W10 IE 14(Edge) detectizr navigator.plugins error: permission denied - javascript

My web app is failing when I test it in BrowserStack, it breaks in the detectizr.js file, where navigator.plugins is being accessed. When I look at the navigator object via dev tools, I can see that for plugins there is a message saying permission denied and want to confirm if this is why my web app breaks in IE Edge and no other web browser. Has anyone encountered this issue? I am wondering if perhaps it's only an IE14 Edge setting that needs to be changed.

I've seen this same issue in IE Edge on BrowserStack when accessing navigator.plugins. I am using socket.io-client.js which uses this check to see if Flash is enabled. I don't see this issue on my actual Windows computers, so I believe you are on the right track that it is something specific to BrowserStack.
sorry - i wanted to comment not answer, but i don't have a good enough reputation to comment yet. guess i'm not allowed to be helpful yet :(

Related

Javascript "TypeError: Load Failed" error when calling "fetch" on iOS

I'm logging JS client errors using Sentry and there's a lot of "TypeError: Load failed" errors. It's only occurring on iOS. I can't find anything on Google. Is this a native Javascript error or something else? What does it mean? This is separate from a seemingly related issue with "TypeError: cancelled".
Screenshot from Sentry of the breadcrumbs
From what I understand, the fetch API may deliberately return very limited error details on failure. (Otherwise, a malicious JS program could issue a variety of fetch requests and look at their results to identify which internal servers exist, which servers the user has access to, etc.)
If you have access to a Mac, you can see this for yourself by experimenting with fetch requests from the Safari DevTools console. For example:
The request for google.com fails due to CORS. The request for example.does-not-exist is an invalid name. The DevTools console gives full details, so a developer who's actually at the browser can troubleshoot, but those details aren't available to JS code; the JS code gets the same "TypeError: Load failed" message in each case.
If you're lucky enough to have a way to access the browser console, you can see more details, but otherwise, I'm not aware of anything you can do to track down the problem - it could presumably be virtually any network error.
Had the same problem, problems occured because of certificate and iphone took addres api as dangerous.
Helped me get into address api directly in safari or chrome for instance: https://my-adres-api/api/product and then choosing allow to connect with that address.
Now requests works excellent
In my case, this issue appeared mostly on iOS 15 in Safari. By debugging an iPhone through Mac I found that preload links with imagesrcset are not handled well in Safari (unless de-prioritized), throwing <link rel=preload> has an invalid imagesrcset value, as described in this question.
The reason why it looks like fetch error in Sentry is that preload link actually uses fetch under the hood.
Given it's just the image preload that is failing, and unless it's causing you performance problems, you can safely ignore this particular issue in Sentry until this webkit Bug 231150 - Safari complains about invalid imagesrcset value in where Chrome doesn't gets fixed.

Facebook SDK FB.GetLoginStatus Load denied by X-Frame-Options (Firefox Only)

I have this web application login page that calls FB.GetLoginStatus() from the Facebook JavaScript SDK after the document is done loading. This worked perfectly fine on all browsers (mobile included) and that was the happily ever after.
BUT, one day, out of plain nowhere, I notice that the SDK is failing to get the login status data of the Facebook user when the page is done loading. I take a look in the console and I see something around the lines of
Load denied by X-Frame-Options [massive link generated by the SDK]
does not permit framing.
Here's what bugs me: this works perfectly fine in Safari. I was introduced to the error when I opened the web app on Chrome (same error as quoted above, slightly different wording). I tried on Firefox and got the same thing. I spent a few hours trying to find a cause but failed and went to sleep.
I wake up the next day and miraculously it's now working on Chrome (?) without me having done any changes (?!). But, for some reason, the error persists only in Firefox now.
Does anyone have a clue what this might be? Something that Firefox does differently that Safari and Chrome don't?
A clue here is that I'm using a tunneling service (ngrok) and I don't have a signed certificate for it, thus I get the casual (you're entering an 'unsafe' website, blah blah blah). Perhaps Firefox is blocking the SDK because the connection is not secure?
Any insight on this would be marvelous. Thanks 🙂
OK, after fighting this for a few hours I finally found out what was bothering Firefox: the website site URL field in the app's Facebook Dashboard settings.
The issue wasn't even with ngrok or a missing signed certificate, it was the fact that the website in the settings had the production domain (.app) instead of the ngrok one I'm currently using for development (eu.ngrok.io).
The only reason I managed to pinpoint this back to the dashboard settings is because I have 2 Facebook apps, and the other one was working fine, so I imagined it might be a misconfiguration in the settings that was causing the issue (Facebook has a shitty standard in place for explaining/handling errors — it's like shooting in the dark until you hit something when using their SDK's).
What I don't understand here is why the heck only Firefox seems to have a problem with this setting being misconfigured or why the issue disappeared out of nowhere from one day to the next for Chrome. Anyways, if I managed to help anyone else fix anything similar with this thread than this headache has been worthwhile.
Peace out ✌🏽

