search

mohit-surana / web2.0

Web 2.0 & RIA class notes and code
3 stars 6 forks source link

Doubt in 10 Aug.txt content #3

Closed adithyaphilip closed 8 years ago

adithyaphilip commented 8 years ago

if we want to return a string, add it within the <head> tag - maybe as a cookie (https://github.com/doodhwala/web2.0/blob/master/class/10%20Aug/10%20Aug.txt#L14) Might be nice to specify that the cookie cannot help in a cross domain request (since the cookie will be set on a different domain). Also, this might be just me, but how exactly do we add a string within the tag when returning an image? Was HTTP header what was meant? If it was, how would that work?

Much thanks for putting this all up, Mohu.

chandramouli-sastry commented 8 years ago

I thought browser will store cookies like this: If a page from XYZ.com receives a cookie from ABC.com, it'll store it as a cookie of XYZ.com. Of course, if a request goes back to XYZ server, the cookie from ABC.com will also go and it could cause problems! But, what you told also makes sense: the cookie will be there in the response header, so the browser could associate the cookie with the path from where it came from. check this ! Interesting one :+1:

And ya... i also want to know how to add string within head means and how we can access! The only stuff we can do with image-based ajax is by setting cookies or varying sizes right?

adithyaphilip commented 8 years ago

From what I've read online, this is possible only if they're same domain (subdomains may access their higher domain cookies too). Otherwise you could make people visit doodhwala.com steal their FB cookies :P

From what I remember sir saying in class, images can be used only to return low entropy responses, generally True or False, though I guess even 3x3 is reasonable (9 distinct responses).

mohit-surana commented 8 years ago

For sending back data within the head tag, it can either be as a cookie or a custom header:

<?php
    header("custom-header:value");
    // OR
    setcookie("cookie-name", "cookie-value", 86400);
?>

In the client side, we can either read the headers using: var headers = xhr.getAllResponseHeaders().toLowerCase(); (Credits: http://stackoverflow.com/a/4881836/6649050)

Or read cookies using: var cookies = xhr.getResponseHeader('Set-Cookie');

And as for Cross Domain cookies, I don't think we intend to fetch an image from some other domain. Why would we ask facebook.com whether username "gameburger" is available at doodhwala.com or not? The purpose here is to just use minimal network traffic to get the work done.

EDIT: If we are sending non standard headers, we must allow them to be read as well. Access-Control-Expose-Headers needs to be used for this. (Credits: http://www.html5rocks.com/en/tutorials/cors/)

chandramouli-sastry commented 8 years ago

Hey...if we are using xhr, we can as well send the stuff inside the body! The context here is with respect to using images- how do we add data within head tag while sending images- not xhr :P.

adithyaphilip commented 8 years ago

@chandramouli-sastry I guess the image source can be a .php, doesn't have to be an image file?

mohit-surana commented 8 years ago

@chandramouli-sastry @adithyaphilip is correct. Refer this: https://github.com/doodhwala/web2.0/blob/master/class/10%20Aug/part-1/chkUser.php