Using the following code to generate a pop-up with no URL bar
<head>
<title></title>
<script type="text/javascript">
function open_on_entrance() {
window.open('http://address.com', 'popsearch', 'resizable,dependent,status,width=1100,height=700,left=10,top=10')
}
</script>
</head>
<body onload="open_on_entrance()">
Here's the crazy part - the code works when I run it on my model server, but the URL displays when the same code runs on the production server. This is when testing it from the same browser on a separate server.
I know some browsers don't allow the location=no tag, but is there a setting on a server that would disallow it?
Your code works. However check the following things.
You have cleared your browser cache.
Your browser has blocked
pop-ups.
The server does not affect the result of the code.
You didn't say which browser, but there's a funny setting in Internet Explorer which forces the URL bar to always show. Make sure this is set to enabled!
IE 11/
Tools /
Internet options /
Security /
(pick the right zone for your site, usually trusted) /
Custom Level Under "Miscellaneous" /
Under "Allow websites to open windows without address or status bars" /
Set to enabled
Related
The following code shows an <iframe sandbox... pointing to a page that opens a test websocket with a message on successful open. It works correctly on Chrome and Edge printing the It worked! message immediately.
On Firefox it fails with Uncaught DOMException: The operation is insecure. and no further reasoning.
<!DOCTYPE html>
<html lang="en">
<body>
<iframe
sandbox="allow-scripts"
src="https://firefox-wss-example.tiiny.site/"></iframe>
</body>
</html>
The linked websocket page source code is simply as follows:
<!DOCTYPE html>
<html lang="en">
<body>
<script>
const ws = new WebSocket('wss://demo.piesocket.com/v3/channel_1?notify_self');
ws.addEventListener('open', () => {
console.log('It worked!');
});
</script>
</body>
</html>
I have tried a mixture of wss:// and ws://, as well as permissive CORS headers, but none of my attempts fix the issue on Firefox despite having an appropriate setup. I am starting to think this is a Firefox 97 bug but am unsure of how to verify.
Why does this snippet work on most browsers but fails on Firefox?
I've been through this before, spend weeks on investigations, what I found is: Firefox runs sandboxed JavaScript under the blob:// protocol, and you're only allowed to upgrade to WebSocket from http:// and https:// connections. blob:// isn't either.
Although it's not very clear in their documentation, you may take a look into the websocket upgrade implementation as well as in this issue about CSP inheritance to understand it better, but it's basically the way Firefox have chosen to implement Sandboxing.
We never found a workaround for this, the only way was to drop the Sandboxing, or drop Firefox support for this specific feature.
On the other hand, Chromium based browsers saves the script file locally (I cannot say with 100% of confidence if it is stored in a temporary directory or virtual file system), and still uses the http:// protocol to access them, this way you can upgrade to ws:// or wss://. Those browsers may also inherit CSP, since they keeps the opener instance.
Edit: This problem is not tied to an specific Firefox version, it has been implemented this way for a long time. I has been 5 or 6 releases from the time I went into this problem, it still this way, and will probably stay this way, it's not considered a bug and it's not close to a highly requested feature.
I'm working on this code .. and works in all browsers, except in chrome.
I want to show a div(A) 1 time per IP every 24 hours. After displaying that div(A), I want to show another div(B) every time that ip visit my page.
This is my code
<head>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.7.0/jquery.min.js"></script>
<script type="text/javascript" src="https://github.com/carhartl/jquery-cookie/raw/master/jquery.cookie.js"></script>
<script type="text/javascript">
$(document).ready(function() {
if( $.cookie('showOnlyOne') ){
//it is still within the day
//hide the div
$('#showOnlyOnceADay').hide();
$('#showothertimes').show();
} else {
//either cookie already expired, or user never visit the site
//create the cookie
$.cookie('showOnlyOne', 'showOnlyOne', { expires: 1 });
//and display the div
$('#showOnlyOnceADay').show();
$('#showothertimes').hide();
}
});
</script>
</head>
<body>
<div id="showOnlyOnceADay">
Div(A)
</div>
<div id="showothertimes">
Div(B)
</div>
</body>
In Chrome shows the two div at the same time always. What's the problem? Thank you!
You are linking to the raw version of the javascript file on github. This is not being served with the correct MIME type, so you'll need to download it and serve it yourself. Github raw is not a CDN.
Are you developing this on your local machine? If so, Chrome does not accept cookies over the file protocol. You can either enable them by starting Chrome with a flag, or test it over HTTP using a web server somewhere. More information can be found here:
https://github.com/carhartl/jquery-cookie/issues/231
Also, just to point out that technically your code will not be working by IP address as cookies are stored per machine and per browser as well as easily cleared and circumvented. Aside from this, your markup for both divs is all still available in the source and could be easily viewed with dev tools. If security (or rather the enforceability of your rule) is a concern you should think about moving the cookie code to the server side and only writing the appropriate div to the browser.
