I'm trying to find a way to have Square not forcefully redirect my web application on a Connect payment. Right now, I've registered my url in https://connect.squareup.com/apps as https://example.com/square_callback (or whatever), and I pass along my own metadata that tell my application where to redirect back to so our users don't have to drill all the way down to where they were when they first jumped in.
So two questions.
One, is there a way to have that URI be dynamic? They're taking payments from https://example.com/customer/1351743, and that's where I want them to return to, so is there a way to have a wildcard redirect uri, something like https://example.com/customer/*?
Second, is there a way to not have the page refresh at all? These particular pages take a while to load, our users are out in the field with spotty connections, so while I want the square response to go to the server, I'd rather have their page not refresh at all. Possibly by using # in the URI?
To answer your first question, you can not register a wildcard domain or specify the the url in the request. This is mostly a security measure to prevent someone from skimming your information by hijacking your javascript. You can specify multiple urls in the developer portal and dynamically pick between them with your request.
I'm not 100% sure I understand your second question, but I'm going to interpret it as you want to switch back from the point of sale application to your webpage without "refreshing" the page. This isn't possible, since the app switch isn't as much of a switch back, as it is opening a new url. If you didn't load a new page, it wouldn't be possible to use the GET parameters that Square sends you back in the response from the transaction.
Sorry, both No :(
Related
I have a website where people can interact with different objects to view specific content. I would like to know which objects get the most interactions by real people. For example there are thumbnails of images and I would like to know when a user clicks on a thumbnail to view an image.
To do this I thought I would create a psql table with thumbnail_id and an IP address, where every single view is stored (to ensure every combination of thumbnail and ip is only counted once and people can't just spam click it).
And so every time a click happens, a post request on a /views endpoint with the thumbnail id attached is made in the background.
The proplem is, some people may be incentivized to create bots to auto click certain images with many different IPs.
So I was wondering if I could use recaptcha v3 to identify real users as opposed to bots which would include a token with every view request.
But I was wondering, would is this too much for my backend to handle (since it would have to talk to googles servers every time anybody views an image, which might be every few seconds for each user and I would be billed while the server waits for a response) or be too expensive, since I have to pay google on every request? Or is there some other obvious problem with this?
I'm asking since I have only ever found recaptcha used for single form validation and never for traffic measurements, even though that seems like a pretty obvious use case.
I have about 1 million URI logs of user activity on my network, I want to know how many of those 1 million are for Facebook, how many are for Twitter, and so on..
It's easy to link URIs like cdn.xyz.twitter.com , platform.twitter.com to Twitter
However, the problem I'm facing is that I'm not able to link no more than 40% of the URLs captured to real websites, a URL like xys.1234.com can be something in facebook for example, but there isn't a link between that URL and facebook.com domain, thus will just be listed as a stand-alone website, which is wrong (or not what I want).
Also, all API calls won’t also be easily linked to their domains because some websites are maybe using amazon web services and that's what is being logged.
And Many of the URIs are generated from ad services, I want to know where this ad is generated from ( on what website or mobile application did the user click on the ad? ).
Snapshots of URIs so you would understand the whole picture.
https://imgur.com/a/2Ocqi
https://imgur.com/a/bmhNv
So you're trying to match up outgoing requests? How do you expect to know that a user who accessed xyz.1234.com did it through Facebook rather than independently by typing the URL into the address bar? Or by clicking a link from some other page? Your log doesn't contain information that tells you which URLs are linked from which page. Without another source of information, you can't be sure.
You could examine the requests for multiple users and infer relationships. That is, if you notice that all (or a majority of) requests to xyz.1234.com occur after a Facebook request, you can infer that the request occurred as a result of a click on a Facebook page. Doing so will require some interesting pattern matching. How well it works will depend on how much data you have to work with, how well you write the pattern matching, and how much time you're willing to let the algorithm run.
There's no simple answer, though. If you don't have data that explicitly says, "this request was made by clicking on a link from Twitter," then you have to either get another source of information or you have to write code that will infer that information.
I'm doing OAuth2 to integrate Square and my app which uses Parse as its backend.
My issue is that when Square calls the redirect uri, it directs the user to a subdomain I created in Parse with the authorization code appended to the subdomain uri. I need to extract this authorization code from the uri, but do not know how. Parse Cloud Code is needed to do this.
I believe I need to create a Webhook URL in Cloud Code and then extract the data appended to the URL, the base of which is the subdomain URL. Steps outlining the process, code examples and links to helpful documentation would be much appreciated.
