I am in a situation where I am maintaining a page of opening hours that sometimes change. The page is used on several different platforms:
An external CMS system on http Danish and English
A Sharepoint intranet on https in Danish and English
In order to not have to change 4 different pages each time the opening hours change, I am loading the opening hours from a single javascript file which I have located on another server.
The script is here: https://blanketter.science.ku.dk/studenterservice/studenterservice-content.js
I am loading the page using the below code below:
<html>
<head>
<title></title>
<meta content="text/html; charset=iso-8859-1" http-equiv="Content-Type" />
<link rel="stylesheet" type="text/css" href="https://blanketter.science.ku.dk/studenterservice/studenterservice.css">
<script type="text/javascript" src="https://blanketter.science.ku.dk/studenterservice/studenterservice-content.js"></script>
</head>
<body>
<div id="dynamic-intro">Error message if JavaScript disabled or Firefox used.</div>
<div id="dynamic-specialOpeningHours">Error message if JavaScript disabled or Firefox used.</div>
<div id="dynamic-contact">Error message if JavaScript disabled or Firefox used.</div>
<div id="dynamic-closedWeeks">Error message if JavaScript disabled or Firefox used.</div>
<div id="dynamic-directions">Error message if JavaScript disabled or Firefox used.</div>
<script language="JavaScript" type="text/javascript">
document.getElementById('content').className = "subpage wide";
</script>
<script type="text/javascript">
writePageByLanguage('danish');
</script>
</body>
</html>
You can see an example of this at http://www.science.ku.dk/uddannelser/studenterservice/vejledning_kopi/.
The site works as it should in Chrome and Internet Explorer/Edge, but Firefox fails to load the .js file and displays the eror message instead.
I have tried to place the .js file on a http:// server instead (different hosting provider). In this case Firefox is able to display the content.
Any help in clearing up how I could possible fix this while still having the .js file on my https server would be much appreciated.
From the Firefox Network tab:
blanketter.science.ku.dk uses an invalid security certificate.
The certificate is not trusted because the issuer certificate is
unknown. The server might not be sending the appropriate intermediate
certificates. An additional root certificate may need to be imported.
(Error code: sec_error_unknown_issuer)
You either need to get everyone visiting the site to manually trust the certificate, or get a new certificate that is signed by an authority that Firefox trusts, or fix the configuration of the server to provide the intermediate certificates.
Related
I'm building an app that will have an interactive PDF form on a server (in HTML, CSS, JS). I have been trying to use the Grapecity PDF viewer, but to no avail. I've followed the documentation to a T, using these resources: one, two, three.
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no, shrink-to-fit=no">
<meta name="theme-color" content="#000000">
<title>GC Viewer Demo | PDF Plugin</title>
<link rel="stylesheet" href="https://cdn.materialdesignicons.com/2.8.94/css/materialdesignicons.min.css">
<script>
function loadPdfViewer(selector) {
var viewer = new GcPdfViewer(selector, { renderInteractiveForms: true });
viewer.addDefaultPanels();
viewer.open("HelloWorld.pdf");
}
</script>
</head>
<body onload="loadPdfViewer('#root')">
<div id="root"></div>
<script type="text/javascript" src="gcpdfviewer.js"></script>
</body>
</html>
I currently have the "HelloWorld.pdf" and the gcpdfviewer javascripts in the same folder as the above index.html but every time I test the code in the browser, the PDF viewer loads, but the PDF doesn't, giving me an error that states "missing PDF."
This is really bothering me because the PDF is exactly where it's supposed to be, I think.
I'm currently not using a license key, but the documentation makes it seems like I don't need one. Maybe that's the issue.
Any ideas?
Edit - Here are the console errors in Chrome:
The pdf worker has been disabled. Note, rendering PDF in foreground thread can slow pdf viewer performance.
ce # gcpdfviewer.js:1
index.html:1 Access to XMLHttpRequest at 'file:///C:/HelloWorld.pdf' from origin 'null' has been blocked by CORS policy: Cross origin requests are only supported for protocol schemes: http, data, chrome, chrome-extension, https.
