On my MVC spring application I send a form to a page using post method to perform a search with some parameters. The results of the search is a list and, for every entry is possible to navigate to a details page. It works fine but, when an user try to come back to result page with back browser button (or a Javascript), I get an "Expire page" error. Refreshing the page, it rexecutes the post submit and it works fine.
To prevent this error I added
response.setHeader("Cache-Control", "no-cache");
to the search controller and everything works fine with Safari and Firefox but I get the same "Expire page" error when I try to execute the web application with IE (8 and 9).
What's the right way to go to a detail page and come back without getting any error?
thanks for your time!Andrea
The right way is to use GET instead of POST: searching is an idempotent operation which doesn't cause any change on the server, and such operations should be done with a GET.
Not expiring a POST request seems to undermine the very idea of a POST:
Per RFC 2616, the POST method should be used for any context in which a request is non-idempotent: that is, it causes a change in server state each time it is performed, such as submitting a comment to a blog post or voting in an online poll.
Instead, I would restructure how you view the detail records, maybe with an overlay DIV that doesn't refresh the underlying page that shows the results. With many modern web apps, using the BACK button can cause issues with page flow.
Related
I'm developing a Java EE project using ICEfaces3 framework, and now we are facing a knotty problem when every time u click a banner tab(Not limited) send a request to trigger a page redirect, since then a white screen is shown just for nearly 1sec during redirect to a new page.
This issue can be reproduced in IE7/8/9, Firefox and Chrome works fine.
So far I did much research on IE, when I open the debug tool to watch the network status I see every time the white screen displayed the network is request to *.iface url, and after processing the *.iface request within 1sec, the redirect page will be rendered.
OH, attach a NOTE, I have tested other applications such as MS-Hotmail, when I land in the hotmail login page and click sign in button, a white page is also displayed for some seconds then the redirect page rendered. This is same as my problem.
Is there any solutions to solve the IE white screen redirect issue?
Special thanks to your reply!
Unfortunately, this is a browser-specific issue. IE clears the HTML DOM immediately as the response has been arrived, regardless of if the response headers indicates a redirect and/or if the response body contains a HTML document. Other browsers only clears the HTML DOM tree only at the moment when it's supposed to be replaced with new content.
Your best bet would be performing the request by ajax instead. The only caveat is a non-SEO-friendly link when a <h:commandLink> is been used.
Hi stackoverflow users.
When i was doing web scraping, i encountered a problem that, when i scrape through a series of webpages of a particular site, with their URLs being
http://www.somewebsites.com/abc.php?number=0001
http://www.somewebsites.com/abc.php?number=0002
http://www.somewebsites.com/abc.php?number=0003
..
..
http://www.somewebsites.com/abc.php?number=1234
Something like this. Since some of the pages may be occasionally down and the server may handle it by redirecting to a different page, say the homepage. In this way, my scraping program will encounter various exceptions related to the change in syntax structure ( as it is a different page).
I'm wondering if there is a way to check whether a webpage i'm scraping exists or not, to prevent my program from being terminated in this case.
I'm using
Jsoup.connect()
to connect to that page. However, when i visit the failed webpage ( redirected ), i was redirected to another page. In my program, the console do not throw any exception about the connect. Instead, the exception is just an index out of bound exception because the unexpected redirected webpage has a totally different structure.
Since some of the pages may be occasionally down and the server may handle it by redirecting to a different page, say the homepage
In general, when a page on a website is not temporarily available and gets redirected, the client gets the response code as 302 (moved permanetly) or 307 (moved temporarily) with "Location" header that points to the redirected page. It seems you can configure the Connection to not redirect in such cases, by setting the followRedirects to false. Then you can verify the HTTP response code before converting the response to Document for further processing.
Let's say someone enters the following URL in their browser:
http://www.mywebsite.com/<script>alert(1)</script>
The page is displayed as normal with the alert popup as well. I think this should result in a 404, but how do I best achieve that?
My webapp is running on a Tomcat 7 server. Modern browser will automatically protect against this, but older ones, I am looking at you IE6, wont.
It sounds like you are actually getting a 404 page, but that page includes the resource (in this case a piece of JavaScript code) and doesn't do any converting of < and > to their respective HTML entities. I've seen this happen on several websites.
The solution would be to create a custom 404 page which doesn't echo back the resource to the page, or that does proper HTML entity conversion beforehand. There are plenty of tutorials you can find through Google which should help you do this.
Here's what I did:
Created a high level servlet filter which uses OWASP's HTML sanitizer to check for dodgy characters. If there are any, I redirect to our 404 page.
You should put a filter in your webapp to protect against an XSS attack.
Get all the parameters from the HttpServletRequest object and replace any parameter with value starting with with spaces in filter code.
This way any harmful JS script won't reach your server side components.
Nowadays many websites contain some content loaded by ajax(e.g,comments in some video websites). Normally we can't crawl these data and what we get is just some js source code. So here is the question: in what ways can we execute the javascript code after we get the html response and get to the final page we want?
I know that HtmlUnit has the ability to execute background js,yet some many bugs and errors are there. Are there any else tools can help me with it?
Some people tell me that I can crawl the ajax request url, analyze its parameters and send request again so as to gain the data. If things can't work out according to the way I mention above, can anyone tell me how to extract the ajax url and send the request in correct format?
By the way,if the language is java,it would be the best
Yes, Netwoof can crawl Ajax easily. Its API and bot builder let you do it without a line of code.
Thats the great thing about HTTP you don't even need java. My goto tool for debugging AJAX is the chrome extension Postman. I start by looking at the request in the chrome debugger and identifying the salient bits(url or form encoded params etc.)
Then it can be as simple as opening a tab and launch requests at the server with Postman. As long as its all in the same browser context all of your cookies(for authentication, etc.) will be shipped along too.
I am writing java code where i need to get some information from a particular website. i am writing java code that uses scrapping method , but while scraping data from website i am facing one problem.
When i go through the links one page to another page some time it shows security image page. I get the security string by using an API,but when i m trying to post it using postmethod in java. I can't able to get actual page source, it redirects the same security image page. How to solve this problem. How can I post arguments to resolve security image problem.
Thanks!
From the security image implementor's point of view, this is usually implemented by saving your session id with the security string, so when you post your security string attempt, the server can compare your answer to the on in the session object on the server. The session is usually managed by your web browser, by cookies most often.
So my question to you is - do you maintain some session with this particular website, or is every web request detached from the previous ones?