I am unable to get a lot of referral URLS using document.referrer. I'm not sure what is going on. I would appreciate it if anyone had any info on its limitations (like which browser does not support what) etc.
Is there something else i could use (in a different language perhaps) that covers more browsers etc?
I wouldn't put any faith in document.referrer in your Javascript code. The value is sent in client side request headers (Referer) and as such it can be spoofed and manipulated.
For more info see my answer to this question about the server side HTTP_REFERER server variable:
How reliable is HTTP_REFERER
Which browser are you looking in? If the referring website is sending the traffic via window.open('some link') instead of a regular <a> tag, then IE will not see a referrer. It thinks it's a new request at that point, similar to you simply going to a URL directly (in which case there is no referrer). Firefox and Chrome do not have the same issue.
This is NOT just a javascript limitation, HTTP_REFERRER will NOT work either in this specific scenario.
Just to make sure you're on the same page, you do know that if someone types a URL directly in their web browser, the document.referrer property is empty, right? That being said, you might be interested in a JavScript method to get all HTTP headers. If you prefer PHP (since you're using that tag), the standard $_SERVER variable will provide what information is available. Note that the information is only as reliable as the reporting web browser and server, as noted by Kev.
The document.referrer will be an empty string if:
You access the site directly, by entering the URL;
You access the site by clicking on a bookmark;
The source link contains rel="noreferrer";
The source is a local file;
Check out https://developer.mozilla.org/en-US/docs/Web/API/Document/referrer
Related
I dont think it's possible directly, so I considered using javascript to access the anchors and pass that to PHP, but I don't know how.
Using jQuery:
$.post('getHash.php', {hash: window.location.hash});
Than in your getHash.php file
<?php
$hash = $_POST['hash'];
/* ... */
?>
Still, your question does not provide enough information for us to answer it corectly.
If you mean the hash portion of URLs (i.e. everything after #), that’s not sent to the server by web browsers. So you can’t access it from PHP.
Sounds like you’ve got the right approach for informing the server about hashes, i.e. using JavaScript. You can access the hash in browsers with window.location.hash. To send that to the server, you could use the XMLHTTPRequest object to POST it to the server.
Is there any possible way to make direct browser access to
http://www.example.com/test.php
Not available when viewing url directly but still allowing
JQuery $.get('http://www.example.com/test.php') function
To read the file? I know this might not be possible because I believe going in my browser and typing http://www.example.com/test.php is basically the same thing on client side as using the $.get() function.. But I didn't know if there was any work arounds for this.
Kinda, have php check for the x-requested-with header. If it is not present, redirect somewhere else.
It doesn't stop someone from sending their own request with said header though.
You are right, using a browser or $.get are basically the same. The only difference is that an AJAX call sets the X-Requested-With header to XMLHttpRequest. This can be added with browser extensions, though, so it is not fool-proof.
I have a JavaScript which can be called externally using <script type="text/javascript" src="http://mydomain.com/myscript.js"></script> the script is created dynamically using php but I need to know where the script is being called from (which domain) the only way i can think off is using $ SERVER["HTTP REFERER"] but not all browsers support this and it is insecure as it can be changed.
Dose anyone know a better way I could do it?
First of all anything the browser provides cannot be trusted, this includes the HTTP Referer header.
However I don't agree with this being insecure, what exactly are you doing with this information? All the server can do is trust what the browser supplies it, so if you are attempting to restrict this javascript you are going to have to authenticate the user first (so you can plant a cookie).
So what exactly are your intentions?
Here is my idea.
Use a PHP file to render the JS file contents and it will only serve the javascript when session id matches. Hide your real js file too
Specifically. I am making an ajax app and trying to preserve the back button. My javascript is working properly and registering a new url in the address bar with an anchor-like hash in the url:
http://t2b.localhost/#/clients/
I can catch the url when the page loads with javascript and load the "clients" page, but I want to know if there is a way to read the entire url with php or with htaccess? Looking at normal variables, I seem to only be able to get the url up to the occurrence of the "#" (http://t2b.localhost/).
The browser don't send to the server the fragment (the text after the #) part of the url.
It is intended to be used locally by the client.
In firefox (and in explorer too) there is document.location.hash that contains the fragment part of the URL. If you use javascript you can read it and send his value into a common variable.
Please use any of the available javascript libraries to track the history state or browse by ajax requests. There are so many problems involved, such as certain browsers not notifying scripts when the hash part changes, or not adding a pseudo-'navigation' event to the browser's history list etc., that you'll end up recreating an expensive wheel that wouldn't work very well. I recommend YUI's History library, although it has problems on Google Chrome.
I'm pretty sure that you can't parse it strictly with PHP because the hash part is parsed only on the client-side ( Javascript ).
For history I'd recommend Ben Alman's BBQ plugin.
See: Can I read the hash portion of the URL on my server-side application (PHP, Ruby, Python, etc.)?
You could use javascript and set a cookie as the current URL then get it with PHP
I ran into this problem when scraping sites with heavy usage of javascript to obfuscate it's data.
For example,
"a href="javascript:void(0)" onClick="grabData(23)"> VIEW DETAILS
This href attribute, reveals no information about the actual URL. You'd have to manually look and examine the grabData() javascript function to get a clue.
OR
The old school way is manually opening up Live HTTP header add on for firefox, and monitoring the POST perimeters, which reveals the actual URL being POSTed.
So i'm wondering, is there a way to capture the POST parameters in a server side script or Javscript, as Live HTTP header does, for the outgoing and incoming POST parameters? This would make even the most javscript obfuscated web pages easily scrapable.
thanks.
I'm not sure I understand the question but...
In PHP, incoming POST parameters are stored in the $_POST array, you can display them with print_r($_POST);.