LinkedIn是如何知道或跟踪在那里我的嵌入式widget的? [英] How does LinkedIn know or keep track of where I embedded its widget?
问题描述
当您尝试使用LinkedIn的集成立即申请按钮,您先注册一个API密钥。该表格要求您输入的JavaScript域API,这是将调用与此密钥JavaScript API的所有页面的完全限定域名。作为回报,它产生API密钥和一些HTML code你,你可以复制粘贴ň到您的网页,并开始。
When you try to integrate with LinkedIn's Apply Now button, you first sign up for an API key. The form asks you to enter the Javascript Domain API, which is the Fully-qualified domain name of all pages that will call the JavaScript API with this key. In return, it produces an API key and some HTML code for you which you can copy n paste to your web page and get started.
这是code的向导生成:
This is the code their wizard produced:
<script src="http://platform.linkedin.com/in.js" type="text/javascript">
api_key: 7a4ghb12agvda4552da
</script>
<script type="IN/Apply"
data-companyname="Asd"
data-jobtitle="Software Developer"
data-joblocation="Istanbul"
data-email="abc@xyz.com">
</script>
现在,一个人如何保持跟踪,其中该脚本被嵌入的?我刚进 http://example.com 作为我的JavaScript API的域。原来,我只能用这个小工具上example.com域。
Now, how does one keep track of where this script is embedded? I first entered http://example.com as the my Javascript Domain API. It turned out that I can only use this widget on the example.com domain.
在什么是in.js ,告诉LinkedIn它嵌入?
What's inside in.js that tells LinkedIn where it is embedded?
我问的原因是因为我还建设一个widget自己,我希望确保只签约了域可以用我的小部件。
The reason I'm asking is because I am also building a widget myself, and I want to make sure only the signed-up domains can use my widget.
编辑:作为奖励,如果我下载 in.js ,删除它确实域检查的一部分,包括我自己版本我的网页in.js的?他们如何prevent呢?
As a bonus, what if I download in.js, remove the part where it does the domain check and include my own version of in.js in my page? How do they prevent that?
一个LinkedIn的员工提到了客户端和服务器端的检查是完成。但是那会是一个什么样的检查?我找了一些深层次的洞察问题。我怎么能产生这样的小工具?在客户端,你怎么检查承载您的js文件的当前页面?你如何获得哪个域承载js文件?
任何帮助AP preciated。谢谢你。
A LinkedIn employee mentions that both client-side and server-side checks are done. But what kind of a check would that be? I am looking for some deep insight into the issue. How can I produce such a widget? On the client-side, how do you check the current page that hosts your .js file? And how do you get which domain is hosting the js file? Any help appreciated. Thanks.
推荐答案
如果您in.js的本地副本LinkedIn的JavaScript框架将无法正常工作 - 后端服务器(在的电话。)进行检查,以确保in.js从正确的服务器即将到来,以及检查,以确保该框架将仅在指定的域上工作。
The LinkedIn Javascript framework won't work if you make a local copy of in.js - the backend server (which in.'s calls) checks to make sure that the in.js is coming from the correct server as well as checking to make sure that the framework will only work on the specified domain(s).
这个问题被问/回答在这里:
https://developer.linkedin.com/forum/security-$p$pvent -impersonations
This question was asked/answered here: https://developer.linkedin.com/forum/security-prevent-impersonations
这篇关于LinkedIn是如何知道或跟踪在那里我的嵌入式widget的?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
