I am using the sharer button inside a facebook app. It works in all browsers except Chrome.
docs.google.com/open?id=0B4wxEQ6Do659WmcwdkN5VlFDZ2s
I check tools->javascript console and I see that I have a warning:
[blocked] The page at https://mywebsite.com ran insecure content
from http://static.ak.fbcdn.net/connect.php/js/FB.Share.
The code used in this button is:
<a name="fb_share" type="button" share_url="http://mywebsite.com" href="http://www.facebook.com/sharer.php">Share</a><script src="http://static.ak.fbcdn.net/connect.php/js/FB.Share" type="text/javascript"></script>
Googled it, Stackoverflowed it but nothing helpful out there.
This is because, your site is using https protocol, but since that script is on http, chrome thinks this is a security issue.
Use https version of the file which is located at: https://facebook.com/connect.php/js/FB.Share
and you should be fine.
Related
When clicking on the Continue With Google button, a popup appears (on my website that I created using Django in Python) as expected in Google Chrome asking which account to continue with etc...
By doing the same thing in Microsoft Edge, the popup is blank, there is no content. I'm not sure if it's a problem with my code, my OAUTH account or Microsoft Edge itself.
This is the popup in Google Chrome (working as normally)
This is the popup in Microsoft Edge (not working at all)
I expect the top image to be happening in both browsers.
Does anyone have any idea why this isn't working in Microsoft Edge?
EDIT:
The following two errors appear in the Microsoft Edge console but they also show up in Google Chrome:
Failed to load resource: the server responded with a status of 400 ()
[GSI_LOGGER]: The given origin is not allowed for the given client ID.
I tested the website in Firefox and everything works as expected similar to Google Chrome.
Why is Edge the only browser that isn't working (My Microsoft Edge is up to date)
HTML Code:
<script src="https://accounts.google.com/gsi/client" async defer></script>
<div id="g_id_onload"
data-client_id="**********.apps.googleusercontent.com"
data-login_uri="http://localhost:8000/accounts/continue-with-google/?source=signup"
data-auto_prompt="false">
</div>
<div id="continueWithGoogleButton" class="g_id_signin"
data-type="standard"
data-size="large"
data-theme="outline"
data-text="continue_with"
data-shape="pill"
data-logo_alignment="left"
data-width="300">
</div>
Be sure to read this, because it seems that might be causing the issue (blank window). Also, the key points are important (#2, and #3), since you're developing in localhost. This would also mean that you might need to add (if you don't have it already) a meta tag regarding the referrer policy.
This was answered in the comments by FiddlingAway. I wanted to post this as an answer to make it clearer for future references. To save a bit of research, in Django, you'll need to write in settings.py file SECURE_CROSS_ORIGIN_OPENER_POLICY = "same-origin-allow-popups". Check the above links to find out what this means.
Hope this helps!
I am doing some test then find below code would pop up a window:
test
looks like it is trying to open an application.
Can anyone tell me what is the usage/purpose of this "script"?
looks like FF, Chrome, and IE all support it.
script is being used as a protocol. No applications handle the script protocol, so clicking it does nothing useful.
You can register a custom protocol handler and if the user accepts it, your application will be allowed to open all links of that type (there are only a few permitted protocols):
window.navigator.registerProtocolHandler('web+test', 'http://example.org/?handler=%s', 'Test Protocol');
Only example.org will be allowed to run the above code, but if you open your dev tools while visiting http://example.org/ and run the above code, you will get a dialog asking you to allow or deny the protocol association. If you accept it, click the following link on any website:
test
It will redirect to http://example.org/?handler=hello
Trying to open an application? That script is just a hyperlink, it does not tell anything else in the script, just that it will open a link into site that tells "test"
Why is Google Chrome trying to access its tag manager website when visiting a website that has only static HTML with no embedded link and a very strong "Content-Security-Policy" in its HTTP headers.
I noticed this modification of its static HTML as:
<script async="" src="//www.googletagmanager.com/gtm.js?id=GTM-TMLW42T"></script>
<script title="domIsLoadedS" id="domIsLoadedS">var dataLayer=dataLayer || [];
(function(w,d,s,l,i,h){if(h=='tagmanager.google.com'){return}w[l]=w[l]||[];w[l].push({'gtm.start':new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src='//www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);})(window,document,'script','dataLayer','GTM-TMLW42T',window.location.hostname);</script>
The suspected link is: www.googletagmanager.com/gtm.js?d=GTM-XXXXXX
Is this Google Chrome (furtively) inserting HTML snippets during our website visits?
