views:

287

answers:

2

I want to create a Delicious bookmarklet in Firefox that bookmarks the current page with a predefined tag.

For proof of concept, if I enter this url, it works:

https://john:[email protected]/v1/posts/add?url=http://www.google.com&
    description=http://www.google.com&tags=testtag

But this as a bookmarklet doesn't, I get access denied:

javascript:(

    function()
    {
        location.href = 'https://john:[email protected]/v1/posts/add?url=' 
            + encodeURIComponent(window.location.href)
            + '&description=' + encodeURIComponent(document.title)   
            + '&tags=testtag';
    }

)()

Is this possible via a javascript bookmark?

Update: I tried this, but still got the access denied error, so it has something to do with Javascript/Firefox.

javascript:(

    function()
    {
        location.href = 'https://john:[email protected]/v1/posts/add?url='
            + 'http://www.google.com'
            + '&description=' + 'http://www.google.com' + '&tags=testtag';
    }

)()

Update 2: After trying many variations of the above and on different browsers, I still can't get past the access denied message, so offering a bounty.

+1  A: 

Looks like you're missing url=.

Jeffery To
Thanks. I added it and am still getting the same error.
Steve
I tried your example (with the URL encoded) in Firefox 3.6 and it worked. Are you logged into Delicious with another username? Are you using a Yahoo ID to log into Delicious?
Jeffery To
It did? Awesome. I'm using FF 3.6.2 and I completely exited FF and tried a non-Yahoo and Yahoo account. Still won't work. For the Yahoo account, I used zzz:pwd and [email protected]:pwd. Also turned off my firewall and didn't work. Did you get a warning messagebox that read "You are about to log in to the site with ... but the website does not require authentication?
Steve
I tried a non-Yahoo account and it worked (it did show the authentication warning). According to http://delicious.com/help/api Yahoo accounts use a /v2 path and require OAuth.
Jeffery To
Steve
+1  A: 

I suspect this is Firefox trying to protect you from security issues when running Javascript. When I tried typing in your example into my address bar, Firefox prompted me to ask if I am sure I want to log in to api.del.icio.us.

This other question concerning HTTP auth looks similar to your question, maybe it will help you.


Update:

I used Firebug's Net panel and its Javascript console, and I was able to see the request/response headers.

Here is the request from the Javascript console, which FAILED:

GET /v1/posts/add?url=http://www.spoons.com/&description=forks&tags=knives HTTP/1.1
Host: api.del.icio.us
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://stackoverflow.com/questions/2708950/2740195
Authorization: Basic XXXXXXXXXXXXXXXXX
Cache-Control: max-age=0

And, here is the request from the address bar, which WORKED:

GET /v1/posts/add?url=http://www.spoons.com/&description=forks&tags=knives HTTP/1.1
Host: api.del.icio.us
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Authorization: Basic XXXXXXXXXXXXXXXXX
Cache-Control: max-age=0

The only difference seems to be the Referer header, which caused the access denied response. The setting network.http.sendRefererHeader in Firefox's about.config can be set to 0 which turns off the Referer header. When I tried this, then the Javascript console method started working.

There is a Firefox extension called refspoof which is useful for sending your own custom Referer headers, maybe that can help here.

Kevin Panko
Thanks for the link. I've tried tracing via Firebug, but really couldn't get anywhere with that as https limits what you can see. When I put the input the url directly, I get the prompt, click OK and it works. When you put it in a bookmarklet, it acts differently.
Steve
That sounds promising. I'll give it a try tonight. If it works in the console, it should work for a bookmarklet.
Steve
Thanks! It worked. Not sure if I want to install refspoof, as I don't mind disabling the referrer setting via about:config for now. Maybe I can make an extension that sets it to 0, runs a script and sets it back to 2. Offhand, other than sites not getting credit for being a referrer, what are the consequences for keeping referrer to 0 permanently? I also wonder why Delicious/Yahoo did it this way?
Steve
Nevermind, reading up on the referrer option - lots of consequences disabling it.
Steve
It is probably a security feature -- if I embed some script on my page that calls their API, I might be able to trick people into bookmarking my page. The referer header may indicate this sort of trickery, so they reject it.
Kevin Panko
Yes, that's what someone in Delicious's api forum said to me. Anyways, I would guess the api is subject to change and this might not work pending future changes, but I doubt the Yahoo folks are reading this. Anyways, my motives are not pernicious, but to save myself time.
Steve