Furthermore, once I figure this out, I need to have my web browser jump the user back to the app that brought up Square initially once this redirect URL is called. Not sure how to do this and haven't found things that make sense. Tips, recommendations and links would be appreciated!
Thanks!
I think the best way to go would be create an independent route on the server that handles all your communication with square. I mean something that doesn't have Parse.
You can now still communicate with Parse from this route and make queries but the best thing is to just create a separate route that id devoid of parse.
Because even if you can find a way to implement via triggers or hooks, Parse might not be able to give you a flexible implementation that can be extensible over time.
I'm trying to make a Firefox addon with the Firefox Add-on SDK and API, and I have some questions about their possibilities before I start using them.
My college's Wi-Fi authorization expires every 30 minutes only to have fun pissing off their students. There are already some autofill addons available on many browsers but it's still destructing to move the mouse pointer onto the "Login" button and click it when there is one second left to turn in a midterm paper. I've heard my friends complaining like this for months and I myself think the thing is actually annoying sometimes, so I decided to develop a Firefox addon that takes charge of the job so that the authorization process will feel not even existing once the addon is activated. (I just want to impress my friends honestly.)
For ease I would like to develop the addon within the Firefox add-on SDK. I found that my addon would be utilizing the page-mod, password and request APIs; page-mod to detect the Wi-Fi service's auto-redirection into their authorization page, password to fill in the page's form by a student ID and password stored in the individual Firefox browser, request to redirect the "Login Successful!" page into the originally given destination.
So I guess it should be possible to achieve my goal with this SDK and APIs, but there are still some questions that I need to ask before I proceed:
Is it possible to pass a callback function to page-mod::PageMod (not as a String or a URL to another JavaScript file)? If not, can it be done using the lower level API?
Is it possible to actually redirect a page in a tab into another page only using high level APIs?
Is it possible to remember the original destination's location (with the request method and contents) and call it in the process of page-mod::PageMod (in order to re-redirect out of the authorization page)? If not, can it be done using the lower level API?
Is it possible to perform the addon's redirection function on inactive (background) tabs where the opened webpages automatically keep connecting to the Internet and get redirected to the authorization page?
Thank you so much for reading and please spare a little bit of your time for me. Thank you again!
Is it possible to pass a callback function to page-mod::PageMod (not as a String or a URL to another JavaScript file)? If not, can it be done using the lower level API?
No, everything that goes through the port is serialized using JSON serialization (See docs). Instead you would probably emit an event from your content script to execute the callback method with parameters you pass it in the module scope and hardcode parts that need to be done in the content script with port event listeners.
Is it possible to actually redirect a page in a tab into another page only using high level APIs?
Totally, if you're in a content script, you can just set window.location, or in your modules you set the location of a tab, see https://developer.mozilla.org/en-US/Add-ons/SDK/High-Level_APIs/tabs#url.
Is it possible to remember the original destination's location (with the request method and contents) and call it in the process of page-mod::PageMod (in order to re-redirect out of the authorization page)? If not, can it be done using the lower level API?
Possible? Yes, depends a lot on how the redirection from the W-LAN works. Generally all the SDK offers you is getting load/ready events for tabs and reading a tab's current URL. So if you get a ready event at the point of the redirect you're fine. If your college login remembers the redirect target using a get parameter in the URL you're fine. If your college doesn't adjust the URL, you're fine. If you really need to dig through the request, you'll have to ge a bit deeper than even what the SDK offers you, but it is possible.
Is it possible to perform the addon's redirection function on inactive (background) tabs where the opened webpages automatically keep connecting to the Internet and get redirected to the authorization page?
JS execution for Add-ons is not paused based on a tabs state.
I have searched the Internet, but I can't find the info I'm looking for. So I'm sorry if it's a simple question or asked a miljon times.
I'm developing a website with (probably) a lot of Ajax functions. Now I'm wondering how FaceBook is doing this, for example the 'Like' button. If I use a ajax call to a page addLike.php?post_id=1, then an visitor (with evil intentions) can use this url to manipulate my db by adding random values to the post_id.
How can I prevent this? Or what's the best way to do this?
First and foremost, calls to make mutation to data entries (something stored in the database, files, etc.) should never be accessible from a 'GET' HTTP request, e.g. deleting a post in a forum. That is to say, if you're adding like to a post, you should use $.post to perform an ajax request (supposing you're using jQuery).
And also, authentication and authorization should be done before responding to every request. Which means, if the user wanted to add like to a post, he/she should have been authenticated and also permitted to perform the specific action. Prevailing web frameworks will help you to achieve this automatically (with configurations).
And further more, you should also prevent XSS attack by data sanitization. You can google it for more details.