LinkedIn 如何知道或跟踪我嵌入其小部件的位置? [英] How does LinkedIn know or keep track of where I embedded its widget?
问题描述
当您尝试与 LinkedIn 的 立即申请 按钮集成时,您首先要注册一个 API 密钥.该表单要求您输入 Javascript 域 API,它是 将使用此密钥调用 JavaScript API 的所有页面的完全限定域名. 作为回报,它会生成一个 API 密钥和一些 HTML您可以将代码复制粘贴到您的网页并开始使用.
When you try to integrate with LinkedIn's Apply Now button, you first sign up for an API key. The form asks you to enter the Javascript Domain API, which is the Fully-qualified domain name of all pages that will call the JavaScript API with this key. In return, it produces an API key and some HTML code for you which you can copy n paste to your web page and get started.
这是他们的向导生成的代码:
This is the code their wizard produced:
<script src="http://platform.linkedin.com/in.js" type="text/javascript">
api_key: 7a4ghb12agvda4552da
</script>
<script type="IN/Apply"
data-companyname="Asd"
data-jobtitle="Software Developer"
data-joblocation="Istanbul"
data-email="abc@xyz.com">
</script>
现在,如何跟踪此脚本的嵌入位置?我首先输入 http://example.com 作为我的 Javascript 域 API.原来我只能在example.com域上使用这个小部件.
Now, how does one keep track of where this script is embedded? I first entered http://example.com as the my Javascript Domain API. It turned out that I can only use this widget on the example.com domain.
in.js 里面有什么东西可以告诉 LinkedIn 它的嵌入位置?
What's inside in.js that tells LinkedIn where it is embedded?
我之所以这么问是因为我自己也在构建一个小部件,我想确保只有注册的域才能使用我的小部件.
The reason I'm asking is because I am also building a widget myself, and I want to make sure only the signed-up domains can use my widget.
作为奖励,如果我下载 in.js,删除它进行域检查的部分并将我自己的 in.js 版本包含在我的页面?他们如何防止这种情况发生?
As a bonus, what if I download in.js, remove the part where it does the domain check and include my own version of in.js in my page? How do they prevent that?
一名 LinkedIn 员工提到客户端和服务器端检查都已完成. 但是那是一种什么样的检查呢?我正在寻找对该问题的深入见解.我怎样才能产生这样的小部件?在客户端,您如何检查托管 .js 文件的当前页面?以及如何获取托管 js 文件的域?任何帮助表示赞赏.谢谢.
A LinkedIn employee mentions that both client-side and server-side checks are done. But what kind of a check would that be? I am looking for some deep insight into the issue. How can I produce such a widget? On the client-side, how do you check the current page that hosts your .js file? And how do you get which domain is hosting the js file? Any help appreciated. Thanks.
推荐答案
如果您制作 in.js 的本地副本,LinkedIn Javascript 框架将无法工作 - 后端服务器(即 in. 的调用)进行检查确保 in.js 来自正确的服务器,并检查以确保框架仅适用于指定的域.
The LinkedIn Javascript framework won't work if you make a local copy of in.js - the backend server (which in.'s calls) checks to make sure that the in.js is coming from the correct server as well as checking to make sure that the framework will only work on the specified domain(s).
这个问题在这里被问到/回答过:https://developer.linkedin.com/forum/security-prevent-impersonations
This question was asked/answered here: https://developer.linkedin.com/forum/security-prevent-impersonations
这篇关于LinkedIn 如何知道或跟踪我嵌入其小部件的位置?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
