I want to modify HTTP requests headers using an Internet Explorer Browser Helper Object.
I basically need to change a few headers for every request, and then modify the response before it returns to the browser.
I tried using the OnNavigate2 events, but those don't even give you access to all of the headers.
I tried making an Asynchronous Pluggable Protocol, but then I don't really have access to the default HTTP implementation, and i can't override the default HTTP requests.
Do you have any idea how this is supposed to be done?
I prefer C#, but could use C++ if necessary.
It can be done with URL monikers.
There is an implementation of something like that by a guy called Igor Tandetik.
You can find links to the code in: microsoft.public.inetsdk.programming google group - just look for PassthruAPP.
(I would have posted a link but apparently new users are not allowed to do this)
It doesn't directly support modifying the response body though.
You will have to insert a hook into the IInternetProtocolImpl::Read method.
The easiest way to do it is to use an http proxy to intercept everything the way Fiddler does.
See this description of the Fiddler PowerToy (Part 1).
It seems that you can only modify CUSTOM headers by using the headers parameters of the BeforeNavigate2 event. Not all the headers are accessible. This is a way to try to minimize the potential of the BHOs to act as a Trojans. Use a HTTP proxy instead.
Related
The DalekJS documentation for the open() action says "You can forge GET, POST, PUT, DELETE and HEAD requests".
Can anyone tell me how to do this? I need to send POST, PUT & DELETE requests to the server for some tests.
per definition the Webdriver Spec & the underlying JSON-Wire protocol do not support manipulation the HEADERS of a request.
That seems like a limitation, but makes sense if you think about what the protocol is designed for. It is designed to "simulate" a "real" user. What a real user normally doesn't do, is changing the HEADERS of its request.
There are other tools if you want to test a REST interface, Dalek isn't (becauseof the underlying protocol) not designed to test such things.
As the title may possibly suggest, I'm wondering what's more secure for AJAX requests: POST or GET. I can't work out which is better because they're both hidden from the user due to the URI being sent via. AJAX, not in the URL bar.
Thanks,
James
Neither add any security against either man-in-the-middle attacks or the end user. Both can be intercepted and tampered with using Wireshark, Firebug, or other tools.
If you want security against interception, you can use HTTPS. That does not prevent the user from sending requests manually, though.
It's almost trivially easy to inspect the contents of both post and get values. Your best bet, if you do not want the user to be able to get at that data directly, is to encrypt it, and / or send it over ssl.
There are no security differences between POST and GET used in AJAX. They are not hidden from the user - a simple tool like Fiddler would allow the user to see those requests. the payload in both is in plain text (ie, as your script created it). The only difference is that POST payload is in the body of the request and GET payload is in the query params of the URL.
They are not hidden from the user at all; install FireBug on FireFox and they are able to see the URI. Your choice of using GET and POST depends on the data sent; and if you going by REST standards, depending on the operation.
Treat an AJAX call as you would with information coming from the client through a form and through the address bar : Verify and sanctify.
They can view the page source and see where your target URL is and what parameters are being passed either way.
I want to create a WCF service that will simply reply back the query string, HTTP headers, and the HTTP verb used in a request it received.
I want to use it to unittest a AJAX enabled JavaScript framework I am building so I can verify that the HTTP headers and HTTP verbs are being set correctly.
Basically I need a way to make the WCF service bind to HTTP GET, POST, PUT, and DELETE, and I need a way to grab all the headers etc. and return them.
Any input is much appreciated, Egil.
Not sure that it is possible to do exactly what you want to do. But you could come close using REST with WCF, see http://msdn.microsoft.com/en-us/netframework/cc950529.aspx
It turns out a HTTP handler was an easier way to go than a WCF service. I posted my solution over at my blog: Simple Ping/Reply Service for Unit Testing AJAX/XHR requests. I hope this helps others as well.
Is it possible to know that a HTTP request is from Ajax?If yes, how?
Many frameworks add a header X-Requested-With set to XMLHttpRequest when sending an AJAX request. If you are using jQuery or Microsoft frameworks, this should work. If using another framework, you'll have to check the documentation. Since normal requests don't have the header, a check for the presence of the header should be sufficient.
If you are using your own "home-built" AJAX or the framework doesn't do this, but does allow you to set a header, you could simply follow this convention and add your own header when making the request.
Most frameworks set X-Requested-With header to state it. But standard AJAX requests doesn't.
I would assume that any request received by a server would appear to be the same (ie http post/get) and that you would need to look at the referer, but that may just give you the browser details?
I want to use mootools and SqueezBox class to handle a request to a RESTful service. I don't want to use any server-side script. I am using AJAX. I send a request to the following url using GET method.
http://www.idevcenter.com/api/v1/links/links-upcoming.json
but I receive a 404 error. Is it because cross-site scripting? here is my code:
SqueezeBox.initialize({handler:'url',ajaxOptions:{method:'GET'}});
$('a.modal').addEvent('click',function(e){
new Event(e).stop();
SqueezeBox.fromElement($('a.modal'));
});
In Firebug console, sometimes 'aborted' is shown and sometimes '404'.what is wrong with that?
XMLHttpRequest is subject to the Same Origin Policy; if the document your JavaScript is running within is not from the same origin as the service you're trying to call, the call will be disallowed for security reasons.
There is now a proposed standard for cross-origin resource sharing to address this. It may be that the service you're trying to use supports it; if so, using a browser that implements CORS (recent versions of Firefox and Chrome do, as do some others) may work. IE8 supports it but requires that you do extra work.
You cannot use XMLHttpRequest (that is, ordinary "ajax") to call a service on a server that is not in your domain.
You can, however, use the JSONP trick, which takes advantage of the fact that the browser will load Javascript from other domains. However, the service has to know that you're going to do that, and it has to understand the protocol. That particular service seems perfectly willing to give me a JSON response, but it doesn't pay attention when I give it a "callback" parameter. (I've tried both "callback" and "jsonp" and the JSON blob that comes back is the same, without a function call wrapper.)