1

I have the following code: 

[Run]
Filename: https://example.com/; Flags: shellexec;

I would like to open this link in a browser while sending an HTTP POST request.

If possible I would like to send the HTTP POST request with JSON contents.

How can this be done in Inno Setup?

Martin Prikryl
  • 188,800
  • 56
  • 490
  • 992
yuval
  • 2,848
  • 4
  • 31
  • 51
  • "post" - do you mean send an email, or issue an HTTP Post request? If the latter, look here.http://stackoverflow.com/questions/4797534/how-do-i-manually-fire-http-post-requests-with-firefox-or-chrome – Roddy Dec 15 '15 at 19:27
  • see the question I linked, then. It requires a browser extension, or another tool like `curl` to be installed. – Roddy Dec 15 '15 at 19:29
  • But I can't download that extension automatically in inno setup, is there a better solution? – yuval Dec 15 '15 at 19:30

2 Answers2

3

I do not think there's any standard way to externally make a browser navigate to an URL with POST method.

You better ask a new question with browser-related tags, asking if this is even possible. Only once you find out method to do this (and I doubt there is such a method), you can ask how to do it in Inno Setup.

Though do you really need the POST method? What for? Just modify your web application to allow GET.

Or is it is an 3rd party application, create your own page that accepts GET and forwards it to the 3rd party as POST.

If you need to hide the posted contents, what about:

  • posting the data from the Inno Setup (HTTP POST request in Inno Setup Script)
  • let the web application save the data somewhere (database, file)
  • have the webpage return a token to the data (e.g. a database key, filename) in the POST response.
  • have Inno Setup open plain URL (GET) with the token (key) in the query string
  • the web app looks up the data using the token (key) and present the results
Community
  • 1
  • 1
Martin Prikryl
  • 188,800
  • 56
  • 490
  • 992
3

I'd just create a local .html file which contains the necessary Javascript to send an HTTP Post, and get inno setup to open that.

See this page re XMLHTTPRequest: https://developer.mozilla.org/en-US/docs/Web/API/XMLHttpRequest

..and this related question: Sending an HTTP Post using Javascript triggered event

Community
  • 1
  • 1
Roddy
  • 66,617
  • 42
  • 165
  • 277
  • But this won't open the browser, right? If I understood the question correct, the point is to open browser. – Martin Prikryl Dec 15 '15 at 19:37
  • @MartinPrikryl Using Inno Setup "shellexec" on an .HTML file will just open it in the default browser. – Roddy Dec 15 '15 at 19:38
  • OK, that's might work. But the code you link to will still not redirect the browser the the `POST` result. It would just POST behind the scenes, won't it? – Martin Prikryl Dec 15 '15 at 19:41
  • One of the reasons I want to use POST, is because i'm sending sensitive information. If I create .html file, won't the user have the potential to open the file and retrieve the sensitive information? – yuval Dec 15 '15 at 19:42
  • You cannot prevent user from seeing what his/hers webbrowser is sending to the Internet. You can only make it harder to be found. – Martin Prikryl Dec 15 '15 at 19:43
  • @Roddy This is probably closer to what's needed: [Auto-Submit Form using JavaScript](http://stackoverflow.com/q/12376173/850848). – Martin Prikryl Dec 15 '15 at 19:43
  • @MartinPrikryl - I think the question isn't clear. I assume he just wants to post some data to a specific URL. There's no concept of navigating to a URL with a "POST" command, surely? – Roddy Dec 15 '15 at 19:45
  • That's why i'm using HTTPS. I Don't believe the sensitive information can be retrieved when using HTTPS POST. – yuval Dec 15 '15 at 19:46
  • 1
    @yuval its the bit between the installer and the browser that's insecure. The unencrypted data is sitting somewhere in your PC's memory. You can only make it 'awkward' for the PC's owner to fnd it. – Roddy Dec 15 '15 at 19:50
  • HTTPS prevents someone sniffing the traffic from getting the contents. But it won't prevent the user on the originating machine to get the contents. There's no way to hide contents from the user of the machine. It's his/hers machine, he owns it, and can access any data stored there. – Martin Prikryl Dec 15 '15 at 19:50
  • But if the POST is send via HTTPS then will he be able to retrieve the genuine information of the encrypted POST? – yuval Dec 15 '15 at 20:00
  • The point is the data has to exist in an unencrypted form first on the machine, before the browser can encrypt it. That's the weakest point. Though even after the browser encrypts the data, the user can still decrypt it, because the encryption key the browser uses is on the user's machine. Once again, any data that exists on user's machine can be accessed by the user (as long as he/she has the admin rights). You cannot hide anything. – Martin Prikryl Dec 15 '15 at 20:15