Salesforce Missing Headers Puzzle - salesforce

I am trying to access Salesforce headers from a visualforce as well as inline Visualforce page. Both the headers are different. My Objective was to get the Ip address from within Visualforce page. I was able to get it from a VF page while not in inline VF Page - What could be missing. Pasting both the headers below for reference:
Header as in independent VF Page:
{Accept=text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8, Accept-Encoding=gzip, deflate, sdch, Accept-Language=en-US,en;q=0.8, Cache-Control=max-stale=0, CipherSuite=AES256-SHA TLSv1.2 256-bits, Connection=keep-alive, Host=maseratispaceq.ap1.visual.force.com, Referer=https://maseratispaceq.ap1.visual.force.com/apex/IPAddress, User-Agent=Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.89 Safari/537.36, X-BlueCoat-Via=02e34aac1d4420b1, X-Salesforce-Forwarded-To=ap1.salesforce.com, X-Salesforce-SIP=65.116.212.3}
Header as in Inline VF Page:
{CipherSuite=AES256-SHA TLSv1 256-bits, core.apexpages.framework.ApexViewServlet.getContentReflectError=true, core.apexpages.framework.ApexViewServlet.getContentRequest=1, Host=maseratispaceq.ap1.visual.force.com, User-Agent=Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.89 Safari/537.36, X-Salesforce-PDF=AAAAAUwj_BRwAAAAAAAAAAAAAAAAAAAAAAAAwpYz60xaIbnbiOgFCj3usFFqT128Tl0j8v43lSJCEqURiv38yxmjs5saKfPvaLHg4wBP_AhxJWr6dMq4BJTe4Oo=}

Related

WPF Cefsharp google login

I know that google login for cefsharp has been blocked for long time now,
but is there any way to bypass this
for example calling a actual chrome browser for the login and get the access token
Thanks in advance
You need to add at the end of your UserAgent /CefSharp Browser" + Cef.CefSharpVersion;
Example :
settings.UserAgent = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36 /CefSharp Browser" + Cef.CefSharpVersion;
And it work...

Large number of 404 errors on URL for articles

I checked the server logs and I found a large number of 404 errors. For example, this post
https://historycollection.com/10-little-known-facts-abou-axis-prisoners-of-war-in-world-war-ii/ has some 404 URLs because something appended in the URL text like this one /-&e=MOAT.(something)
Example of URLs:
https://historycollection.com/10-little-known-facts-abou-axis-prisoners-of-war-in-world-war-ii/-&e=MOAT.load
https://historycollection.com/16-horrifying-historical-locations-where-people-continue-to-live-in-the-united-states/4/-&e=MOAT.measurable
https://historycollection.com/10-little-known-facts-abou-axis-prisoners-of-war-in-world-war-ii/-&e=MOAT.inView2sec
https://historycollection.com/10-little-known-facts-abou-axis-prisoners-of-war-in-world-war-ii/-&e=MOAT.smallplayer
https://historycollection.com/10-little-known-facts-abou-axis-prisoners-of-war-in-world-war-ii/-&e=MOAT.viewable&tv=1
Most of them having referrers like this one https://historycollection.com/16-horrifying-historical-locations-where-people-continue-to-live-in-the-united-states/?utm_source=Facebook&utm_medium=Ads&utm_campaign=16-horrifying-historical-locations-where-people-continue-to-live-in-the-united-states-Automatic
And user agents like these ones:
Mozilla/5.0 (Linux; Android 10; SM-N975U1 Build/QP1A.190711.020; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/85.0.4183.101 Mobile Safari/537.36 [FB_IAB/FB4A;FBAV/289.0.0.40.121;]
Mozilla/5.0 (Linux; Android 9; E6910 Build/4.601VZ.0191.a; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/72.0.3626.121 Mobile Safari/537.36 [FB_IAB/FB4A;FBAV/163.0.0.43.91;]
Does anybody have any idea about this?
Thanks,
These are probably bots probing for vulnerabilities.
Run the IP through something like AbuseIPDB and see what others have to say about it.

How to get the custom header values in the angular application when application open

I have Angular application A, that will open by other application B, while opening application by B, they will send one attribute in the request header, how can i accesses, that custom header in my angular application when its opening, the custom header i can seen tcpdump.
Below is the header, i want accesses 'acbd' value
Connection: keep-alive
Referer:
User-Agent: Mozilla/5.0 (Linux; U; Android 4.0.3; en-us; HTC Desire Build/IML74K) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
Accept-Encoding: gzip,deflate
Accept-Language: en-US
Accept-Charset: utf-8, iso-8859-1, utf-16, *;q=0.7
Cookie: NG_TRANSLATE_LANG_KEY=%22en%22
**abcd: 13223223**
Http headers are not accesible via Javascript (only http-referer and http-user-agent via object properties, and http-cookie). If you need to pass some value from one application to another, you can use cookies and retrieve value parsing document.cookie variable.
Edit: Headers can be accessed via XmlHttpRequest object when using Ajax requests, but only restricted to simple response headers, and additional restrictions by CORS if your request is cross-domain. Some cookies marked as Http-only cannot be accessed via Javascript.