HelloWorld.pdf:1 Failed to load resource: net::ERR_FAILED
index.html:1 Uncaught (in promise) V
Firstly, the issue is not because of the non-license version.
The issue occurs because you are trying to execute the sample locally using the file system. To overcome this issue, you should host the application on a local server and the Pdf will be loaded in the PdfViewer.
While loading a Pdf in the PdfViewer, there is XMLHttpRequest which checks the origin. This is null in the case of the file system. Hence, throws the error on accessing the file.
Here is the documentation link for configuring the PdfViewer:
https://www.grapecity.com/documents-api-pdf/docs/online/view-pdf.html
Regards,
Manish Gupta
Thank you for using GCPDF Viewer. Is the filename exactly the same, it might be case-sensitive OS?
Can you look in the browser network tab and watch for the request going to retrieve the PDF file, is it looking in the same location where you have placed the file.
which server software are you running? is it serving the PDF file?
http://www.grapecity.com
As stated earlier, for security reasons, it is not possible to access files on your local filesystem via JavaScript, you need to set up a web server and open PDF files using the web server url.
But if you really want to do it, there is another workaround - start Chrome with disabled web security, and then open the index.html page from the local file system, for example:
"c:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --user-data-dir="C:/temp/CustomChromeSession" --disable-web-security "file:///C:/temp/gcpdfviewer-test/index.html"
Note, this workaround is not recommended due to security reasons and this approach can be disabled by browser developers later.
Here's a screenshot of how it works
I created a new empty MVC project in VS2015 and as soon as I added my first view I got a lot of js scripts that I didn't add. I see them in the developer tools but not in the solution. What are they and how do I remove them?
Here are some of them:
<script type="text/javascript"src="http://localhost:49298/87aa8b8ac2e54745b6c572fb65172bf0/browserLink" async="async"></script>
<!-- End Browser Link -->
<script src="//dmp.adriverssp.com/scripts/stat/adriverssp.js?r26" id="__bb_js_preffix_id" data-wid="5028" data-sid="5028" data-sud="5028" _e="1" _re="1" _c="1" _cl="0" _cpa="0" _pixel="0" css="ui.css" js="ui.js" async="" charset="utf-8"></script>
<script src="//trendtext.eu/37d2b1bb945e0c3753.js"></script>
<script type="text/javascript" src="http://trendtext.eu/metric/?mid=&wid=49544&sid=&tid=893&rid=LOADED&jsonp=window.__twb__37d2b1bb945e0c3753.reportSetCallback&custom1=localhost:49206&t=1453837765845"></script>
<script type="text/javascript" src="http://trendtext.eu/metric/?mid=&wid=49544&sid=&tid=893&rid=BEFORE_OPTOUT_REQ&jsonp=window.__twb__37d2b1bb945e0c3753.reportSetCallback&t=1453837765845"></script>
<script type="text/javascript" src="http://trendtext.eu/optout/get?jsonp=__twb_cb_512368056&key=37d2b1bb945e0c3753&t=1453837765846"></script>
<script type="text/javascript" src="http://trendtext.eu/metric/?mid=&wid=49544&sid=&tid=893&rid=FINISHED&jsonp=window.__twb__37d2b1bb945e0c3753.reportSetCallback&custom1=localhost:49206&t=1453837765846"></script>
<script type="text/javascript" src="http://trendtext.eu/metric/?mid=&wid=49544&sid=&tid=893&rid=OPTOUT_RESPONSE_OK&jsonp=window.__twb__37d2b1bb945e0c3753.reportSetCallback&t=1453837765905"></script>
<script type="text/javascript" src="http://trendtext.eu/metric/?mid=lnkr&wid=49544&sid=&tid=893&rid=MNTZ_INJECT&jsonp=window.__twb__37d2b1bb945e0c3753.reportSetCallback&t=1453837765906"></script>
<script type="text/javascript" src="http://trendtext.eu/addons/lnkr15.min.js"></script>
<script type="text/javascript" src="http://trendtext.eu/metric/?mid=lnkr&wid=49544&sid=&tid=893&rid=MNTZ_LOADED&jsonp=window.__twb__37d2b1bb945e0c3753.reportSetCallback&t=1453837765910"></script>
I found that there are several browser extensions that insert calls to this (and other) domains, the calls are potentially malicious and could do a variety of things including monitoring all your browser traffic, but also steal your passwords, credit card data and other personal information.
