track request's on page load - php

i analyzed a page that i'm working on with live http headers addon for FF and im seeing that is making request to the same page 2-3 time during the load of it. i checked for empty img tags that could be the reason but there is none on the html code. is there any addon out there or something that could let me track what resource is firing this request? or any other recommendation of what is should look apart from the empty img tags.
the page have several javascript libraries and mootools with ajax calls, but none of them is causing it as they load the resources and the ajax calls are get request passing several parameters to the page, this unexpected request are clean one, whiteout parameters.
Regards,
Shadow.
SOLUTION
monitoring from the server side the request and commenting code, i realized that was making 3 request's
1) from a popup blocker checker that open an about:blank in theory but it was requesting the same page
2) a class used to check if flash was enabled
3) the yslow plugin for FF was making the last one.
i'm worried about this last one as it screw up a feature in my app, so i will need to have some alternative thing here :)

if you have access to server logs, you can find the answers there.
finally, you can use some sniffer software to see all http request sending by browser

Related

How to detect prefetching from the browser in PHP?

Some pages can be prefetched by the browser (see this or that). How to detect in PHP that a request is a prefetched request ?
Is there any method is not browser-specific ?
(PS: I use Apache.)
I was looking for a similar answer to stop FF and other browsers throwing out my server side page counts.
Firefox
Chrome white paper
According to the articles above, Firefox sends a header which makes it easy to detect but the Chrome white paper states that Chrome doesn't give any indication to the server. The Chrome white paper notes that external analytic solutions (scripts written in JS) will not count the prefetch hits when they use the page visibility API.
My suggestion is to write your own JS script to detect if the page is ever made visible.
This question is very similar to "How to detect if cookies are enabled?". But you must use client-side redirection, because prefetched page start loading after loading main page.
Directly prefetch request can by detected by header (X-Moz: prefetch for FF) or by passing additional param to a link.
P.S. Without cookies enabled you cannot detect it for client, only for each directory prefetch request.

How can I see what content an XMLHttp request returned to the page?

I use Firefox, and there is a tool called Developer -> Web Console. It shows more information about GET/POST requests, which page we connected with XMLHttp, request headers and information like this. I'm sure there is a similar feature on Chrome too.
There is an AJAX call on a page and I have to see what it returns to the website. It is just a GET request and returns JSON. When I manually request that page (e.g ajax/view/my_purchases.php) it just shows a blank page, but when the website requests it with AJAX, I can see what content it returned in HTML.
Basically, What kind of tools I can use to see it?
It can be a standalone application, Chrome or a Firefox extension. I'm okay with any.
Firebug is the most used option. Net panel has "XHR" tab that you can use, and chrome tools were actually based on that.
on chrome you have the "network" tab, all requests and responses are there,
also you can put a breakpoint in the "success" function and watch the response.
p.s
chrome has this console without any extentions
Using Firebug on Firefox -> Console Tab (maybe aktivate "show XMLHttpRequests")
Edit: nicer than on Chrome you can open the request directly in a new tab.
Using the 'Net' tab, you can view every single external request that the page is calling when it loads. Your AJAX request will be in here. One thing to look out for is any GET or POST data being sent to the external script.
Many scripts will only provide access to its main algorithm or data logic if it expects certain parameters. A very basic one might be:
<?php
if (!isset($_POST['submit'])) {
die;
}
// Rest of functionality...
This makes it harder for people to gain access to sensitive data. If your AJAX call is sending POST data, you probably won't gain access. And if you do, you'll be committing CSRF.

Get Browser Tab Index/Id

So in most current browsers there is the feature of Tabs, is there a way to get the Tab index?
so Tab 1 has www.google.com opened in it and Tab 2 has www.google.com opened in it, is there a way to identify what the Tab index is?
Pseudo Code:
if($tab == 2) {
alert "Tab 2 is active\n";
}
if($tab == 1) {
alert "Please use Tab 2 as this is Tab 1\n";
}
Funny as everything I search for about tabs is related to the tab index of the webpage itself, sigh...
Strictly speaking. TABS are on the end user's machine. PHP works on the server. PHP can't see what the end user's machine is doing, it can only serve the end user PHP'ed pages.
Google does this with JavaScript and Cookies. For every instance of the page opened, increment a cookie counter. If the counter > 1, use AJAX to display an error message. Also, prohibit the page from functioning if cookies or JavaScript is disabled.
Look into jQuery.
As far as determining the absolute tab index, I know of no way to do it with Javascript. You can identify windows by their names, but not anything else.
In your example of two tabs containing the same web page, you should be able to uniquely identify them by making them aware of each other. You'd need to use cookies for this. Essentially, when a page is loaded, it would check for a cookie that tells it about other instances of the page that are currently loaded, and make decisions accordingly.
In this scenario, your onload handler would check the cookies, and register the loading page. You'd also need an onunload handler to unset the cookie pertaining to the page being unloaded.
See Javascript communication between browser tabs/windows for more information on how to use cookies to communicate between windows with Javascript.
in php: definitely not - it's executed on your server without access to the cleints browser.
maybe there's a solution using javascript (but i've never heard of that, and i'm pretty sure this isn't possible too - at least not as a cross-browser solution).
i think the best chance you'll have (if there even is one) is using other client-side languages like flash, silverlight or a java-plugin as this ones can do a lot more than javascript - but i'm sorry i don't know any of these good enough to give more information or hints.
Don't waste anymore time on this mate. It isn't possible, mainly because any webpage inside browser will not be able to get this kind of information due to security restrictions.
Try looking for an laternative approach as some of the other guys have suggested in their comments.
I am sure there is not a global variable for support that information. But maybe clever browsers such as Firefox or Google Chrome might support something on it. I have made a quick search on net and I came with these.
First, check Mozilla Tab Helper can be work with Mozilla. But be remember, this will never be a cross browser solution. Also, I am thinking there is not a cross browser solution.
Second one is, if you want to use this for your own use then it might bu useful, I don't test it. This is a addon. Here is the Open Tab Count Mozilla Addon
Open Tab Preview