Angularjs send only JSESSIONID cookie not others

We are working on a RESTful Webservice with AngularJS.
We are invoking Restful web service which create a cookie using addCookie() method of javax.servlet.http.HttpServletResponse (yes before that do some business processing). Once the response is returned from web service
We can see the cookie under Set-Cookie element of Response headers. Please look into Response from browser developer tool.
Remote Address:127.0.0.1:8080
Request URL:http://localhost:8080/test-app/authCode/activate
Request Method:POST
Status Code:200 OK
Response Headers
Content-Length:0
Date:Tue, 26 May 2015 14:41:33 GMT
message:System activated the authorization code provided
Server:Apache-Coyote/1.1
Set-Cookie:auth_cookie_name=VckfCE; Expires=Tue, 26-May-2015 20:41:33 GMT; Path=/services
success:true
Request Headers
Accept:application/json, text/plain, /
Accept-Encoding:gzip, deflate
Accept-Language:en-US,en;q=0.8
Connection:keep-alive
Content-Length:6
Content-Type:application/json
Cookie:JSESSIONID=A61316520C343254790F12AE03D13242
Host:localhost:8080
Referer:http://localhost:8080/test-app/
User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
Request Payload
VckfCE
After that we navigate to other resource using angularjs $location.path('/resource'). When this call get executed control goes to a javax.servlet.Filter and we try to read cookie 'auth_cookie_name' using request.getCookies() but only JSESSIONID cookie is found there not 'auth_cookie_name'.
How can I enable AngularJS to send this cookies?
Your cookie response
Cookie:auth_cookie_name=VckfCE; Expires=Tue, 26-May-2015 20:41:33 GMT; Path=/services
has Path option and this cookie is limited to this prefix.
As a result "auth_cookie_name" is not sent in $location.path('/resource'), because "/resource" doesn't start with "services".

Google Mobile Ads in Win Phone 7 Applications

I'm interested in using Google Ads in my Win Phone 7 Application. I've created a custom control that currently uses AdMob services to load ads, and I'm interested in incorporating a Google Ads provider (as well as any others I can). You can see the source for this control here: https://bitbucket.org/jacob4u2/moads/wiki/Home.
The best case scenario for me would be information about some kind of REST based JSON service that I could call and get back information like; Image Url, Ad Text, Ad Link Url. I've already done some research with the javascript that is added to a website that calls out to such a service to get ads, I would just like to know the legality and possibility of using this underlying service for myself.
Here's a look at the underlying service request and response from the Google Mobile Website Ad Sense Javascript from Fiddler:
GET http://googleads.g.doubleclick.net/pagead/ads?oe=utf8&ad_type=text_image&client=[someclientstring]&color_bg=FFFFFF&color_border=336699&color_link=0000FF&color_text=000000&color_url=008000&correlator=1283032525791&dt=1283032525791&ea=0&flash=0&format=320x50_mb&frm=1&js=afmc-v1.1&output=html&u_ah=738&u_aw=1366&u_cd=32&u_h=768&u_w=1366&u_his=1&u_tz=-240&url=http%3A%2F%2Flocalhost%3A53339%2F&dtd=5 HTTP/1.1
Host: googleads.g.doubleclick.net
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/533.4 (KHTML, like Gecko) Chrome/5.0.375.127 Safari/533.4
Referer: http://localhost:53339/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=2ca5d68be0ad9c24:T=1276802611:S=ALNI_Mb20Pe5DhybgSn6XMox3s10fBFcgw; VWCUK200=L070410/Q46888_8658_5_070410_2_123110_188666x187920x070410x1x2/Q46885_8658_5_062810_1_123110_188672x187926x062910x1x1; id=ca99132260000f4|1782317/496326/14815|t=1272328868|et=730|cs=w4txjauw
HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sat, 28 Aug 2010 21:54:25 GMT
Server: cafe
Cache-Control: private, x-gzip-ok=""
Content-Length: 603
X-XSS-Protection: 1; mode=block
<html><body style="background-color:transparent"></body></html>
Looks like a lot of parameters, hopefully I've removed any confidential stuff. Anyone ever looked into anything like this?
I would contact Google to see if this is within their terms of service - it would be a shame to do the coding and then find out that that you get no revenue from them.
I would also consider how the ads are chosen if this is not a web page. Typically the ads are chosen base don the page context. In Silverlight apps on the phone there is no web page context.

Resources