Announcement

Collapse
No announcement yet.

Hiding Inbound URL from the address bar

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Hiding Inbound URL from the address bar

    My client uses I third party site so their customers can buy OEM parts. That site transmits the data (including the price) to us in a url (like a MvCall get) where I parce the query string, add the items to the basket, then redirect to the basket page.

    Now my client wants to stop and display a list of less expensive "after market" parts and give his customers the option to chose. This means the URL containing the price, is on the address bar, making it a simple matter to change.

    I know I could capture the variables and "post" them back to myself with MvCall but that would trigger another instance of the VM.

    How do I get the data off the address bar so it does not display?
    Last edited by RayYates; 03-18-15, 06:46 AM.
    Ray Yates
    "If I have seen further, it is by standing on the shoulders of giants."
    --- Sir Isaac Newton

    #2
    Re: Hiding Inbound URL from the address bar

    This might help:

    Code:
    window.history.pushState('Object', 'Title', '/new-url');
    Here's a link:

    http://stackoverflow.com/questions/3...shing-the-page
    http://www.alphabetsigns.com/

    Comment


      #3
      Re: Hiding Inbound URL from the address bar

      This must be done server side so I cant use Javascript.
      Ray Yates
      "If I have seen further, it is by standing on the shoulders of giants."
      --- Sir Isaac Newton

      Comment


        #4
        Re: Hiding Inbound URL from the address bar

        You might need an Apache proxy module.
        http://www.alphabetsigns.com/

        Comment


          #5
          Re: Hiding Inbound URL from the address bar

          Why is the price included in the URL? That seems like a security flaw. Aren't the prices stored in a DB somewhere that you can access?

          Do you have any ability to get changes made on the remote site? If so, they could use some type of encryption on the price parameter, so that the actual value isn't visible. Or maybe they could use POST instead of GET, so that the data wouldn't show up in the address bar.

          HTH --
          Kent Multer
          Magic Metal Productions
          http://TheMagicM.com
          * Web developer/designer
          * E-commerce and Miva
          * Author, The Official Miva Web Scripting Book -- available on-line:
          http://www.amazon.com/exec/obidos/IS...icmetalproducA

          Comment


            #6
            Re: Hiding Inbound URL from the address bar

            No. The OEM parts list (hundreds of thousands of items across many brands) were converted from paper and microfish to a web app. That website has exclusive rights to those lists which contains suggested retail price for the parts. My client contracts for access to a subset of that list, so the list price we get is the price we charge.

            Unfortunately I have no control over how the data gets posted back to my clients site, so yes this is the security hole I'm trying to plug. No solution will be 100% secure because anyone with enough tech knowledge to watch the data stream can capture the transmition.

            If no-one else has an idea, I'll just do an MvCall and re-POST the data to a secondary page.
            Ray Yates
            "If I have seen further, it is by standing on the shoulders of giants."
            --- Sir Isaac Newton

            Comment

            Working...
            X