On the Chrome 18.0.1025469 browser for Nexus 7, 4.2.2. certain redirects seem to cause Javascript not to load.
For example the following page: http://jsfiddle.net/NTEQF/show/
has the javascript
alert(1)
On my nexus I see the the alert if I type in the following:
jsfiddle.net/NTEQF/show/
But if I type in (with a clear cache)
www.jsfiddle.net/NTEQF/show/
I can see the url redirect to jsfiddle.net/NTEQF/show/ but I see no alert.
Once I visit the page a few times, the alert starts to show up. To reproduce the no alert consistently, I can clear all the data through the devices setting panel: Apps > All > Chrome > Clear Data - Sometime clearing the cache through the privacy settings within Chrome does the trick too.
This means that there are situations where pages can load as if you have Javascript disabled when it is enabled. Any ideas as to what causes this or how to fix it aside from not using redirects? I have seen the issue both on redirects that remove and add www.
You must be consistent with redirects.
If you call www.whateverpage.com on one redirect and then just whateverpage.com on another, you are actually going to two different domains, so any cookies or session cookies might be set for one domain but not the other. This is true also if you have for example a page like mobile.whateverpage.com. These are all different domains, so you'll have to treat them accordingly.
I save this file as test.html and when I opened this file in IE, I am getting Information Bar for ActiveX Controls, Is there any way we can disable this thing using javascript code or jQuery code?
<html>
<body>
<h1>My First Web Page</h1>
<script type="text/javascript">
if(navigator.appName == "Microsoft Internet Explorer")
{
window.location = "http://www.google.com/"
}
else
{
window.location = "http://www.yahoo.com/"
}
</script>
</body>
</html>
And I just wanted to make sure, as I am running locally on my box so that is the reason it is showing ActiveX control Information bar? And Once I upload this file to a remote server and access it from there then this active x bar will not appear??
But is there any way programmatically to disable this information bar? Any suggestions will be appreciated.
Use Mark of the Web (MOTW). We can disable the ActiveX controls warning by putting following code before the opening html tag:
<!-- saved from url=(0014)about:internet -->
<html>
<body>
......
</body>
</html>
The above code is call “Mark of the Web (MOTW)”, this is a feature of Windows Internet Explorer that enhances security by enabling Internet Explorer to force Web pages to run in the security zone of the location the page was saved from
The Information Bar you're seeing is unrelated to ActiveX (even though it might say "ActiveX"). It's simply telling you that a IE isn't running scripts on a local file, a security precaution.
Yes, when accessed via HTTP, the warning won't appear.
There's no way to programmatic disable it because (1) your code isn't running in the first place; and (2) doing so would circumvent the security restriction that this is meant to be. Use the MOTW.
If you just want pages to work on your machine, go to Tools, Internet Options, Advanced, and check Allow active content to run in files on My Computer. I'd only enable this option while developing, however.
I want to use JavaScript to make a simple http get.
I used jQuery to perform my request. My code runs on IE8.0 but not in Chrome (ver 6.0).
My page has the following code: (to simplify, i made a simple request to a html page, but my needs is other)
<!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html>
<script type"text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
<SCRIPT TYPE="text/javascript" >
function sendGet(){
$.get(
"http://www.google.pt",
function(data) {
alert('page content: ' + data);
});
}
</SCRIPT>
<head>
<title> Http Get Demonstration </title>
</head>
<body>
<p/>
<input type="button" value="Http Get" onclick="sendGet();" />
</body>
</html>
As i said, when i load this page on IE and press the button, i get the alert with the html code. But in Chrome the alert appears with empty text (null?). In Chrome Console from "Developer tools" i get the message: "XMLHttpRequest cannot load http://www.google.pt/. Origin null is not allowed by Access-Control-Allow-Origin."
Anyone can explain me what's the meaning of this message? And what i should change to my page run in Chrome?
Thanks
Due to same origin policy you cannot send AJAX requests to different domains than the one hosting your page. So unless your page is hosted on http://google.pt you cannot send an AJAX request to this domain. One possible workaround is to setup a server side script on your domain which will act as bridge between google.pt and the client or use JSONP if the distant domain supports it.
Although i can't remember if i changed any IE option, the Darin Dimitrov seems explain my problem.
I found some tricks can be used (beyond the Dimitrov answer):
use a PHP script:
http://jquery-howto.blogspot.com/2009/04/cross-domain-ajax-querying-with-jquery.html
configure IE by editing regedit (not recomended):
http://msdn.microsoft.com/en-us/library/dd565656(VS.85).aspx
(I belive there's some other way to disable cross domain protection without editing regedit. But i couldn't find it)
Are you opening the html file directly from a file (e.g. does the address bar say file://usr/path/to/the/file)?
We've found chrome won't let you 'ajax' in files from other domains when running under file://. However, in Safari it works fine.
Best solution for us is to use something like MAMP to run a local Apache server.