All geek questions in one place

Can Javascript indicate if the page was a result of GET or POST?

Possible duplicate:
HTTP request client method

I am working on Javascript that is injected into any page. The script is being entered on servers that I do not control. (Injection is performed using an add-in or bookmarklet.)

Javascript needs to know if the page was loaded as a result of an HTTP GET or POST. The reason for this is that if the page was loaded using GET, the URL is the identifier of the page that can be bookmarked, shared with others, etc. In the case of POST, I need to handle it differently.

Can this be done? I did not find access to the Javascript request, but maybe there is a trick I don't know about.

+6
source share
2 answers

It is not possible to directly obtain the POST data of a web page; Imagine that this is possible. Then you can also read sensitive data sent through a POST request, which is clearly not necessary.

If you write a / usercript extension that has control over the generated HTML, you can add a query string to each form element using the = post method. This method is only reliable if POST requests are not scripted (AJAX) but initiated through a form.

Code example:

javascript:(function(){ var form = document.forms, i=form.length-1; for(; i>=0; i--) { if(/post/i.test(form[i].method)) form[i].action += "#method-post"; } //check whether the hash contains `#method-post` var is_post = location.hash.indexOf("#method-post") != -1; //Optionally, remove the hash to not interfere with the scripts at the page: //location.hash = location.hash.replace('#method-post', ''); })();

Location hashes are not sent to the server, but transmitted by the browser. This solution works great for extensions, but maybe inaccurate for bookmarklets, as the user should always activate it.

+1
source

I think you can’t.

Brendan Eich just confirmed that last night on his twitter conversation with dhh .

Play here:

@dhh: Is there any further reason JavaScript cannot access HTTP headers in a browser outside of Ajax? And what is the historical reason?

@BrendanEich: @dhh @lostconvos there is no good reason - I did not have time in the old days (except for document.cookie and navigator.userAgent), no one was tracking.

@dhh: Can we just get the API from xhr: getResponseHeader () and getAllResponseHeaders ()?

I suggest you follow both if you are interested in this matter.

In the meantime, I think the best thing you can do is to have two different javascripts - one for POST pages and one for the rest. You give both of your providers and tell them how to use them. But yes, this involves collaboration with servers.

+4
source

Source: https://habr.com/ru/post/901604/

More articles:


All Articles