I'm working on app which saves things from many cross domains via Ajax POST method to my server/app. I need to find a solution how to send a POST and verify if the user who sent it is already signed on my site and than save it to the database.
I am pretty sure that I need Chrome, Firefox extension to do it, because I need to embed my js on every page my users surf on. The thing is I don't know where to start and how should it work. I could set up proxy to make JSON POST work, but I don't know how to verify if the user is signed on my site.
Should I get cookies of my users from browser via Chrome API and sent it in the POST and authenticate the cookie/session in Django? What do you suggest?
Thank you for your help. I appreciate every hint.
When the user logons at http://yourserver.com, you can set a permanent cookie to identify him. (see SESSION_EXPIRE_AT_BROWSER_CLOSE and COOKIE_AGE variables in django)
Then, when he embeds any JS from another site from yourserver.com domain, the cookies are automatically sent for this domain, and you can check on your django side for the cookie existence and validity and give the good JS.
Because of crossdomain issues, you should better use form POST as an alternative as AJAX as it is not security restricted. You can then play with iframes and javascript to make both domains communicates.
To embed the JS in another website, you can use a browser extension, or a simple bookmarklet, which will load your code in the current page when the user clicks it from any webpage.
My 2 cents;
Related
I'm creating a web scraper that will need to sign in to a site to access data. Upon inspecting the sites login page I was able to retrieve the path to send data to the site's server along with the required arguments, meaning rather than using something like Selenium to fill out form data on the page itself, I can just send a direct POST request to the server and sign in that way. There’s just one problem with that.
The data the login sends are two things:
g-recaptcha-response
username
password
token2fa
They are filled in JSON data and then sent to the server. The problem is, the site uses an invisible reCAPTCHA, so I can’t solve it and send the response.
Now I need to figure out how to get g-recaptcha-response and send it before the login page itself does. Any help is appreciated.
Not using selenium nor a captcha solving service, as a captcha solving service costs money.
I will try to be as specific as possible. I am trying to make a request by POST method to publish a certain link in my profile. I've used the Facebook API, but it's not what I need. I need to do this:
Image of Share a Guide
When I click click publish, I should post it to my profile, I need to do this without the Facebook API. I have noticed that clicking on the 'post' button makes a post request, but I do not know how to do it in Python.
I left in this link the buttons that are used to share.
jornadahci.com/test/test.html
I would appreciate your cooperation.
Thanks for you.
Edit: I did it with the Facebook API, it worked perfect. But now, I want to do it without the API and perform the automatic script. What causes me doubt is POST requests, if you note, when you click on 'publish' you will make about three requests. Also, I do not know if the script would need a cookie to know what account this.
A Linkedin friend's full profile is not viewable without login to our Linkedin account. Is it possible to use cookie or any other alternative way without a browser to do that?
Any tips are welcome!
You may want to check out python-linkedin package link
LinkedIn REST API uses Oauth 2.0 protocol for authentication. In order
to use the LinkedIn API, you have an application key and application
secret. You can get more detail from here.
Thanks #Anzel, but related-profile-views API allows to read past profile view, but not trigger a new view (and therefore notify the user that I visited their profile programmatically). Unless I pop up a new window and load their profile, but then I'll need a browser to do it. Ideally I wanted to achieve it via backend, cURL and cookies, but it it's not as simple as it sounds.
In my Django application I would like to know if the browser the client is using has AJAX or not. This is because I have, for example, profile editing. I have a version that edits the user's profile in-place and another one that redirects you to an edit page.
I know that most browsers have AJAX nowadays, but just to make sure, how can I check that in a Django application?
I believe that the correct thing would be to use some sort of graceful degradation and check for ajax in the request using Django's request.is_ajax() method
https://docs.djangoproject.com/en/dev/ref/request-response/#django.http.HttpRequest.is_ajax
In your view there would be something like
if form.is_valid():
if request.is_ajax():
return simplejson.dumps(something)
return redirect('/some-url/)
User agent sniffing and the like is not seen as the best solution... if you can afford that, rather use projects like hasjs on client side to check what the user's browser really is capable and send the information to the server somehow (like, serving the checking page when there is no session, let it do the checks and post the results to the server, which then creates a session and remember the capabilities for that session or the something similar).
If you want know if a browser support AJAX, you need know the capabilities of the browser, you need this project:
https://github.com/clement/django-wurfl/
I haven't foun a way to do this, therefore what I could do was prepare a JavaScript-free version and a JavaScript version of my template.
I load a .js file, and it replaces all the links to other pages with AJAX links. Therefore, if the user doesn't have JavaScript he will see all the original links and functionality, and if he has JavaScript he will see all AJAX functionality.
The goal here, given a user facebook profile url, access and open the profile page. Some simple python code:
from urllib2 import urlopen
url = "http://www.facebook.com/username"
page = urlopen(url)
The problem is that for some "username" this causes HTTP ERROR 404. I noticed this error only happening when the path includes a name rather than the "profile.php?id=XXX" format.
Notice that we only have the url here and not the user id.
UPDATE:
This turned out to happen also for some of the "profile.php?id=XXX" and other username formats.
This is a privacy feature of Facebook. Users have the ability to hide their profile page so that only logged in users can view their page. Accessing the page with /profile.php?id=XXX or with /username makes no difference. You must be logged-in in order to view the HTML page.
In your context, you'd have to first log in to a valid Facebook account before requesting the page and you should no longer receive the 404's.
One way to check this is on the graph API, graph.facebook.com/USERNAME will return a link property in the resulting JSON if they have a public page, and it will be omitted on private pages.
Not every Facebook account is accessible as FIRST.LAST, so you won't be able to reliably do this.
There is currently no guarantee that an account is accessible with a vanity name.
Works perfectly fine as long as the username exists.
Are you trying to open the page in a Web Browser or access the HTML source generated by the page?
If the latter, have you thought of using the Facebook Graph API to achieve whatever it is that you are doing? This will be much faster and the API is all documented. Plus the page's HTML source could change at any point in time, whereas the Graph API will not.
Edit
You could use the Graph API without having to even create an application to get the user ID, but going to http://graph.facebook.com/username and parsing the JSON response. You can then access the profile HTML using http://www.facebook.com/profile.php?id=userId