403 (forbidden) on end user's console - javascript

I have an application that seems to be working across the internet. But I fielded a call from an end-user who is having difficulty using the website
I asked her to send a screenshot of the console error and recieved this:
From searching stackoverflow it looks like its a permissions issue, but the site works for everyone else. Is this on her end or mine?
UPDATE I should've mentioned that is user works from a school. Perhaps her IT admin has blocked some internet resources?

Have end-user tried different browser? i would say it's some plugin stopping to load that script. If your app is working everywhere then it can't be your app. Ask end-use to try another browser and for check if end-user has any plugin witch can also cause this.

The problem may also come from lealfet or google map.
We can se that the page is currently loaded, css ans content seems fine, only the map part seems to be broken. So i don't think there is a problem with your server/website, I would put the fault on the others.
Note : we see that leaflet only is concerned when looking carefully at the screenshot.
Edit : in some cases, you can make a local copy of these external file, check whether the user need them or not, then load them as rescue.
Update : Either the school did block leaflet, or leaflet did automatically block the school as their bandwich use can excess what they allows by user, or due to abuse of any kind.

Related

DOM and JavaScript Engine used in Office365 Thick Clients

The product I work on offers SSO into Office365, through both the web and native, "thick" clients aka rich clients. Part of SSO-ing into an Office365 app, such as Excel for example, involves displaying my product's login page inside of the login popup window inside the thick client. The problem is, only on Windows, I get many JavaScript errors when trying to execute the JavaScript included in our login page (it happens to be using AngularJS, but I suspect many frameworks/libraries would be incompatible). It appears that console is not supported, along with document.body, and many other "essentials".
Does anyone have any knowledge of the DOM and script engines that are used here? The first page shown in the SSO flow is Microsoft's login page where you enter your email address, which then redirects to my product's login page (mapped by domain on the email address), and their page seems to render fine, so clearly it's possible to get HTML and JS to work nice (enough). I'd also take a recommendation on any kind of shim/polyfill that would help me get moving, as well.
After doing some more digging, it looks like I was able to solve my problem by specifying an HTTP Response header of name X-UA-Compatible with value IE=edge, which tells IE to render using the latest document standards. It looked like the web view was originally trying to render using IE7 compatibility mode, which explains why none of my JS was working as intended.
See https://stackoverflow.com/a/6771584/3822733 for more information on X-UA-Compatible, this is the question/answer that helped me solve this problem.

X-Frame ORIGINS in IFRAME

A while ago I created an application whereby clients connect to a server using WebRTC protocols.
The clients screen is made up of two halves. One half is linked to the server and receieves things like messages, and has the web page which has the WebRTC javascript in it. The other is an IFRAME. When the client connects to the server, the server sends the client a web address which is loaded in the IFRAME.
I know that some web pages cannot be loaded in an iframe, examples typically having password screens. Google forms does not appear to have this restriction, which is great.
So now imagine I launch a server and ask 20 people to connect to it. All 20 students connect to the server properly, I know because it comes up with all their details on my computer. Typically, from my testing, 15/20 will be fine. The other 5 will get a white screen. When I investigate in the console it is an XFRAMES ORIGIN problem, its saying the webpage being loaded will not allow itself to be loaded in an iframe. However everybody else (who are using the same browser [chrome], and some the same browser version) are fine.
Now I have one solution which works for some students, there is a setting in chrome which is called:
block third party cookies and site data
If this is enabled it doesn't work, if its not enabled it does work.
Now I have 4 students left who still just see a white screen whom I have no solution for. Chrome and Firefox both support the software but both produce the same issue.
The building setup is that students connect to the internet through a server. They must connect via this server as my nameserver is not local and indeed my website is not local either.
I dont think it is a coding issue as it only happens on a few select computers and everything else works just hunky dory. Thus I think it might be an issue with something else: firewall, security settings, config button etc. If anybody has any suggestions for what i can do to remedy this then I would be very grateful for your help.
I have tried to supply all info I believe to be relevant (hense the length) but anything I have missed please ask.
Thank you.
Alex
If the main site's URL is different than the iframe's URL, you'll get an xframes origin problem. This includes the protocol (http vs. https) and full domain (example.com vs www.example.com). In other words, if a user goes to example.com and the iframe uses www.example.com it could cause an xframes origin error. Or if they go to http://www.example.com and the iframe uses https://www.example.com you might get this error.
OK so for people who encounter this issue in the future I am going to create an update this post here. Basically it is for people who want an answer to the issue of iframes just displaying a whitepage.
With these three solutions I have eliminated all my issues, but as I come up with new ones I will post them here. Hopefully its useful to somebody :)
SOLUTION 1
If your iframe is aiming somewhere that requires the user to log in, it is unlikely to work. Password pages are rarely cross origin for obvious and good reasons. The solution is to ensure before they use your iframe page they log in fully to what they are doing, or provide an error message that gives them this information if it happens. See this post for details: Catch error if iframe src fails to load . Error :-"Refused to display 'http://www.google.co.in/' in a frame.."
Where I am we had dual login, so they sign into google and then into the organisation. Both these login areas will cause your page load to fail.
SOLUTION 2 (Chrome ONLY)
Some services react badly to QUIC mode, and some of my users have had issues due to this.
To fix:
1. chrome://flags
2. change QUIC mode to 'Disabled'
SOLUTION 3
If you are working via a proxy server that requires cookies, users may have issues if they have the 'Block third-party cookies and site data' button enabled. Disabling this had a positive effect on how well the iframes were working.
In chrome:
Settings
Search for cookies
Click 'content settings'

