I've read all the other q's here regarding the topic but couldn't solve my problem.
I'm setting on my website the email of the user in the localStorage and i want to retrieve it in the extension.
localStorage.setItem("user", "andrei.br92#gmail.com" );
But when i try to receive it with the chrome extension it fails to do so
value = localStorage.getItem("user");
Which way is easier ? cookies localstorage ? im not pretentious
Please see this:
http://code.google.com/chrome/extensions/content_scripts.html#host-page-communication
Content scripts are run in a separate JavaScript world, which means the content script's localStorage is different from the website's localStorage. The only thing the two share is the DOM, so you'll need to use DOM nodes/events to communicate.
Use chrome.storage.local instead of localstorage. Content scripts using chrome.storage see the same thing that the extension page sees. More at https://developer.chrome.com/extensions/storage.html
Please see the information on Chrome content scripts. I'm betting you fell into the same initial trap that I did -- trying to read localStorage from an page-injected script, yes?
You do not want to use cookies when localstorage can do. That is because
Cookies can be accessed/modified through background page only.
Cookies are stored in context of a url/domain and not extension. So you will have to store a cookie for every domain that you wish to operate upon.
With every HttpRequest all the cookies associated with corresponding url/domain gets transmitted to server, so in effect you will be adding overhead to user's requests.)
Related
ASP.NET Core 2.1
I think this gets set automatically. How do I prevent that?
Just came across the same issue. My 100% cookie-free website had a cookie, created by ASP.NET Core.
As #mark-g pointed out in his comment, it is mainly added to support GDPR: Let users of your web page opt-in/out for the allowance to collect and keep data about them.
In all usual cases I'd recommend to go this route as designed by Microsoft. Keep the ASP.NET cookie and make use of the _CookieConsentPartial.cshtml for all personal data you might want to keep about the users.
In my special case, I have a very simple web page. No data is collected, also not from any third parties. I dont need the cookie consent and the ASP.NET cookie. In this case, can remove this cookie just by commenting out one line:
In Startup.cs comment out the line:
// app.UseCookiePolicy(); No cookies used at all!
Then clear all caches and remove the cookie, reload the page and it is gone.
I work for an e-commerce site. Part of what we do is to offer customized items to some clients. Recently some non-technical management promised that we could incorporate our check-out process into one such client's website. The only way we've figured out how to do this is by using an iframe (I know, I don't like it either). The issue is that most customers of this site are unable to check out because we use cookies to determine which custom items to display. Browsers are recognizing our cookies as third party and almost everybody has third party cookies turned off, as they should. I'm going to be shocked if the answer is yes, but is there any workaround for this? ie can the site hosting our iframe somehow supply the necessary cookie?
Try an invisible, interstitial page.
Essentially the hosting site would issue a redirect to a site within your domain, which is then free to set cookies (because at this point is is actually the first party). Then your site immediately redirects back to the hosting site. At this point your newly-created cookies will be invisible to the hosting site but visible to your iFramed page henceforth.
Unfortunately the hosting site will have to do this every time a cookie is to be updated but the double-redirect can happen so quickly they'll hardly notice. Hopefully your system only needs the cookies to be set once.
Instead of using a cookie, pass the information in the each url request as name/value pairs.
It is a bit of a pain to add the name/value to every url...I know...oh well...it will work.
I'm going to be shocked if the answer is yes, but is there any workaround for this? ie can the site hosting our iframe somehow supply the necessary cookie?
Your iframed page itself, which is the third party in this scenario, could send a P3P Cookie Policy header – some browsers then accept third-party cookies by default, whereas others (mainly Safari) will not be convinced to do so at all if not by the user manipulating the default settings themselves.
What you could also do, is pass the session id not (only) by cookie, but as a GET or POST parameter as well – f.e. under PHP this can be done quite easily by configuring the session options. You should consider if that’s worth the slightly increased risk of session stealing.
The interstitial page solution should work but it might be a lot of trouble for your hosting site, so here's another solution that will allow you to work cookieless.
