0

I want to detect direct access to my page using javascript because I want to remove a <div> ... </div> if someone directly accessed my page I searched and I found this: how can I check if page accessed directly on stackoverflow and I found a website doing the same thing I want is detecting if it is a direct access to the page or not but I don't know how they do it

RoOx
  • 3
  • 1
  • 1
    What is your definition of "direct access"? In what way _should_ that page be accessed? Also I assume by JavaScript you mean JS that is ran by the browser? So not a server-side JS like NodeJS? If so, are you aware that, since it is executed in the browser of the user, people _still_ can access this div? – Ivar Jul 05 '21 at 00:05
  • I mean by direct access someone copy and paste the url in search bar then wants to access that particular page without conformation – RoOx Jul 05 '21 at 00:54
  • yes i mean vanilla js or jQuery – RoOx Jul 05 '21 at 00:56
  • So, you want to know if people came to your page by typing in the URL or using a bookmark, versus being sent to it by a search engine? Is that right? – Tom Jul 05 '21 at 01:12
  • yes something like you need to click a button from page1.html to get to page2.html to make sure that they click that button not from entering the url directly to browser – RoOx Jul 05 '21 at 01:47

1 Answers1

0

If you mean if it's a user, check for the X-Requested-By header in the document's request.

If you mean if it's a direct URL typed in, check for the Referrer header.

0xLogN
  • 3,289
  • 1
  • 14
  • 35
  • okay I'll try it thanks for your time sir – RoOx Jul 05 '21 at 00:13
  • Not my downvote, but request headers can be spoofed so this doesn't guarantee the source. – RobG Jul 05 '21 at 00:29
  • @robg nothing can guarantee the source, except maybe a mutual asymmetric authentication scheme with message signing. – Richard Barker Jul 05 '21 at 00:34
  • 2
    if you're using this in a way where spoofing headers is bad, this is a bad idea. – 0xLogN Jul 05 '21 at 00:34
  • @RichardBarker—there is nothing in my comment to suggest the source can be guaranteed. Perhaps you meant to reply to the poster? The OP may as well just check the referrer, which *should* be blank if the user typed the URL, used a bookmark or otherwise didn't follow a link in the page (e.g. copy/paste the URL). Of course there is no guarantee, so it's just a hint. – RobG Jul 05 '21 at 00:42
  • Hi, The referrer header is what I was looking for thank another time – RoOx Jul 05 '21 at 00:49
  • Hi, I don't want to spoof any headers I just want to make sure that the users of my website coming from a confirmation page to the page I want to use this in – RoOx Jul 05 '21 at 00:52
  • 1
    @RoOx: I was telling them how if you are using this for security, you should use an auth cookie. – 0xLogN Jul 05 '21 at 00:52