My website is loading an external JS that I don't know. What can I do?

My website is loading JS to links similar to this one:
https://api.mixpanel.com/engage?data=eyIkdG9rZW4iOiI2NTQwMDNjNmRkZDAzZTg4NzY0MTM4ZTYwMDQ1M2E2NyIsIiRkaXN0aW5jdF9pZCI6InBpZmdzaXVhcmhsbHFjOXRncGw1OTlqdXJmIiwiJHNCI6eyJ0eXBlIjoiZnJlZSIsImlzTW96YmFyT24iOmZhbHNlLCJpc0RvY2tlZE9uQm90dG9tIjpmYWxzZSwiYnJvd3NlciI6ImNocm9tZSIsIm9zIjoid2luZG93cyIsInBhZ2VPbmJvYXJkaW5nU3RlcCI6InBhZ2UtaG90c3BvdHMiLCJzZXJwT25ib2FyZGluZ1N0ZXAiOiJzZXJwLWhvdHNwb3RzIn19&ip=0&verbose=0
I cannot find where it is linked from. I saw the site mixpanel.com and looks like they offer a web analytics service or something similar, but I have not any with them. Have I being hacked? What can I do to find witch file is doing the request?
I am almost sure the request is not being made directly for my website; maybe is made by some plugin? How can I be sure? Should I remove it? How?
Mixpanel is a tracking and analytics provider. If your website is hosted on your very own server, controlled by only you, then things to try are:
1) Disable all your browser's extensions. Turn them all off, confirm that it's either still happening of has been resolved. If it's no longer happening, turn them on one by one.
2) Different internet connection. Some poor WiFi hotspots may inject tracking code.
3) Try a different browser like Firefox, Chrome, Safari....
If your website is hosted by someone like Wix, SquareSpace, Weebly, etc then this tracking is very likely injected at their level and you will probably not be able to turn this off, but you should be able to get access to the insights in your control panel.

How to debug when javascript doesn't load

I have 2 sites using the same theme. (http://www.kentishtowner.co.uk and http://here-is.com/kentishtowner-old/ )
They are WP multisite subsites, both using the exact same child theme (same template files exactly).
However, the former website is not loading javascript, causing the masonry layout and mobile menu to not work!
I assume this is something to do with when I mapped the domains, or changed the URL from something like here-is.com/kentishtowner-new to here-is.com/kentishtowner, before domain mapping...
As I am not a JS person, can someone give me some insight as to how I can go about debugging this?
I haven't slept a wink last night and it's now 11am - am getting an hour's shuteye, and would hugely appreciate any responses!
Thanks!
In Chrome's console you'll see
Resource interpreted as Script but transferred with MIME type
text/html:
"http://here-is.com/?dm=c078877dcf0e3101dc20cc337a8e4214&action=load&blogid=13&siteid=1&t=1522670393&back=http%3A%2F%2Fkentishtowner.co.uk%2F".
In fact, further digging shows that here-is.com is returning an empty response to that request.
The page is actually referring absolutely to a number of resources on here-is.com and that works fine when you access it via that domain, but has issues when you access via www.kentishtowner.co.uk. I don't know enough about your setup to say for sure how to resolve it but you probably need to configure the base URL of the project to tell it where it's being deployed, or if you can tell it to use relative links that would work too.
(In Chrome's developer tools you can hit ctrl+shift+F and type here-is.com to see the references)
Browsers have consoles where javascript errors are thrown. They will tell you what error was thrown, and where it was thrown from. Once you know that, you can google around to see if there is anything obvious to fix.
My guess, though, is that somewhere the site that isn't working is trying to use a script that was hosted on the working site. If that's the case, you just need to update the script paths.
--edit--
Fortunately for me (from what I hear), I have never used Wordpress. Unfortunately for you, I don't know how to tell you where the .js files would be located, or how they are organized at all.
I usually debug in Chrome, so this is how you can check to see if your page is able / unable to get an external script.
When you are focused on the page you're having a problem on, hit F12 to open up the dev tools in Chrome.
Click on the Network tab, and then hit F5 to refresh the page.
Click on the Type table header, and look for files that say text/javascript. Those will be the external script files your site is requesting.
Look at the Status column for each of those rows. If it doesn't say 200 OK., then your page isn't able to access the corresponding script.
From there, you would need to find where those scripts are supposed to be located. Once you know that, just find the scripts from the other site, and copy them into the correct location of the broken site.
Good luck!

