Ajax Logging on any site - ajax

All,
Is there a way to log all clicks(like hyperlinks,buttons,.....) performed by the user on the client on any webpage and send it to server for logging purpose.If so please direct me to a sample code for it.
Thanks......

You can include the Google Analytics script in your file and reap its benefits.

Unless you are going to build a extension (or some greasemonkey script) for some browser you won't be able to do that for any web page the user visits.

Assuming that all clicks result in a server request, then why not just scan the access logs of the web server?
You can add a uniquely identifying id in each url in order to distinguish between users.

Related

Is Cypress compatible with Salesforce?

After I log in, the domain changes and it doesn't do anything else that my script tells it to do. Is it the case that you just can't do anything once the domain changes? I can't quite tell from the documentation. I know it says that it can't navigate to a second domain, but I haven't seen where it says it can't do anything on a second domain.
Additionally, did Cypress used to login to Salesforce with cy.request()? Because currently Salesforce doesn't allow for logging in by sending a request with parameters.
cy.visit('https://test.salesforce.com');
cy.get('.username').type(username)
cy.get('.password').type(password)
cy.get('#Login').click()
This is my code for logging in.
Hi you can use Session in cypress in order to Cache and restore cookies, localStorage, and sessionStorage
Just create a command in ./support/command.js
You can read the documentation here https://docs.cypress.io/api/commands/session#Syntax

How to upload/download files directly from Google Drive to the browser without using server bandwidth?

I want to make a web app where the only cost to me is serving the webpage to the user, and all their data is saved to their Google Drive so I don't have to pay for storage or bandwidth.
Is this possible using Google Drive?
I can't see how:
If I want to save something directly from the browser, it needs my application's API key, and I can't put that in the HTML as it is non-secure.
If I try to do anything where the webpage calls my server, the file will have to pass through my server to get to Google.
If I want to save something directly from the browser, it needs my application's API key, and I can't put that in the HTML as it is non-secure.
You need client credentials, api key will only give you access to public data and wont give you the ability to write anything. Web credentials if configured properly are bound to the domain that they are intended to be use for there for they are considered secure.
If I try to do anything where the webpage calls my server, the file will have to pass through my server to get to Google.
Well this is true considering that your server is running the code. There is no way to route directly from the client to the user. Unless you did this with javascript in which case the code is running client sided and running in the users browser.

Instagram API for a Mac Application

I have gone through the Instagram Authentication documentation and I could see that there is no direct way to authenticate other than taking the user to a URL specified by the Instagram.
This is what Instagram documentation says.
In order to receive an access_token, you must do the following:
Direct the user to our authorization url. If the user is not logged
in, they will be asked to log in.
The user will be asked if they would like to grant your application access to her Instagram data.
The server will redirect the user in one of two ways that you choose:
Server-side flow (recommended): Redirect the user to a URI of your
choice. Take the provided code parameter and exchange it for an
access_token by POSTing the code to our access_token url.
Implicit flow: Instead of handling a code, we include the
access_token as a fragment (#) in the URL. This method is less
secure, but allows applications without any server component to
receive an access_token.
See we should take user to a particular URL. Instagram uses OAuth 2.0.
But the thing is that there is a Mac App named Flume, which does not take user to a URL. It simple lets the user enter their username and password, and Flume connects to Instagram API,and the user successfully gets logged in and able to see his media content.
I wonder how Flume doing this? Am I understanding the documentation incorrectly?
Please help. Thanks in advance.
You're reading the documentation correctly.
Flume doesn't use the Instagram API, so it is not affected by its limitations. Instead, it will likely use web scraping by opening the Instagram website in an invisible browser instance, there entering the user data and commands on the behalf of the user, then scraping the results from the next invisible browser page etc.
There are different approaches on how to achieve this in OS X, a starting point could be Web scraping in Objective C. For a conceptual overview, you could have a look at RoboBrowser, which is a Python library but gives you an idea of how this works.
Instead, it will likely use web scraping by opening the Instagram website in an invisible browser instance, there entering the user data and commands on the behalf of the user, then scraping the results from the next invisible browser page etc.
This is actually false. Flume has found a way to use Instagram's internal API to display content. Using a man-in-the middle proxy client such as Charles will show that the network requests that the Flume app makes are very similar to the network requests made by Instagram's different native Apps. Flume mimics Instagram's network requests in order to set HTTP headers/cookies/auth data to retrieve/post information.
I'm happy to post pictures/files to verify this for anyone that may wish for further proof of this.

How to prevent access to ASMX web service

I have a web service that is being invoked by an ajax call in the JavaScript of my page, but when users view the source, they can see the path to the ASMX file, which they can type into the address bar. I want users to be restricted in viewing and/or accessing the methods of this web service. I want only the JavaScript file to be able to use those methods. Is this possible? These users are not behind any log in.
Thanks in advance!
You can't.
You shouldn't be worried about users knowing your webservices URL, but you should protect what you return with a logged in key or something provided by your website.
The rule is: you don't want people to do something? Check that before on the server side and then return "you are not authorized" or another access error. Even if you try to do a very good job in your JS, it is very easy to monitor what you are accessing with the browser debug features: press F12.

GAE - how to create a private url that is only used by the application?

Using GAE with Python for this project.
I am creating a page with a chart of statistics that updates(refreshes) itself (every 10 sec) using AJAX. It is my first time using AJAX.
What I am thinking is, that I should create a private page that will give the needed information for the statistics chart. Then I simply get the info using AJAX.
Is that the way to go about it? If so how do I make a private page in GAE, I don't want users to be able to go to that page.. Thanks
What are the security concerns for a production quality application?
AJAX is simply Javascript sending HTTP requests. From a server point of view, there is no way to differentiate between user requests and Javascript requests. So there is no such thing as "private page".
You can simply require a login for your private page and your AJAX handler and set the login level to admin. You may require a login for one or more Urls.
Edit
Set login: required, which will require users to login via their Google Accounts, but still all users with Google Accounts will be able to access it. Then in the AJAX handler check if the user is one of the users that you have given access to: https://developers.google.com/appengine/docs/python/users/

Resources