Skip to content

Latest commit

 

History

History
56 lines (35 loc) · 2.63 KB

README.md

File metadata and controls

56 lines (35 loc) · 2.63 KB

post4a.js

JavaScript for sending a POST request with an HTML anchor tag.

Summary

post4a.js is a JavaScript library that would help to prevent websites from exposing a user's identity embedded in Referer to other sites, by avoiding selected query-strings from being used for the page URL.

The regular HTML anchor tags (<A>) let browsers issue GET requests when the user clicks on the anchors, so that the browser can simply, directly open the requested page with the URL specified in the anchor's href attribute. When the browsers send the HTTP request, they by default automatically attach the Referer value to the request for the purpose of letting the destination website know about the page from which the browser is arriving. If the URL contains user's sensitive information, the destination website can extract them from the URL.

Since POST requests embed query-strings into the request body instead of the URL, they are safer than GET requests in terms of Referer information theft, because the request body is not automatically embedded to other requests. However, the browsers only send GET requests for anchor tags, currently. post4a.js provides a simple solution currently available on the today's browsers. It automatically converts the specified anchor tags into form tags to send POST requests with some pieces of parameters you want to hide from Referer.

Author

(c) Yuji Kosuga 2010
http://blog.yujikosuga.com
[email protected]

License

post4a.js is freely distributable under the MIT license.

Usage

The anchor tag becomes like this.

<a href="{url}" class="post4a" data-postdata="{json format data}">link</a>  

How to Use

*Note: Basically, please use POST requests only for executable scripts (such as PHP, CGI, JSP, ASP, etc.), because static contents (such as HTML or IMG) might refuse your POST requests saying HTTP Error 405 Method not allowed. If you still want to use POST methods to that content, please refer to this article.

Import post4a.js: Add the following line before the closing </head> tag.

<script src="post4a.js"></script>  

Declare the use of post4a.js: Add post4a to the class of an anchor tag.

Declare POST data: Create a data-postdata attribute to the anchor tag and add the data to be POSTed in JSON format into the data-postdata value.

Demo

post4a.js demonstration page is here.