In an iframe, build url from parent page hostname and new params - ruby-on-rails

I have two sites which communicate with each other. I'll call them mainsite.com and backend.com for this example.
mainsite.com is the site that people go to, and this loads an iframe which loads in backend.com, which is a Rails site that handles all of the login & signup stuff. At the end of the login process, backend.com generates a url which has an encrypted set of params which are used to log the user into mainsite.com.
The way that this is currently working is that backend.com controller generates a url like this "http://mainsite.com?auth=2347qweiuyqi" and saves it in a variable called #redirect_url, then (in the iframe) renders out some html which contains some javascript to redirect the parent page:
<script type="text/javascript">
$(function(){
window.top.location.href = "<%= #redirect_url %>";
});
</script>
This is working fine. However, we have a new situation where people can now access mainsite.com via a load of different urls (all subdomains on other sites, like mainsite.foo.com and mainsite.bar.com)
Now, when i redirect them to the auth url on mainsite, i want them to stay on whichever domain they're on. So, if they're on mainsite.foo.com, and loading backend.com in the iframe, then at the end of the login process i want to redirect the parent window to mainsite.foo.com?auth=2347qweiuyqi. Similarly, if they're on mainsite.bar.com they should be redirected to mainsite.bar.com?auth=2347qweiuyqi
My initial attempt at this was to change the javascript to get the domain name from the parent window, and build the redirect url by adding the params onto the end, then redirecting to this url. However, the iframe can't access the parent domain name because of cross-domain protection (ie the domains, "mainsite.foo.com", and "backend.com", don't match.
My next attempt was to have a javascript function on mainsite.com which takes the auth param and redirects to a url consisting of the current domain with that param added onto the end. But, i can't call a parent window function because of the same cross-domain restrictions.
How can I get past this? I have complete control over the content of both sites.
One solution which i know would work, but is a bit of hassle to set up, is to pass through the mainsite domain name through as a parameter in the src attribute of the iframe to backend.com, and then make sure that backend.com hangs on to that through the whole login/signup process, so that at the end of the process it can use it to build the whole url to redirect to. But, it feels like there should be a simpler way.
thanks, Max
EDIT - i've solved this by, when the first request comes through from mainsite.com to backend.com, saving the hostname of request.referer into the session, and then, later on when i come to do the redirect, looking it up from the session and adding the auth params on. This works but it feels a bit unsatisfactory so i'm interested in nicer solutions.

Related

ASP.NET, MVC, C# website pass a value though out the application

This is a bit of a puzzle for me.
I need to capture the URI Query string passed to the Home page.
As a user travels to different pages on the web site, I have a partial view that needs that URI query string.
I need a dynamicly created link in the partial view, that equals the original call to the home page.
Example -
If the user goes to - http://www.mysite.com?mode=Joe , I need the dynamicly created link to equal - Http://www.mysite.com?mode=Joe
If the user goes to - http://www.mysite.com?mode=Tommy , I need the dynamicly created link to equal - Http://www.mysite.com?mode=Tommy
FYI - The partial view is used in the _Layout.cshtml file. the call inside - _Layout.cshtml looks like this -
#Html.Partial("MyPartial")
Thanks!
There are a number of ways to do this, but probably the simplest would be to save it to the session on your home page, and then access that session variable from your partial.
You will need to decide what to do if the session expires.
Another possible way would be to write it to a cookie on the home page request and then access the request cookie in your partial. Again, you'd need to decide on an approach for cookies disabled, or wiped out during browsing.
Alternatively, you could look at something like the approach being used in the link below to set a language across the site. Exact implementation would differ, but concept is the same:
Howto automatically add a specific value from current route to all generated links?

Can I capture a param but avoid showing it in the url?

I would like to capture the id of an element that is clicked on and then pass that id to the controller, all without showing the id in either the link or the url param, and without having to write custom ajax loading. Anything like that available in rails out of the box?
What are you trying to achieve (what's the end goal)? It sounds like you want to communicate between the client and server without using ajax or encoding params in the user's url.
The usual ways of doing that, with those constraints, would be:
1) Wrap the click target in a form, and set the id to a hidden value. On click, just post the form. This will require a page refresh, but since it's a POST, won't muck up the url.
2) Set the id in a cookie, force a page refresh, read the id on the server and unset it. This will obviously also require a page refresh, but won't encode anything in the url.
3) Use an invisible iFrame to load a url with the param of interest. This won't require a refresh and the url can be anything, since the user will never see it.
If a page refresh/change is fine, the form route is probably best. If you don't want the page to refresh though, an xhr request is clearly the best solution. It's really simple to do, but an iFrame solution would be a hack that probably meets your needs too.
I am assuming you don't want to show the ID to the user but you need the element ID to hit the server.
You could use a custom request header, but that would require an AJAX approach. Here's a sketch with JQuery
$("a.sends_element_id").click(function(e){
e.preventDefault();
$.ajax({
url: $(e.target).attr("href"),
type: "GET",
beforeSend: function(xhr){xhr.setRequestHeader('X-Element-ID', $(e.target).attr("id");},
success: function(result) {
// Do something here to display the page
// Eg. http://stackoverflow.com/questions/824349/modify-the-url-without-reloading-the-page
}
});

