There are some javaScripts which is essential to load a graph in my web page. But the problem is all of the scripts blocked by my browser.Therefore I need to give permission from my browser to execute those scripts. But I need to resolve that from from my code level.
http://code.highcharts.com/modules/no-data-to-display.js
I download the relevent js files from highcharts and set the source for that js files. But the problem is when I run from My netbeans there will be no issues. But when I try to run it by deploy in a server these scripts will not be run. And I need to give permission from my browser. Are there any solution to resolve the problem from code level?
Because your page is HTTPS, the scripts it loads should be loaded via HTTPS. The one you've listed (http://code.highcharts.com/modules/no-data-to-display.js) is available via HTTPS (https://code.highcharts.com/modules/no-data-to-display.js). If the others aren't, then perhaps copy them locally and serve them through your HTTPS server.
One common technique here (provided you know the resources area available via both HTTP and HTTPS) is to use a protocl-relative URL for the scripts:
<script src="//code.highcharts.com/modules/no-data-to-display.js"></script>
In a page loaded via HTTPS, that will be https://..., but on a page loaded via HTTP, it'll be http://... (and this is standardized behavior, not an undocumented hack).
Related
Here are the links to the page in question:
http version
https version
The https version of the page doesn't render the video embedded on the top of the article. I inspected the source code and found that HTTPs is missing an entire block of code, as you can see in the images below:
I wonder how this happens? Isn't http(s) just the protocol to communicate with the server? Why do I get different code by using different protocols?
From Chrome Developer Toolkit:
The page at 'https://www.eyeviewdigital.com/blog/eyeview-launches-addressable-tv-ads-with-cablevision-dish-programmatic-tv-w-clypd-and-wideorbit/' was loaded over HTTPS, but requested an insecure script 'http://pshared.5min.com/Scripts/PlayerSeed.js?sid=281&width=480&height=401&playList=519141523'. This request has been blocked; the content must be served over HTTPS.
You typically need to load your content in either http or https. Mixing them together results in the error above.
On line 252 replace
http://pshared.5min.com/Scripts/PlayerSeed.js?sid=281&width=480&height=401&playList=519141523
with
https://delivery.vidible.tv/aol?sid=281&width=480&height=401&playList=519141523.js
Long story short the content was never loaded so the page looked different.
You're right that there should be no difference based on http/https as it is just the transport layer. There must be something in the server's code that is producing the html, that behaves differently based on the url used to make the request. I suggest you provide information on the web server code to help analyse the issue.
This is most likely caused because you're loading elements from insecure sources. Google Chrome for example, loading an image over http when your page is loaded over https can result in the image not loading at all. This is all for security purposes, of course. Just go through all of your code and make sure all sources are accessed through secure https so that they load in properly.
I have a locally-stored project whose directory structure is the following (I minimized non-relevant folders):
What I want to do is that in an HTML file, like index.html, to add a <header> such that its contents would be loaded from an external HTML file, so all of what I'll have to write in index.html would be <header>, and my solution would load the content automatically.
To do this, I'd like to use JavaScript (preferably jQuery, but I'll accept other solutions if they work and jQuery doesn't, or if they work and executed faster than jQuery).
I don't think that I should use an <iframe> due to the fact that it'd probably increase loading times more than using jQuery/JavaScript (which, like I said, is what works now, when the website is live).
Right now, I'm using the jQuery .load() function. I don't know much about jQuery, but I've been told that it should work locally - and it doesn't, for me.
My browser's console shows me the problem:
jquery-3.1.1.min.js:4 XMLHttpRequest cannot load file:///C:/Users/GalGr/Desktop/eiomw/header.html. Cross origin requests are only supported for protocol schemes: http, data, chrome, chrome-extension, https, chrome-extension-resource.
And I'm trying to overcome it.
This code works on my live website - it might not be updated to the code of the files that I linked to below, but it doesn't matter - their code matters.
This is the index.html file:
index.html
This is the header.html file:
header.html
This is `main_script.js:
main_script
The reason you're having a problem with this locally is mainly down to security measures in your browser.
