I'm experiencing an issue with the jQuery CDN.
Given the following script imports:
<script type="text/javascript" src="http://code.jquery.com/jquery-1.9.1.js"></script>
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.3/jquery-ui.js"></script>
I am having the following issues with the CDN paths:
Using http://... when accessing my site over SSL I get
[blocked] The page at https://www.example.com/ ran insecure content from http://code.jquery.com/jquery-1.9.1.js.
Using https://... seems a bit dodgy if not accessing site over SSL
Using //... causes both the imports to fail on GET.
What is the correct way of importing jQuery from CDN with a site that can be accessed both securely and not.
just omit the protocol, then the script will be loaded using the same protocol as the page
<script type="text/javascript" src="//code.jquery.com/jquery-1.9.1.js"></script>
<script type="text/javascript" src="//code.jquery.com/ui/1.10.3/jquery-ui.js"></script>
But if the resource is loaded form the file system(with file:// protocol) then this will not work
Related
This is my sample site published on GitHub using GitHub pages, using Jekyll. The map you see in the site is supposed to be interactive for all the states, as shown in this fiddle, which shows how the map is supposed to work.
The main Javascript file used here is jquery.imagemapster.js
The HEAD of my code is:
<head>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js"></script>
<script type="text/javascript" src="jquery.imagemapster.js"></script>
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css" integrity="sha384-Gn5384xqQ1aoWXA+058RXPxPg6fy4IWvTNh0E263XmFcJlSAwiGgFAW/dAiS6JXm" crossorigin="anonymous">
...
</head>
Or you can simply see my code present in the repository used to publish the site.
Things I've tried:
Putting all the images and the script in a folder named asset, and linking to the resources. That didn't work at all. No image was displayed.
Putting the resources in the root folder. This is what I've done. The images are displayed properly, but the script still isn't working.
To check the linking, I copied the 4k lines of code into a <script> tag pair, inside the head. That didn't work as well.
Eventually, the local building of the site using Jekyll, works perfectly. What am I doing wrong here?
jquery.imagemapster.js is loading fine, the problem is in the way you are loading the libraries:
Mixed Content: The page at 'https://mooncrater31.github.io/infer/#'
was loaded over HTTPS, but requested an insecure script
'http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js'.
This request has been blocked; the content must be served over HTTPS.
This prevents your site from using JQuery in modern and popular browsers (aka: Chrome) and that is why it runs fine locally, it runs without https.
To solve it just load them with HTTPS:
<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js"></script>
<script type="text/javascript" src="jquery.imagemapster.js"></script>
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css" integrity="sha384-Gn5384xqQ1aoWXA+058RXPxPg6fy4IWvTNh0E263XmFcJlSAwiGgFAW/dAiS6JXm" crossorigin="anonymous">
Is there any way to properly reference a javascript file on disk that is not necessarily relative to the HTML file itself but to the file system of the host?
I am currently working on a strictly local site (always opened with file:// ...) and no web server. (only windows hosts)
This works for chrome and firefox without any issues:
<script src="resources/test1.js" type="text/javascript"></script>
<script src="resources/test2.js" type="text/javascript"></script>
<script src="file:///C:/test3.js" type="text/javascript"></script>
<script src="file://localhost/C:/test4.js" type="text/javascript"></script>
<script src="//localhost/C:/test5.js" type="text/javascript"></script>
Only works in chrome:
<script src="file:C:/test6.js" type="text/javascript"></script>
<script src="C:/test7.js" type="text/javascript"></script>
<script src="C:\test8.js" type="text/javascript"></script>
The Internet Explorer (IE11) on the other hand does not load these files (test3.js - test8.js) without any warning or error. Is there a proper way to do that?
I also tried adding a shared folder (//localhost/data/test.js) to ensure i don't need any : for the url. Did work for firefox and chrome, but not for IE.
I am aware that this is not the intended use of script tags or even HTML sites and that 'proper' is probably not the correct term anyway.
You can remove the alert by allowing 'active content' option. Go to Tools ->Internet options ->Advanced -> Security ->Allow active content to run files
Hope this helps!
I created a new empty MVC project in VS2015 and as soon as I added my first view I got a lot of js scripts that I didn't add. I see them in the developer tools but not in the solution. What are they and how do I remove them?
Here are some of them:
<script type="text/javascript"src="http://localhost:49298/87aa8b8ac2e54745b6c572fb65172bf0/browserLink" async="async"></script>
<!-- End Browser Link -->
<script src="//dmp.adriverssp.com/scripts/stat/adriverssp.js?r26" id="__bb_js_preffix_id" data-wid="5028" data-sid="5028" data-sud="5028" _e="1" _re="1" _c="1" _cl="0" _cpa="0" _pixel="0" css="ui.css" js="ui.js" async="" charset="utf-8"></script>
<script src="//trendtext.eu/37d2b1bb945e0c3753.js"></script>
<script type="text/javascript" src="http://trendtext.eu/metric/?mid=&wid=49544&sid=&tid=893&rid=LOADED&jsonp=window.__twb__37d2b1bb945e0c3753.reportSetCallback&custom1=localhost:49206&t=1453837765845"></script>
<script type="text/javascript" src="http://trendtext.eu/metric/?mid=&wid=49544&sid=&tid=893&rid=BEFORE_OPTOUT_REQ&jsonp=window.__twb__37d2b1bb945e0c3753.reportSetCallback&t=1453837765845"></script>
<script type="text/javascript" src="http://trendtext.eu/optout/get?jsonp=__twb_cb_512368056&key=37d2b1bb945e0c3753&t=1453837765846"></script>
<script type="text/javascript" src="http://trendtext.eu/metric/?mid=&wid=49544&sid=&tid=893&rid=FINISHED&jsonp=window.__twb__37d2b1bb945e0c3753.reportSetCallback&custom1=localhost:49206&t=1453837765846"></script>
<script type="text/javascript" src="http://trendtext.eu/metric/?mid=&wid=49544&sid=&tid=893&rid=OPTOUT_RESPONSE_OK&jsonp=window.__twb__37d2b1bb945e0c3753.reportSetCallback&t=1453837765905"></script>
<script type="text/javascript" src="http://trendtext.eu/metric/?mid=lnkr&wid=49544&sid=&tid=893&rid=MNTZ_INJECT&jsonp=window.__twb__37d2b1bb945e0c3753.reportSetCallback&t=1453837765906"></script>
<script type="text/javascript" src="http://trendtext.eu/addons/lnkr15.min.js"></script>
<script type="text/javascript" src="http://trendtext.eu/metric/?mid=lnkr&wid=49544&sid=&tid=893&rid=MNTZ_LOADED&jsonp=window.__twb__37d2b1bb945e0c3753.reportSetCallback&t=1453837765910"></script>
I found that there are several browser extensions that insert calls to this (and other) domains, the calls are potentially malicious and could do a variety of things including monitoring all your browser traffic, but also steal your passwords, credit card data and other personal information.
