Sometimes when I navigate to a website, the GET request is:
GET /se/ HTTP/1.1
How is the locale being added instead of just the root? From what I see it is the first request I send to the server. Is my browser adding this in? If so, how does it know to add it for some sites and not others?
I guess the server redirected your request to '/se/' based on the your preferred language that is detected from Accept-Language header in your request.
The server can have whatever rules it likes to do this. Generally, as #npcode mentioned, Accept-Language should be used, but it's possible that the website in question is directing you there based on ip geocoding rules. If you connect via a proxy in another country, does it still happen?
Related
Is there a way to tell the browser not to share a cached resource among websites?
I want to give websites a link to some JavaScript on my server and I want to make the response be different for each domain using the Referer header as check.
The response which will be cached should be available to the domain that requested it and when the end users visit another site that uses the script link, another request should be made.
I don't know whether I understand your question.
Does your scenario like: stackoverflow.com and yourwebsite.com use the same script called "https://ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js", but you don't want to share the cached script with stackoverflow.com
This is under the control of googleapis.com's web server.
So if the cached resource's origin server(googleapis.com) want to implement the feature as you said, it may use the Vary response header. Vary Header define the secondary key of cache.
Maybe "Vary: Origin" but only work for CORS
Maybe "Vary: referer" but referer contains url path
It still doesn't solve your problem but I hope it helps.
see MDN HTTP Cache Doc and [RFC 7234 Section 4.1]
May be this is an awkward question due to my lack of knowledge and I don't know which topic I should search to know about this, but I kind of hope/wish there was a solution.
What I mean is there any way I could send http requests to multiple domains ?
For eg: If I send an http request for a page www.facebook.com/stackoverflow.
I want a simple info that this link is clicked by someone by sending a message to my domain also.The URL can be changed to anything with primary URL still as main source.
What I mean plainly is
www.facebook.com/stackoverflow+{additional code to some way a request to my website also }
When you send a request for http://www.facebook.com/stackoverflow, it requires making a TCP connection to www.facebook.com's server and then sending an HTTP request for the /stackoverflow resource on that server. You can't make Facebook forward the same request to another server.
If you want the link to request your domain, you have to declare your domain as the target of the link. You can specify another URL as an extra parameter, so your domain can use an HTTP redirect to forward the client to that URL when ready. For instance, search engines do this all the time to track the links that users click on in search results.
For example:
http://www.example.com/doSomething?goto=http%3A%2F%2Fwww.facebook.com%2Fstackoverflow
The client would connect to the www.example.com server and send a request for /doSomething?goto=http%3A%2F%2Fwww.facebook.com%2Fstackoverflow. A script located at /doSomething can do whatever it needs to do, and then redirect the client to the URL in the goto parameter (http://www.facebook.com/stackoverflow).
I'm starting to learn web-programming. I've read about the difference between forward and redirect. But two questions not fully understood still:
In which case does the process access to a server-side and in which case without server-side?
When does URL change and when doesn't change? Does URL changes always when redirecting? Does URL changes never when forwarding?
I would be very grateful for the clear answers and explanations! Thanks in advance!
They are not hard and fast terms.
A redirect usually means an HTTP redirect, which is an HTTP response that instructs the client to make a new HTTP request to a different URI.
An internal redirect is a common description of a redirect that is handled internally by the webserver / web application / etc and doesn't send the browser to a different URI.
Forward is not a particularly common term, but when I've encountered it it usually means a form of internal redirect.
Forward happens on serverside, server forwards the same request to another resource. whereas redirect happens on the browser side, server sends http status code 302 to browser so browser makes new request.
Redirect requires one more round trip from browser to server.
One more difference is redirect reflects in browser address bar forward doesnt.
I want to change first line of the HTTP header of my request, modifying the method and/or URL.
The (excellent) Tamperdata firefox plugin allows a developer to modify the headers of a request, but not the URL itself. This latter part is what I want to be able to do.
So something like...
GET http://foo.com/?foo=foo HTTP/1.1
... could become ...
GET http://bar.com/?bar=bar HTTP/1.1
For context, I need to tamper with (make correct) an erroneous request from Flash, to see if an error can be corrected by fixing the url.
Any ideas? Sounds like something that may need to be done on a proxy level. In which case, suggestions?
Check out Charles Proxy (multiplatform) and/or Fiddler2 (Windows only) for more client-side solutions - both of these run as a proxy and can modify requests before they get sent out to the server.
If you have access to the webserver and it's running Apache, you can set up some rewrite rules that will modify the URL before it gets processed by the main HTTP engine.
For those coming to this page from a search engine, I would also recommend the Burp Proxy suite: http://www.portswigger.net/burp/proxy.html
Although more specifically targeted towards security testing, it's still an invaluable tool.
If you're trying to intercept the HTTP packets and modify them on the way out, then Tamperdata may be route you want to take.
However, if you want minute control over these things, you'd be much better off simulating the entire browser session using a utility such as curl
Curl: http://curl.haxx.se/
As of current, are there still any methods to spoof HTTP referer?
Yes.
The HTTP_REFERER is data passed by the client. Any data passed by the client can be spoofed/forged. This includes HTTP_USER_AGENT.
If you wrote the web browser, you're setting and sending the HTTP Referrer and User-Agent headers on the GET, POST, etc.
You can also use middleware such as a web proxy to alter these. Fiddler lets you control these values.
If you want to redirect a visitor to another website and set their browser's referrer to any value you desire, you'll need to develop a web browser-plugin or some other type of application that runs on their computer. Otherwise, you cannot set the referrer on the visitor's browser. It will show the page from your site that linked to it.
What might be a valid solution in your case would be for you to load the third party page on the visitor's behalf, using whatever referrer is necessary, then display the page to the user from your server.
Yes, the HTTP referer header can be spoofed.
A common way to play with HTTP headers is to use a tool like cURL:
Sending headers using cURL:
How to send a header using a HTTP request through a curl call?
or
The cURL docs:
http://curl.haxx.se/docs/
Yes of course. Browser can avoid to send it, and it can be also "spoofed". There's an addon for firefox (I haven't tried it myself) and likely you can use also something like privoxy (but it is harder to make it dynamically changing). Using other tools like wget, is as easy as setting the proper option.