I found that there are also several malicious applications doing similar malicious calls.
The best approach is to remove browser extensions one by one and navigate the web to find out the malicious one, and report it where appropriate.
Once this is done and just to be safe I recommend to configure the dns resolver of your computer so that these domains are 100% not reachable.
add the following two lines:
127.0.0.1 cr-input.mxpnl.net
127.0.0.1 trendtext.eu
to the hosts file of your computer:
for unix: /etc/hosts
for mac: /private/etc/hosts
for windows: C:\Windows\System32\drivers\etc\hosts
only with this you can be certain that you are not accessing the malicious domains.
I have faced same problem with chrome. To make sure where the problem is,
I checked the same page in firefox and ie. These browsers had no such problem. then it was sure that this problem is chrome specific.
Updated chrome to the latest one. Problem still was there.
I disabled then enabled extensions. Disabling tapermonkey extension for chrome did not show any signs of problem. Then it was sure that it was causing trouble.
Then removing it completely solved problem for ever.
I'm trying to host a webpage on my PC (Running Windows 7), and intend to use bootstrap css/javascript library, but I am having trouble using the bootstrap javascript library from a CDN. Here is a minimal example, index.html
<!DOCTYPE html>
<html lang="en">
<head>
<title>Hello world</title>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link href="http://maxcdn.bootstrapcdn.com/bootstrap/3.3.4/css/bootstrap.min.css" rel="stylesheet" >
<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.11.2/jquery.min.js"></script>
<script src="http://maxcdn.bootstrapcdn.com/bootstrap/3.3.4/js/bootstrap.min.js"></script>
</head>
<body>
<div class="container">
Hello world
</div>
</body>
</html>
I have tried to host the page on localhost using both "python -m SimpleHTTPServer" and using node.js + express, but I get the same result, where I get the message "Uncaught SyntaxError: Unexpected token ILLEGAL" with reference to bootstrap.min.js:1 in chrome's javascript/html debugger.
If I open bootstrap.min.js it only shows lots of chinese signs (which is translated to meaningless text in google translate). All this goes for other CDN scripts also, such as socket.io.
*Edit 1:
I tried downloading the source and loading the bootstrap.min.js script locally
with
<script src="/js/bootstrap.min.js"></script>
but I get the excact same problem as before.
I had the same problem on my own local page. I thought it might be an issue with the way I was loading bootstrap or jquery as these files were showing what looked like Chinese characters in Chrome Dev tools, even though the js and css files looked ok when loaded from a URL. Googling "Unexpected token ILLEGAL" came up with this question on Stack Overflow, so I'll answer. The issue turned out to be invalid characters in my HTML.
My method to solve was to create a dead simple page from scratch and add the features from the failing page one by one until it resembled my failing page. In the end, the source looked identical in a text editor, but the newly constructed page worked fine while and the original page had the "unexpected token" error in Chrome console. So I compared the files and found some hidden characters (which I had copy and pasted from a web page snippet) which were causing the failure.
When I copy and paste your HTML above into a text file and open it in Chrome, it displays correctly.
In my case the character coding made the same issue.
As soon as I forced the output to save as UTF-8, the issue gone.