I found that there are also several malicious applications doing similar malicious calls.
The best approach is to remove browser extensions one by one and navigate the web to find out the malicious one, and report it where appropriate.
Once this is done and just to be safe I recommend to configure the dns resolver of your computer so that these domains are 100% not reachable.
add the following two lines:
127.0.0.1 cr-input.mxpnl.net
127.0.0.1 trendtext.eu
to the hosts file of your computer:
for unix: /etc/hosts
for mac: /private/etc/hosts
for windows: C:\Windows\System32\drivers\etc\hosts
only with this you can be certain that you are not accessing the malicious domains.
I have faced same problem with chrome. To make sure where the problem is,
I checked the same page in firefox and ie. These browsers had no such problem. then it was sure that this problem is chrome specific.
Updated chrome to the latest one. Problem still was there.
I disabled then enabled extensions. Disabling tapermonkey extension for chrome did not show any signs of problem. Then it was sure that it was causing trouble.
Then removing it completely solved problem for ever.
I just finished a website & went to upload it to the client's host, which is the same host that I use for my personal site. When I uploaded the site to his domain as an add on & tested the jQuery function, it doesn't run. I'm loading jQuery from Google via:
<!--/ jQuery Inclusion-->
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js" type="text/javascript"></script>
And it runs perfectly on my personal host setup, it just doesn't work at all on the new host. I called & got no resolve from tech support, was hoping that you guys could help me out.
Nivo Slider & Fancybox working on my personal site:
http://tinyurl.com/d3zley7
Nivo Slider & Fancybox NOT working on client's site:
http://tinyurl.com/d2egv2v
What could be causing this considering it's not required that the js is hosted on the server? I greatly appreciate your help!
Is not a jQuery issue or whatsoever, is because all your scripts references return a 404 "page not found"
Your references start from the root / file
<script src="/nivo-slider/jquery.nivo.slider.js" type="text/javascript"></script>
<script src="/nivo-slider/jquery.nivo.slider.pack.js" type="text/javascript"></script>
<!--/ Fancybox Script-->
<script type="text/javascript" src="/fancybox/jquery.fancybox-1.3.4.pack.js"></script>
<script type="text/javascript" src="/fancybox/jquery.easing-1.4.pack.js"></script>
...etc
.... but they should be relative to directory nd/ like
<script src="nd/nivo-slider/jquery.nivo.slider.js" type="text/javascript"></script>
... etc
... so is a path issue ;)
nivoslider javascript does not exist on your clients site:
http://greencertifier.com/nivo-slider/jquery.nivo.slider.js
but it exists on your site:
http://helmblanc.com/nivo-slider/jquery.nivo.slider.js
I keep getting the following error on the debug console on chrome
[blocked] The page at https://myURL/canvas ran insecure content from http://ajax.googleapis.com/ajax/libs/jqueryui/1.7.1/themes/base/jquery-ui.css.
[blocked] The page at https://URL/canvas ran insecure content from http://connect.facebook.net/en_US/all.js.
[blocked] The page at https://URL/canvas ran insecure content from http://ajax.googleapis.com/ajax/libs/jqueryui/1.8/jquery-ui.min.js.
these are the js scripts attached to the head
THis is a facebook app that makes GET request to my own server , This was working and Just stopped working without any change in my code ! I am not sure if Facebook is blocking my requests.
These errors happen when loading scripts and other external resources (such as images) on other domains via HTTP when the main page (which is your Facebook app, in your case) is loaded via HTTPS.
Look in the code of your app, use protocol relative URLs when calling external scripts. For example, instead of this:
<script src="http://connect.facebook.net/en_US/all.js"></script>
<script src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.8/jquery-ui.min.js"></script>
<link rel="stylesheet" type="text/css" href="http://ajax.googleapis.com/ajax/libs/jqueryui/1.7.1/themes/base/jquery-ui.css">
Do this:
<script src="//connect.facebook.net/en_US/all.js"></script>
<script src="//ajax.googleapis.com/ajax/libs/jqueryui/1.8/jquery-ui.min.js"></script>
<link rel="stylesheet" type="text/css" href="//ajax.googleapis.com/ajax/libs/jqueryui/1.7.1/themes/base/jquery-ui.css">
Edit: Note that if protocol relative URLs are used on stylesheets, IE7 and IE8 will download it twice:
http://paulirish.com/2010/the-protocol-relative-url/