css files needed by the script.
Your final (hopefully!) problem will be the urls used by the script page. Currently they are all pointing to files within the script. You will need to rewrite these to use Yii routing. Fortunately, inside the main file dialog.php you should have access to all the normal Yii functions, so you can set $baseUrl as $this->createUrl() etc. If you need to add extra actions to the controller you can follow the pattern above to call other files, like the upload.php file in the script.
Hope that all works for you!
You are using a Framework with mvc pattern so controllers are preferred way to route requests .As per your problem i would suggest you to use htaccess file to do the routing to the required file and handle other files by Yii
copy code from existing source to new Yii Controler/Action ... done :D
I am trying to get the current url from injected script but it seems impossible because of the permission.
From the official document, I got:
Injected scripts cannot access the SafariApplication or SafariExtension classes.
Is there any solution or w/a? Thanks.
Use window.location.href to get the URL of the page the script is injected into.
Scripts are injected into each iframe as well as the main page, so you might want to use a check like if (window == window.top) to if you are only interested in the main page.
I've created a JavaScript Windows Store blank app, and added the following code into it.
var url = new Windows.Foundation.Uri("http://www.google.com")
Windows.System.Launcher.launchUriAsync(url);
when debugging my program the above launches google without fail, but if I put a .edu site or something that ends in .aspx, the site won't launch.
I'm not able to reproduce this. Perhaps there's something in how you're doing this that's causing the issue.
To try to repro, here's what I did.
Started with the JavaScript Blank app template.
Added a button to default.html, on the line following the <p> element: <input id="Button1" type="button" value="Launch" />
Added an event handler for the button in default.js, just after the call to WinJS.UI.ProcessAll: document.getElementById("Button1").addEventListener("click", launchUri);
Added the launchUri function, as follows, to default.js:
launchUri:
function launchUri() {
var uri = new Windows.Foundation.Uri("http://www.communitymegaphone.com/Default.aspx");
Windows.System.Launcher.launchUriAsync(uri);
}
Works fine for me, both with aspx (as shown above) as well as for .edu addresses.
If you're still not able to make it work, please post some additional code for context.
Hope that helps.
For more info on Windows Store app development, register for Generation App.
I have Site A, which has a form on it. That passes the form info via GET to another website, Site B. This works perfectly fine.
NOW, I want to send the form to an IFRAME located on Site B instead. So on Site A, I have the code:
<form method="get" action="http://<page with iframe on site B>" target="iframeName">
On the PAGE itself on Site B, I have THIS code:
<iframe id="iframeName" src="<page that uses the passed variables>" name="iframeName" frameborder="0" noresize="noresize">
</iframe>
The PROBLEM is, the passed variables don't seem to get getting to the iframe. They appear in the URL of the PARENT of the iframe, but don't seem to get to the iframe itself.
I can NOT modify the site that loads in the iframe.
Why am I doing this? Just like on codecanyon when you view something, it has the bar at the top for the original page navigation.
Try to send the parameter on the Src, when you initiliaze the iframe ;)
<iframe id="iframeName" src="<page that uses the passed variables>?PARAMETER=XXX" name="iframeName" frameborder="0" noresize="noresize">
</iframe>
So basically, retrieve the parameter from the site A by using a GET, and the initialize your iframe by passing these paramete.