What does "Failed to get composer template data" mean in Facebook lint?

I've created a trivial prototype app on Facebook. When my test script (JavaScript on Ubuntu command line, powered by Node.js) tries to access the app, it produces this error message:
{ error:
{ message: 'Invalid OAuth access token.',
type: 'OAuthException',
code: 190
}
}
So I'm trying to debug using Facebook's lint debugger. However when I paste the app's access token into lint, it responds with:
Failed to get composer template data.
I have no idea what this means, and a lengthy stumble through Google reveals page after page of people who are similarly clueless.
Has anyone seen this error, and fixed it?
Details about the app:
It's configured to ask for read_insights and manage_pages alongside standard permissions. No other permissions are requested.
Settings, Basic: I've had to put a nonexistent URL in the secure canvas URL, since I don't have any SSL hosting anywhere. The non-SSL canvas URL is complete and points to an existing page.
"App Info" is all filled in (apart from Tagline which is optional).
I haven't submitted the app for approval for public use, and there are no "items for approval". I'm going to be the only person who ever uses it, this isn't necessary for this app.
Switching from "live" to "sandbox" and back again doesn't make any difference.
There are no warnings anywhere on the app developer page.
A client I worked for was experiencing a similar issue - when sharing certain URLs on Facebook, the Facebook Sharer wasn't picking up any of the thumbnails. Frustrated with that, the client was trying to clear the Sharer's cache using the debugger at https://developers.facebook.com/tools/debug/, hoping that this way Facebook will re-cache the page and display the corresponding images.
However, in doing so, the client was seeing the ambiguous "Failed to get composer template data." error, and resorted to me for a solution.
I did my research, and it turned out that Facebook had decided to block the domain of the CDN that my client was using to serve images from. Since the pages were loading all images from that CDN, none of the images were getting picked up and the debugger was returning that "Failed to get composer template data." error.
The moment we started serving the images from a new CDN, Facebook started picking them up correctly, and the error disappeared.
Hope that helps you!
P.S. Please note however, this is not a permanent solution if you are violating Facebook's terms in some way. Yes - Facebook's spam prevention algorithms do return false positives sometimes, but most of the time they have a pretty good reason to block your content.
P.P.S. Worth noting, in the case I'm describing, when we passed the CDN URL to the debugger, it returned "This link is blocked, or you have triggered an excessive amount of scrapes. If you think you're seeing this by mistake, please let us know."
I had same error, "Failed to get composer template data.".
I believe my path to Images was blacklisted by Facebook. Workaround was to create virtual path that points to Images folder. Then I could reference /Images with /OGImages virtual directory. Then I no longer received the error.
Had kind of the same problem, I figured out I needed to use HTTPS instead of HTTP for the image link, and everything went fine then.
Hope it may help !
I had just the same problem and it appeared suddenly after several months without any site changes except content. First I thought the Facebook spam filter had blocked our site, as suggested by a Ycombinator comment thread but then I found the real problem.
In fact it was the official Facebook Wordpress plugin that was acting up. Disabling it meant that the Facebook debugger could once again fetch our data and sharing started to work immediately.
In my case is was a "Facebook Share Buttons" plugin for Wordpress. I've deactivated the plugin and resolved the issue.

Categories