Clicking Google reCAPTCHA checkmark does nothing on IE9

Google reCAPTCHA is not working on IE9 (compatibility view is disabled). It loads correctly but the checkmark is not clickable. After some seconds, the checkmark disappears and it shows:
Please upgrade to a supported browser to get a reCAPTCHA challenge.
Alternatively if you think you are getting this page in error, please
check your internet connection and reload.
It also throws the following error:
'MessageChannel' is undefined
It looks like Google reCAPTCHA is no longer supported on IE<10 since the Channel Messaging API is not supported.
Is there any way to make it work on IE9? Has anyone been able or at least tried to port the Channel Messaging API?
Thanks!
Did you installed any windows security updates?
Did you change any group policy like 'Turn off Data URI support'?
If yes, then try to enable this policy or for a testing purpose try to remove that security update may solve the issue.
Also try to make a test with other browsers and check whether you have same issue with those browsers or it works correctly.
It can help us to narrow down the issue.
You can let us know about your testing results. We will try to provide you further suggestions.
Regards
Deepak

Inter frame SOP - Chrome Extension

In a Chrome Extension, I'm trying to get gmail compose body content.
An error jumps out sporadically, and does not prevents it from working.
This is being run as a content script. I believe permissions are not the issue here, because when there is a permission missing, the error is different and the operation is blocked by Chrome, definitely not the case.
Error comes out in this line:
encodeURIComponent($canvas.find('iframe').contents().find('body').text());
where
var $canvas = $('#canvas_frame').contents();
Any information on this error and a possible turnaround?
You can not read cross site content using javascript. XSS Auditor of Google Chorme will never allow this.
Please have a look at http://en.wikipedia.org/wiki/Same_origin_policy
UPDATE 1 -
There is support for cross site communication using window.postMessage() in Chrome 2+. Please have a look at this documentation https://developer.mozilla.org/en-US/docs/DOM/window.postMessage
To give a good answer, we need more information:
where exactly you are running this code, is it in the web page, the extension's content script or the etension's background script?
Also, what does your manifest.json file look like? Which sites have you asked for permission to run on.
I suspect this is a case of a badly-written error message and really it is saying: your extension does not have permission to run on apis.google.com. In that case, simply add permissions for apis.google.com. More details are in the Chrome extensions docs: http://developer.chrome.com/extensions/manifest.html#permissions

Facebook app iframe + JS Facebook.init + IE7 + Flash9 sandbox error

During facebook iframe application integration I ask for publish permissions - I have HTML which loads JS Connect library and asks for permission dialog..
FB_RequireFeatures(["XFBML"], function(){
FB.Facebook.init("_MY_API_KEY", "MY_PATH/xd_receiver.htm");
FB.Connect.showPermissionDialog('publish_stream');
However in IETester with IE7 i get weird errors
SecurityError: Error #2060: Security sandbox violation: ExternalInterface caller http://b.static.ak.fbcdn.net/rsrc.php/zDVWA/hash/bqv7w2jc.swf cannot access ..(MY APP PAGE)
at flash.external::ExternalInterface$/_initJS()
at flash.external::ExternalInterface$/addCallback()
at flashutils::PostMessage()
at XdComm()
As far as i understand xd file is intended for flash proxy that uses this ExternalInterface to communicate with facebook and show dialog. After i click OK, everything seems to work further.
Can anyone clarify what can cause this?
IETester isn't perfect, simply because it cannot fully emulate a proper IE environment. When things get tricky, it starts to give weird errors. And there isn't much trickier than a cross-domain Facebook iframe application.
I would find a real installation of IE7 and check if the problem exists there. If it doesn't, it's probably not worth your time. Microsoft provides a Virtual PC application that is excellent for this kind of thing, as well as many XP and Vista test images containing various versions of IE. They are large downloads, but I highly recommend them over IETester.

Categories