If so, how does one turn that off?
Aha!
Once I disabled uBlock extension (v 0.9.5.0) of Chrome browser, the problem went away.
FYI: There are two variants of uBlocks: uBlock Origin and just 'uBlock". the plugin that I used is just 'uBlock'.
Who knew that extension could have malicious effect (although, this time it wasn't).
UPDATE: uBlock Origin does NOT use Google Tag Manager. Using "uBlock Origin" fixes my problem.
Source: uBlock Origin -
I am getting (NS_ERROR_DOCUMENT_NOT_CACHED) error when I try to access the Javascript code through firefox.I get this error in the contents tab of HTTPFOX.
I googled and set the parameters of browser in config file as specified in this site but it still doesn't work.
http://code.google.com/p/httpfox/issues/detail?id=20
Can somebody suggest whats going wrong since the same code works fine for safari browser..
If anyone is interested in a solution to this, I believe it's to do with the plugin noscript. Disabling it fixed this, but I have yet to work out what part of noscript was causing the issue. Will update if I find out.
Edit:My issues was with a twitter auth callback. In the Advanced settings of noscript under ABE, in the SYSTEM ruleset, on the line "Accept from LOCAL" I added "*.twitter.com". This allowed callback requests from *twitter.com to return to a local address.
On my macbook I had to uninstall firefox completely to correctly get the content of an ajax response with httpfox. This also implies to remove the firefox profile bij removing this Firefox folder (I could only find it via the terminal and not via Finder):
/Users/<YOURUSER>/Library/Application Support/Firefox
Then install firefox again and install the httpfox add-on.
I tried many cache settings also by entering about:config in the firefox URL however without succes. Be aware that removing the profile settings like I describe will also remove all your personal firefox customization. It concerned firefox 18.0.2 and httpfox 0.8.11.
We used to get the same error when our JavaScript made an XMLHTTPRequest to the server. On the server side, we had java, and the java response, the content type was not explicitly set to "text/html". When that was done
resp.setContentType("text/html");
the error went away.
I want to use JavaScript to make a simple http get.
I used jQuery to perform my request. My code runs on IE8.0 but not in Chrome (ver 6.0).
My page has the following code: (to simplify, i made a simple request to a html page, but my needs is other)
<!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html>
<script type"text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
<SCRIPT TYPE="text/javascript" >
function sendGet(){
$.get(
"http://www.google.pt",
function(data) {
alert('page content: ' + data);
});
}
</SCRIPT>
<head>
<title> Http Get Demonstration </title>
</head>
<body>
<p/>
<input type="button" value="Http Get" onclick="sendGet();" />
</body>
</html>
As i said, when i load this page on IE and press the button, i get the alert with the html code. But in Chrome the alert appears with empty text (null?). In Chrome Console from "Developer tools" i get the message: "XMLHttpRequest cannot load http://www.google.pt/. Origin null is not allowed by Access-Control-Allow-Origin."
Anyone can explain me what's the meaning of this message? And what i should change to my page run in Chrome?
Thanks
Due to same origin policy you cannot send AJAX requests to different domains than the one hosting your page. So unless your page is hosted on http://google.pt you cannot send an AJAX request to this domain. One possible workaround is to setup a server side script on your domain which will act as bridge between google.pt and the client or use JSONP if the distant domain supports it.
Although i can't remember if i changed any IE option, the Darin Dimitrov seems explain my problem.
I found some tricks can be used (beyond the Dimitrov answer):
use a PHP script:
http://jquery-howto.blogspot.com/2009/04/cross-domain-ajax-querying-with-jquery.html
configure IE by editing regedit (not recomended):
http://msdn.microsoft.com/en-us/library/dd565656(VS.85).aspx
(I belive there's some other way to disable cross domain protection without editing regedit. But i couldn't find it)
Are you opening the html file directly from a file (e.g. does the address bar say file://usr/path/to/the/file)?
We've found chrome won't let you 'ajax' in files from other domains when running under file://. However, in Safari it works fine.
Best solution for us is to use something like MAMP to run a local Apache server.