Essentially whenever you're using jQuery's load() function it makes a separate HTTP request (approach known as AJAX) for the file or URL you give it.
Modern browsers enforce that the URL you request using AJAX methods is from the same origin (server) as a security feature to stop pages randomly loading content from anywhere on the internet in the background. In your case it seems like this shouldn't affect you because you're browsing your pages locally and the request you're making using load() is also for a local file (header.html).
However, I am assuming you're just opening up the page directly in your browser, so your browser's URL will look something like 'file:///C:/Users...' (similar example in the error message you gave). This means your browser is directly reading the file from disk and interpreting it as HTML to display the page. It seems likely you don't actually have a local HTTP server hosting the page, otherwise the URL would start with 'http://'. It is for this reason that the browser is giving the security error, even though your AJAX request for header.html is technically from the same source as the page it is executed on.
Your server will have an HTTP server which it's using to host the pages, and so everything works fine as you're then using HTTP as normal, and this security feature does not get in your way.
I would suggest that you simply install an HTTP server locally on your dev machine. You don't even need to 'install' one per-se, there are loads of development HTTP servers that just run standalone, so you start them up when you want to browse your local HTML files. As you appear to be on Windows, I'd check out either IIS (Windows' HTTP server) or IIS Express (like IIS but runs standalone). There are also many others available like Apache, Nginx, etc. etc.
If you do this, you can host your pages on something like 'http://localhost/index.html'. Then, any AJAX requests you make for local files will work fine, just like your server.
Hope that makes sense, and I'm not telling you something you already know?
Why not using something more straight foreword like mustache.js ?
I found a solution:
Using phpStorm's built-in localhost, I was able to emulate a server that handles my requests and responses.
What are potential drawbacks of loading an external widget over HTTP when my website is accessible over HTTPS ?
<!-- https://www.example.com -->
<script src="http://www.external-source.com/widget.js"></script>
Are any warnings going to be displayed to the user? Any way to suppress them? Will this script be loaded in all times?
EDIT:
What happens when we load an external JS over HTTPS, but with non-commercial certificate? Will the warnings be shown?
Loading a script with plain (insecure) http inside a secure (https) site completely defeats the security of the site. Therefore most modern browsers will simply refuse to load the script without any warnings and without giving the user a way to enforce the loading.
I have a web application which has root html and this html (say index.html) loads some java script. This application is accessible through https and I want to load one java script which is exposed over http.
https://mydomain/index.html contains this line of code:
<script src="http://unsecure/custom.js" type="text/javascript"/>
When I try to run my application thorugh IDE everything works fine but problem happens when I bundle my application in war file and run it.
It fails to load the included java script by saying:
[blocked] The page at https: //mydomain/ ran insecure content from http: //unsecure/custom.js.
Is there any way to load this unsecure javascript or do I need to publish this unsecure javascript through a secure way and then access it (can change this included java script protocol from http to https)?
All content which is used by a site, which is accessed through HTTPS, must use HTTPS as well, otherwise you get this warning.
The reason for this: If not all content of a HTTPS site is HTTPS, the browser can't tell that the site is "secure" and therefore gives the user a warning.
You could either do below two things:
1) Download it over your local and create war. Then you would be using relative path.
2) Place in some https location.
If its a third party library and you do not have control on the frequent changes that would happen for this library, you could ask them to put it in https. Majority of the times hosted JS would be both http and https too.
There is probably a better title for I'd like to accomplish, but the details should be helpful.
I've recently learned that specifying a script's src path as //some.domain.com rather than http://some.domain.com or https://some.domain.com will cause the browser to request the script using whichever protocol was used to load the page. This works great when the page is loaded from a site, but often I debug on my local system, so the protocol is file, and of course errors occur whenever resources or scripts aren't found.
Other than changing src paths, is there a better way to debug locally? I imagine there is code solution that detects when the page is running locally versus loaded from a domain, but I haven't found examples yet.
Install a product such as wampserver, then you'll have a localhost webserver you can test everything on. This is how I do it, works like a charm.
There are similar products available for ASP or other non-PHP server-side technologies (you didn't specify), if you are just doing HTML + JS then any old server would do.