Write an HttpModule that responds to the BeginRequest event, reads the querystring, and inserts corresponding cookie headers into the Context.HttpRequest object (Note: you can't use AddCookie, you have to use AddHeader, because cookies added by a module directly are disposed of before they hit your application proper). That way the hosting site can simply issue a request (within the iFrame) that contains the necessary value in the querystring, the module will convert it into a cookie (that only exists in memory, not on the wire), and your application will be deceived into thinking that there's a cookie there. No code changes required, you just need to add the module in web.config.
This only works if you are using IIS 7.0+ in integrated pipeline mode. If you're on an earlier version of IIS or if you have to run in classic mode, you'll need an ISAPI filter instead.
Ryan , John
For the Chrome v80 update with SameSite flags, want to set the samesite=none;secure for the site hosting our iframe and somehow supply the necessary samesite=none;secure cookie. We have apache 2.2 and tomcat 6 setup, so would appreciate a solution and advice on how to make it work. Currently with flag enabled the iFrame is not punching out successfully.
Thanks
As the title implies,
I need to fetch data from certain website which need logins to use.
The login procedure might need cookies, or sessions.
Do I need QtWebkit, or can I get away with just QNetworkAccessManager?
I have no experience at both, and will start learning as I go.
So please save me a bit of time of comparing both ^^
Thank you in advance,
Evan
Edit: Having read some related answers,
I'll add some clarifications:
The website in concern does not have an API. So I will need to scrape web elements for the data myself.
Can I do that with just QNetworkAccessManager?
No, in most cases you don't need a full simulated web browser. In most cases, just performing the same web requests like a web browser would do is enough.
Try to record the web requests in your browser, using a plugin like "HTTP Live Headers" or "Firebug" in Firefox. I think Chrome provides a similar tool out of the box. These tools record the GET and POST requests done by the website when you send a form in the webpage.
Another option is to inspect the HTML code of the login page. Find the <form> tag and its fields. Put them together in a GET / POST request in your application to simulate the same form.
Remember that some pages use randomized "tokens" in their forms, some set the tokens as cookies. In such cases, you need to request the login page itself in your application first (before sending the filled in form). Both QWebView and QNetworkAccessManager have cookie support.
To sum things up, I think QWebView provides a far more elegant way to simulate user interaction with a web page. The manual way is, however, more "lightweight", as you don't need Webkit and your application might be faster (because only the HTML page is loaded, without any linked resources like images, CSS, javascript files).
QWebView as class name states is a view, so it views something (in this case web pages). If you don't need to display loaded page, then you don't need a view. QNetworkAccessManager may do the work, but you need some knowledge about HTTP protocol, and also anything about target site: how does it hande logins, what type of request you have to send to login etc.
I'm trying to distinguish between a web request coming from inside the iframe of my app in facebook vs a regular web visit. That way I can deliver the correct layout.
I had set a session variable when the first iframe request comes into my server (facebook sends a POST param called signed_request to your default canvas url), but then if the user actually visits me website after (outside of facebook) they get iframe layout delivered instead of what my site should look like.
I've looked through all the META info that come in with the iframe request and I dont see anything that would allow me to distinguish the two.
Any help would be much appreciated.
UPDATE: I'm using AppEngine as my application host
The easiest way is to make a unique url for access from Facebook, e.g. if your website is www.site.com then set up either fb.site.com or www.site.com/fb on your server and point it to the same place as www.site.com (and of course set your Facebook app settings to use the alternate url). Then your server code can easily check the accessing url to determine whether to format for Facebook or standalone website.
Another approach is to combine a session variable on the server-side with some javascript on the client-side. You can set a session variable when you receive the signed_request parameter, and then check it on each page load. As long as the session variable is set, you output iframe format and add a bit of javascript code to each page. The javascript checks to make sure the page is still in an iframe using something like if (window.self!=window.top) { //inside iframe }. If not inside an iframe it means the session variable is now stale, so the js jumps to some url that tells the server to clear it and then re-display the page in regular layout.
I'm trying to disable writing data in a specific cookie on a website,
At the same time, i want the data to be sent,
So it means, i send cookie data and don't want to receive any,
Is it possible ?
Cookie is just a mechanism to store information at per client basis or in client layer above the session layer. In general people hate cookies cause they can do creepy stuff and some website is using resources on their PC.
When you say I want to store a cookie that I never want to read, its really shady. No browser should allow this sort of cookie. You might want to re-look at your architecture.
But may be I donno what exactly you mean.