Collecting referrer, keywords, etc via Javascript

kblessinggr

kblessinggr

PedoBeard
Sep 15, 2008
5,723
80
0
G.R., Michigan
www.kbeezie.com
I know google analytics does this, but my question is. How does google make it possible for a javascript loaded on say DomainA.com to send data back to google which is on a different domain, since security wise, a javascript routine cannot post/etc to a domain that is not the same as DomainA.com
 


LogicFlux said:
You don't actually link to a gif. You link to a script which sends back content in gif format with a gif type header.
And you can append params to your gif url just like it was a script, because well, it is a script.

document.referrer
Click to expand...

I already got a script loading from another domain. My concern is being able to take document.referrer and be able to send that back to the original domain via ajax. Example:

DomainA hosts script (which is really a php file).
DomainB loads script off DomainA
Script grabs document.referer
*How does Script send this info back to DomainA without a 'permission denied' ?

obviously I can't use http_referer on the php side, because the referrer will always be the page that loaded the script.
 
File: testlog.php|html

Code: 
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
 <head>
  <title> test log </title>

 </head>

 <body>
 <script type="text/javascript">

  var img1 = new Image();
  img1.src = 'http://example.com/giflog.php?ref='+escape(document.referrer);
  
 </script>


 </body>
</html>
File: referrer.php|html

Code: 
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
 <head>
  <title> the referrer </title>

 </head>

 <body>
  <a href="testlog.php">link</a>
 </body>
</html>
File: giflog.php

Code: 
<?php

error_log($_GET['ref']."\n", 3, dirname(__FILE__).'/log.txt');

header('Cache-Control: no-cache');
header('Content-type: image/gif');

//the size of the unencoded transparent gif
header('Content-length: 85');

//1x1 pixel transparent gif
print base64_decode('R0lGODlhAQABALMAAAAAAIAAAACAA'.
                     'ICAAAAAgIAAgACAgMDAwICAgP8AAA'.
                     'D/AP//AAAA//8A/wD//wBiZCH5BAE'.
                     'AAA8ALAAAAAABAAEAAAQC8EUAOw==');

flush();
exit;

?>
Put testlog.php or testlog.html on another domain if you want to see if it works.(it does for me)

It's been a long time since I've done something like this. So I'm not up to date on the gotchas. I'm not sure simply creating a javascript image object and assigning to the src property will work in all browsers, but I suspect it does. I just tested it in FF3 and IE8 and it works. But the point isn't really that this exact technique works, it's that you get the basic idea.

I got the gif printing script from one of the php manual pages. It doesn't work in FF if you try to call it from the src attribute of an img tag, I get the missing image icon. But I don't guess it matters if you can get away with not having to put the image in the page somewhere.
 
jryan21 said:
Have you looked into using JSON? I think it can do cross-domain.
Click to expand...

JSON is a data structure, it cannot do cross-domain, there was pJSON in the work that in theory would do cross domain over frames/iframes, but modern browsers security modal shot that out of the water.

Though out of curiousity, if an iframe is created by javascript, is the referer of that iframe the page its loaded on, or the same as the main page's referer?
 
There are several ways to do it, all variations of what LogicFlux posted. Your Javascript needs to pull the referrer, then pass it in the query string to your remote PHP script. Could be an image, could be another Javascript file (which is actually a PHP script).
 
wdmny said:
There are several ways to do it, all variations of what LogicFlux posted. Your Javascript needs to pull the referrer, then pass it in the query string to your remote PHP script. Could be an image, could be another Javascript file (which is actually a PHP script).
Click to expand...

Would probably have to use the image method, since using JQuery's $.get, $.post, or $.ajax will scream permission denied if you try to use a url on a diff domain


I'll do some test runs of each and report back. I just got the two oldest boys back from grand parents, so kinda hard to code, and watch 3 boys, thus the slow response time.
 
You must log in or register to reply here.
Top Bottom