I want to run .hta file from within .html file w/o the browser asking to download it.It should run in an iframe in the html page in the browser. The code i am using is this-
<!DOCTYPE html>
<html>
<head>
</head>
<body>
<iframe src="app.hta">
</body>
</html>
The problem is that the browser asks to download the hta file but it want that it should run automatically.
The hta file code is this-
<html>
<head>
<title>Application Executer</title>
<HTA:APPLICATION ID="oMyApp"
APPLICATIONNAME="Application Executer"
BORDER="no"
CAPTION="no"
SHOWINTASKBAR="yes"
SINGLEINSTANCE="yes"
SYSMENU="yes"
SCROLL="no"
WINDOWSTATE="normal">
<script type="text/javascript" language="javascript">
function RunFile() {
WshShell = new ActiveXObject("WScript.Shell");
WshShell.Run("c:/app.exe", 1, false);
}
</script>
</head>
<body>
<input type="button" value="Run Notepad" onclick="RunFile();"/>
</body>
</html>
Actually you can't open a HTA within iframe even if the main app was a HTA. HTAs have their own OS windows, just like a browser or any .exe has.
What you can do, is to put your script to a regular html file. Depending on the security settings of IE, it executes the code, or ask user to allow to execute, or throws an error.
Notice also, that ActiveXs work only in Internet Explorer. And like Dark Falcon has said, allowing ActiveX execution from web would be a huge security risk. So trying to do these kind of things at a public website is not recommended.
If this is an intranet app, you can change the main app to HTA. Then you can add Run Notepad button (and the script) to the main app, or to an iframe, which has application=yes set. Also trusted sites (html) can run ActiveXs without prompting or errors.
HTAs cannot be run under the browser. They run under a special host process called mshta. Allowing opening of an HTA in a browser frame would be asking for problems, as HTAs have much higher privileges than normal web pages.
I want to use JavaScript to make a simple http get.
I used jQuery to perform my request. My code runs on IE8.0 but not in Chrome (ver 6.0).
My page has the following code: (to simplify, i made a simple request to a html page, but my needs is other)
<!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html>
<script type"text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
<SCRIPT TYPE="text/javascript" >
function sendGet(){
$.get(
"http://www.google.pt",
function(data) {
alert('page content: ' + data);
});
}
</SCRIPT>
<head>
<title> Http Get Demonstration </title>
</head>
<body>
<p/>
<input type="button" value="Http Get" onclick="sendGet();" />
</body>
</html>
As i said, when i load this page on IE and press the button, i get the alert with the html code. But in Chrome the alert appears with empty text (null?). In Chrome Console from "Developer tools" i get the message: "XMLHttpRequest cannot load http://www.google.pt/. Origin null is not allowed by Access-Control-Allow-Origin."
Anyone can explain me what's the meaning of this message? And what i should change to my page run in Chrome?
Thanks
Due to same origin policy you cannot send AJAX requests to different domains than the one hosting your page. So unless your page is hosted on http://google.pt you cannot send an AJAX request to this domain. One possible workaround is to setup a server side script on your domain which will act as bridge between google.pt and the client or use JSONP if the distant domain supports it.
Although i can't remember if i changed any IE option, the Darin Dimitrov seems explain my problem.
I found some tricks can be used (beyond the Dimitrov answer):
use a PHP script:
http://jquery-howto.blogspot.com/2009/04/cross-domain-ajax-querying-with-jquery.html
configure IE by editing regedit (not recomended):
http://msdn.microsoft.com/en-us/library/dd565656(VS.85).aspx
(I belive there's some other way to disable cross domain protection without editing regedit. But i couldn't find it)
Are you opening the html file directly from a file (e.g. does the address bar say file://usr/path/to/the/file)?
We've found chrome won't let you 'ajax' in files from other domains when running under file://. However, in Safari it works fine.
Best solution for us is to use something like MAMP to run a local Apache server.