I have installed a new payment method extension on my website, it is
working well but on the success page, there is a js file that must be
loaded to redirect to the payment gateway.
I checked the browser console and there is a CSP issue as the js file
is blocked due to CSP, and I whitelisted the js file in
csp_whitelist.xml, but still the issue exists.
I loaded the js file :
<script type="text/javascript" src="<?= $block->getJsLibUrl() ?>"></script>
And this function the loading will be removed and fire checkout
function:
<script>
setTimeout(function(){
document.getElementById('loading').remove();
Checkout();
}, 4000);
Related
Update: I am encountering this issue only with the chrome browser for some reason.
I have in my html head tag a java script that I load using the following statement:
<script type="text/javascript" src="script.js"></script>
I am also loading the ReCaptcha java script using the following:
<script type="text/javascript" src="https://www.google.com/recaptcha/api.js"></script>
In the body of my html code, I am calling the following ReCaptcha Code:
<div class="g-recaptcha" data-callback="recaptchaCallback" data-sitekey="Key"></div>
If I execute the code locally (i.e. on my development computer), everything works fine. Meanwhile, if I publish my Site to a Server, the data-callback function, which is in my script.js file loaded as explained above, does't get called.
Why is this happening?
I use primefaces 6.0 and Spark-layout in my project.
It works on localhost very well.
But when I upload it to the server (jboss or tomcat does not differ), sometimes the page cannot load.
It happens randomly. The page stucks while loading.
When I look the server logs :
It waits too much to log this line:
"GET /XXX/javax.faces.resource/images/preloader.gif.xhtml?ln=spark-layout HTTP/1.1" 200 17824
Also I have seen this in log :
"WARNING [http-nio-80-exec-27] com.sun.faces.application.resource.ResourceHandlerImpl.logMissingResource JSF1064: Unable to find or serve resource, components.js, from library, primefaces."
I have continued to investigate, and seen that, when the problem occurs, the page waits to load .js files from primefaces library.
Page stucks at this line in the head :
script type="text/javascript" src="/XXX/javax.faces.resource/jquery/jquery.js.xhtml?ln=primefaces&v=6.0">
Other .js files cannot be loaded:
script type="text/javascript"
src="/XXX/javax.faces.resource/jquery/jquery-plugins.js.xhtml?ln=primefaces&v=6.0">
script type="text/javascript"
src="/XXX/javax.faces.resource/core.js.xhtml?ln=primefaces&v=6.0">
As a result, what can I do to get rid of this problem :)
Thanks...
I have written some javascript functions and saved the file as dashboardjs.jsp. The reason why the file is made as jsp is that i wanted to use struts2 tag inside the scripts. Now i call this script in a script tag as follows:
<script type="text/javascript" src="/dashboardjs.jsp"></script>
After loading this script i am just trying to call a function in the above script on load
<script type = "text/javascript">
$(function(){
getTrend(id,true,false); //this function is defined in dashboardjs.jsp
});
</script>
The above works completely fine in FF,Chrome but in IE it throws error saying getTrend is undefined. In IE developer tool (network tab) it shows that the call to the script dashboardjs.jsp is made multiple times. My question is why IE is behaving in this way? Is there any solution for this problem? Please suggest.
I keep getting the following error on the debug console on chrome
[blocked] The page at https://myURL/canvas ran insecure content from http://ajax.googleapis.com/ajax/libs/jqueryui/1.7.1/themes/base/jquery-ui.css.
[blocked] The page at https://URL/canvas ran insecure content from http://connect.facebook.net/en_US/all.js.
[blocked] The page at https://URL/canvas ran insecure content from http://ajax.googleapis.com/ajax/libs/jqueryui/1.8/jquery-ui.min.js.
these are the js scripts attached to the head
THis is a facebook app that makes GET request to my own server , This was working and Just stopped working without any change in my code ! I am not sure if Facebook is blocking my requests.
These errors happen when loading scripts and other external resources (such as images) on other domains via HTTP when the main page (which is your Facebook app, in your case) is loaded via HTTPS.
Look in the code of your app, use protocol relative URLs when calling external scripts. For example, instead of this:
<script src="http://connect.facebook.net/en_US/all.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.8/jquery-ui.min.js"></script>
<link rel="stylesheet" type="text/css" href="http://ajax.googleapis.com/ajax/libs/jqueryui/1.7.1/themes/base/jquery-ui.css">
Do this:
<script src="//connect.facebook.net/en_US/all.js"></script>
<script src="//ajax.googleapis.com/ajax/libs/jqueryui/1.8/jquery-ui.min.js"></script>
<link rel="stylesheet" type="text/css" href="//ajax.googleapis.com/ajax/libs/jqueryui/1.7.1/themes/base/jquery-ui.css">
Edit: Note that if protocol relative URLs are used on stylesheets, IE7 and IE8 will download it twice:
http://paulirish.com/2010/the-protocol-relative-url/
Because it cannot access the contentWindow property on cross-domain iframe but in pure Firefox it will work. Here are bunch of codes isolating this problem:
create 3 files on local server:
test.html
<SCRIPT language="JavaScript" SRC="http://localhost/postmsg.js"></SCRIPT>
<iframe src="http://127.0.0.1/iframe.htm" id="iframe"></iframe>
<div>Click anywhere on this page to see message from embedded iframe,
which do not need to be on the same domain</div>
iframe.html
<SCRIPT language="JavaScript" SRC="http://127.0.0.1/postmsg.js"></SCRIPT>
<div id="message"></div>
postmsg.js
// ==UserScript==
// #include *
// ==/UserScript==
alert('script loaded')
window.addEventListener('click',
function() {
frame = document.getElementsByTagName("iframe")[0]
cwindow = frame.contentWindow //here comes the error anything after this line won't execute in greasemonkey
alert("this won't show in greasemonkey");
cwindow.postMessage("hello, iframe!","*")
},
true);
window.addEventListener("message", function(e){
alert("message from iframe: main window was clicked! " +e.data);
document.getElementById('message').textContent += "message from iframe: main window was clicked!\n"
}, true);
this js file can work as standard included file html, then first comments are ignored, but after renaming extension to user.js can be installed in greasemonkey, and then stops working after line when contentWindow is called
notice that even if main and framed html are on the same server for js interpreter these files are on different domains because js interpreter doesn't know that localhost and 127.0.0.1 are identical
I've put "#include *" so you can check it on different websites, and it looks like this error only exists on cross domain iframes. If you go to translate.google.com, which has several iframes, but all ont the same domain, this script works as expected
Question is, what the hell cross domain security checking is doing on greasemonkey ? This contradicts this tool usage. A malicious website cannot install script, user must agree to that. I was stuck for long time on this because firebug wasn't indicating that the properties it is showing on cross domain iframe are actually not available on by the browser's js engine.