jquery ajax calls in an mvc site not sharing logged in session

as in the title
we're firing
$('#id').load('someUrl', function(){/*some stuff*/});
But it seems to be being passed to the login form because it's not logged in?!
The user is logged in. Is this normal?
This happened to me too, but the cause was not that ajax is going crazy - which it may look like - but that the URL was not correct.
The website was initially hosted on localhost, without any alias, so I had a working URL like localhost/controller/action.
Then I moved the website under an alias - so the website's URL was localhost/alias. At this point, two strange things happaned to SOME ajax requests:
- the requests were prompted for authentication (the website was using windows authentication)
- the requests' session was different than the one of the page which launched the request
The problem was that some URLs were hardcoded in the js code. So we had code like "url: '/controller/action'" in the ajax calls code, and this URL didn't take into consideration the alias under which the website was hosted in IIS.
The solution was to declare a js variable in the page and assign it the URL built the right way, with Url.Action, and then use the variable in the ajax call:
Page:
<script type="text/javascript">
var ajaxUrl = '#Url.Action("actionname", "controllername")';
</script>
Js file:
$.ajax({
type: 'POST',
url: ajaxUrl,
...

JSF login forward address bar / url -- redirect does not solve problem

Okay we have a single - sign - on and the user will likely enter www.blabla.com/AppName/ to reach our site. We then define a welcome site, use a phaselistener to check:
is user trying to access the welcome site? yes -> try to login - works? yes -> get user roles -> forward to the appropriate site for this specific user.
E.g. user niceBelly goes to page /somewhere/in/many/folders/beer.jsf and user barbie goes to /breasts/pink.jsf
a redirect is in this application not possible for some reasons.
the result is that when reaching e.g. page pink.jsf the address bar still shows blablaba.com/AppName/
clicking the first link will result in the browser using the form address as new URL e.g. on welcome.jsf i navigate to coolstuff.jsf. On the page coolstuff i now have the url of the last form, e.g. welcome.jsf. Then on cool stuff i click a link, and get coolstuff on the next page as url, and so on.
Is there a way to solve this / work around it?
Given the symptoms, you are actually not redirecting the requests, but you are actually forwarding the requests. A real redirect will take place when you call
externalContext.redirect(url);
in JSF context, or when you add
<redirect />
to the navigation case. All other ways are effectively forwards. As per the symptoms, you're using commandlinks instead of outputlinks to navigate to other page. Commandlinks will submit a POST request to current URL and JSF will under the covers use RequestDispatcher to set the destination of the request/response when the navigation case doesn't contain <redirect />. A forward does not instruct the browser to fire a new GET request on the destination URL and hence the URL in browser address bar does not change. A real redirect will do exactly that.
See also:
When should I use outputlink instead of commandlink?
Bookmarkable URLs in JSF 1.x

rails ajax redirect

Here is my use case
I have a search model with two actions search_set and search_show.
1 - A user loads the home page which contains a search_form, rendered
via a partial (search_form).
2 - User does a search, and the request goes to search_set, the search
is saved and a redirect happens to search_show page which again
renders the search_form with the saved search preferences. This search
form is different than the one if step1, because it's a remote form
being submitted to the same action (search set)
3 - Now the user does another search, and the search form is submitted
via ajax to the search_set action. The search is saved and executed
and now I need to present the result via rjs templates (corresponding
to search_show). I am told that if the request is xhr then I can't
redirect to the search_show action? Is that right? If yes, how do I
handle this?
Here is my controller class
http://pastie.org/993460
Thanks
That's right. Either make the request non-XHR and redirect as normal, or you could try rendering the URL you want to redirect to as text or part of a JSON object which your AJAX request then uses to call document.location.href = [whatever] (but this seems hacky).
Right now what's happening is your XHR request is returning the result of the redirect, and not actually redirecting the page that made the XHR request.

Resources