How can I workaround the Google Calendar's link redirect notice?

I have a Google calendar embedded on a webpage, with events related to activities the site is organizing. Some calendar events have links that redirect the user to a page, within the same website, which has more information and the option to enroll in the event.
The problem however, is that since the end of last month, Google imposed a redirect notice that doesn't even automatically redirect. The links I create on events are changed by Google and, once a user clicks on a link, a new tab opens leading to a page with a redirect warning that the user must click. Since I am providing the users with a link to within the same website this is very inconvenient and makes no sense at all.
I'd want the users to be able to click a link on the calendar and go through to the webpage with the relevant data.
Do you guys know how I can go around this warning?
My thought process:
Initially, I thought of using JS to rewrite the links but since the calendar's iframe is in a different domain, the browser won't allow it due to XSS exploits (AFAIK).
I could build my own AJAX calendar and sync it with Google's using the API, but that's a hell of a lot of work because of stupid "feature" that makes no sense. I like Google's calendar and I'd like to use it.
The third thing that I though of was that, instead of having an iframe with the calendar I could use AJAX to fetch the entire code on the frame's url. Then I'd just rewrite the links on the that code with JS. Could this work?
I would be REALLY thankful for any help. This is driving me insane!
Using Jon Cram's input I created a php script that parses the code and makes the adjustments. However I could only get that working for the html version. No AJAX for me. =(
The same origin policy will prevent JavaScript served from your domain from interacting with data served from a different domain.
You are therefore right in saying that option 1 won't work.
The same origin policy also applies to option 3 as you have stated it. JavaScript served from your domain won't be able to make a direct HTTP request to whichever domain serves the calendar code.
You will need to acquire and modify the calendar code, neither of which can be achieved with JavaScript using today's most commonly used browsers. When FireFox 3.1 and IE8 are in common use and Google serves the correct HTTP Access Control headers this could be achieved with JavaScript alone.
To modify code served from another domain, you will need to utilise some form of server-side process.
A server-side script will be able to request the calendar code. The same script can then modify the code as needed and output it in whatever form you require.
If it is a private internal site you could install greasemonkey on all clients (if they use firefox) and make a short script that fixes the urls. That only works if the original url is contained within google's redirecturl though.
If I had this problem I wound change the calendar provider, that's probably the easiest solution. I did a google search and found Kiko, looks like they might have what you need?
Simply remove the "http://" part of the URL. I am not sure why this works but it does!

using Live HTTP Headers

On a website, I enter some parameters in a form, click on search and then get a page with a message "retrieving your results". After the search is complete, I get another page with my results displayed.
I am trying to recreate this programatically and I used Live HTTP Headers to get a peek of what is going on behind i.e the url, form variables,etc. However, I'm only getting information of what goes on up to the page which shows "retrieving your results". Live HTTP Header is not giving me information up to the page which contains the final results.
What can I do to get this final bit of information (i.e the url, form variables, etc)
I use Charles HTTP Proxy for all my HTTP troubleshooting needs. It has a ton of options and works with any browser.
"Web Developer" does this:
https://addons.mozilla.org/en-US/firefox/addon/60
#Mark Harrison
I have webdeveloper installed. Initially, I used it to turn off meta-redirects and referrers to get a clearer picture of the http interaction. But when i do this, the website does not work (i.e it is not able to complete the process of retrieving my search results) so i turned it back on.
I'm wondering if anyone has had to capture http information for a site that has a processing page in between the user input page and the results page
That sounds weird? I'm pretty sure that LiveHttpHeaders should show this. Can you double check that you aren't missing something? Otherwise try with Firebug. It has a tab for "network", which shows all requests made.
I'm using Fiddler2, which is a free (as in beer), highly configurable proxy; works with all browsers, allows header inspection/editing/automodification on request/response.
Disclaimer: I'm in no way affiliated with Fiddler, just a (very happy) user.
I for such problems always fire-on an Ethereal or similar network spying tool, to see exactly, what is going on.
The document is creating a browser component called XMLHTTPRequest , on submit event the object method send() is called, during the waiting time for server response an html element is replaced with a "Waiting message" on succesfull response a callback is called with the new html elements and then inserted in the selected html element. (That's called ajax).
If you want to follow that process you can use Firefox Live HTTP Headers Extension , or Wireshark to view full HTTP headers and actions (get/post/).

Categories