Tag Archives: Javascript

Simple PHP proxy for cross origin HEAD requests

Have some Javascript that runs through all the URLs on a site of mine to prep caching and check for dead links and other problems. Problem is that the site also includes embedded video files hosted by someone else. These fails of course because of cross origin restrictions and since I’m not in control of their servers I needed a workaround.

I wrote this small PHP script to work as a proxy and as far as I can see it works pretty great. Short and easy to follow as well, so that’s always fun :)

So basically the script just pipes through whatever headers it gets to the the target URL an pipes back whatever headers it gets in the response. Seems to work, but let me know of weaknesses and easy improvements if you see any :)

<?php

$request_headers = getallheaders();
unset($request_headers['Cookie']);
unset($request_headers['Host']);

foreach($request_headers as $key => &$value)
    $value = $key.': '.$value;

$url = $_SERVER['QUERY_STRING'];
$limit = 20;

$curl = curl_init();
do
{
    curl_setopt_array($curl, array
    (
        CURLOPT_URL => $url,
        CURLOPT_HTTPHEADER => $request_headers,
       
        CURLOPT_RETURNTRANSFER => TRUE,
        CURLOPT_HEADER => TRUE,
        CURLOPT_NOBODY => TRUE,

        CURLOPT_FOLLOWLOCATION => TRUE,
        CURLOPT_MAXREDIRS => $limit--,
    ));

    ob_start();
    $headers = trim(curl_exec($curl));
    $url = curl_getinfo($curl, CURLINFO_REDIRECT_URL);
    ob_end_clean();
}
while($url and $limit > 0);

curl_close($curl);

$headers = trim(substr($headers, strrpos($headers, "\r\n\r\n")));
header_remove();
foreach(explode("\r\n", $headers) as $h)
    header($h);

Notes

  • The Cookie and Host headers sent from the browser are removed so they don’t mess up the request.
  • CURL wasn’t acting properly where I deployed this. It didn’t follow redirects, and curl_exec output content to the browser even with return transfer set to true. So it has a manual workaround for following the redirects and uses output buffering to make sure nothing goes to the browser before we want to.

JavaScript: Delayed keypress event (sort of)

Wanted to do an AJAX call whenever the content of a field was changed. This can be done simply with the onchange event, but the problem is that you have to tab out of the field to make it fire. You can also do it with the keypress event, but then you’ll get one AJAX call for each and every keypress, which is just silly.

Found a nice and easy solution, and here it is slightly simplified.

Continue reading JavaScript: Delayed keypress event (sort of)

Measure upload time and speed with PHP and Javascript

Stumbled upon a question on StackOverflow the other day which got me curious. The question was about how to measure how long it takes to upload a file to a PHP script. This is what had been tried out:

$upload_time = time() - $_SERVER['REQUEST_TIME'];

This pretty much always returns zero, even though the uploading actually took many seconds, because the request start time is after the server has received the post data. That we actually just get how long the script took to run, which of course is pretty close to zero seconds. So, what can we do?

  1. Right before data is posted, nudge the server with an AJAX call which stores the current timestamp in a session variable
  2. Post the data
  3. Compare current timestamp with the one stored in step 1

Wasn’t sure how it would work, but seems to work pretty well. There will of course be a very tiny difference since the AJAX request will be a bit part of the time, but compared to the upload time it shouldn’t matter much. Anyways, here’s how you could do it :)

Continue reading Measure upload time and speed with PHP and Javascript

PHP: What’s a valid JavaScript identifier (or function name)?

After another reply to a question I’ve had on StackOverflow for a while, I decided that I perhaps should add another level of security to my method of providing JSONP from PHP. The way I did it before, I didn’t do any checking on the provided callback. This means that someone could technically put whatever they wanted in there, including malicious code. So, therefore it might be a good idea to check if the callback, which should be a function name, actually is a valid function name. But,

Continue reading PHP: What’s a valid JavaScript identifier (or function name)?