OK, bear with me please, I'll try to explain the issue as detailed as possible.
I have 3 HTML (and appropriate .js) files.
I can add stuff to sessionStorage and I display the content of the sessionStorage when I'm located in either of the HTML files.
I'm running files locally on the latest version of firefox, which - as far as I know - supports sessionStorage in file://
So, everything works great, I can add stuff to sessionStorage in HTML1 and go to HTML2 and the data is displayed properly. I get the concept of sessionStorage and all is good.
But here's where it gets weird:
when I add stuff to sessionStorage in HTML1 and go to HTML2 via a-href, the content of sessionStorage is there. But if I click in the url bar and press enter, the content is lost. SessionStorage is "null". I go back to HTML1 and press ctrl+r (reload) and still, null. But when I click in url bar and press enter (while I'm in HTML1 page), sessionStorage content returns.
I've done several checks and it appears as if when I click in url bar and press enter, another sessionStorage instance is created.
This, however, does NOT happen if I upload the project on some server.
I'm wondering why - if firefox supports sessionStorage - this is happening when I run the application locally and what is really going on there?
Thanks for any kind of explanation.
Ok, it doesn't work locally since you are opening the files, you need to run it on a server.
The browser will tie the sessions together using the URL (and other internal stuff of course) which is why it works on the whatever server you upload to. This won't work with the file URLs as the browser seems them as different pages from different locations, and so the session isn't shared.
If you set up WAMP or something locally and run it through that, it will work. Which is exactly what xavierm02 suggested.
I'm quite sure that if you looks at files from the filesystem, browsers consider every single file like a domain. So no Ajax, no shared cookies, sessions etc. The thing I find weird is that you get to keep some sessions...
Imagine you have a user stupid enough to open an html file he downloaded, without those protections, that html file could see everything on the system. And as much as antiviruses and the OS warn you when you open a .exe (or equivalent), you won't get any kind of warning when opening a .html file.
You'll have to use a local server, something like WAMP probably. Or Apache if you can.
Related
I've implemented this script on my Squarespace website using the wexley template to make images in a gallery act as links (Wexley does not support clickthrough URLs natively).
It works fine, but if I add any thumbnails to the gallery it will not work until the browser cache is cleared.
I am wondering if there is a way to fix this? Perhaps through:
1) setting an expiry on the cache? I am not in developer mode so this would have to go into a header injection
2) Versioning? I tried hosting the javascript as a file elsewhere on my site. This worked (it pulled the script from another location) but still get the same issue, even when I upload a new script file and point to that after updating the page!
You can force the client to download the field again. To accomplish this you need to make the clients browser to think it doesnt have the script in cache. You can do this changing the file name.
Imagine you have this folder structure:
index.html
index.js
If in your index.html you reference the script like src="index.js" you may force clients to download just apendding a query string to the import: src="index.js?0"
Now clients browsers will check if this file is in cache, and since it isnt, they will fetch from the server.
Checking the resource loading on my page I realized that the script was not being cached so it was something else getting cached that was interfering.
Because I am not in dev mode, I implemented a fix that relies on appending the URL with the date of the update, and then setting up 301 redirects.
The URL and redirects (2 total) would have to be updated when any content is added.
If anyone sees issues with this (relating to SEO or some unknown), I would appreciate your feedback.
On cloudflare I want to disable caching and see my website changes immediately that I've pushed live.
Things I've tried:
I've put development mode on.
Create a bypass on caching in page rules.
Purged an individual webpage.
Purged the website.
Set cache to clear every 2 hours.
None of the above worked.
Tech I'm using:
Angular2
SystemJS
Typescript which becomes javascript on build.
Firebase for hosting and database.
Cloudflare for SSL etc.
The only way people see my website changes, it if they hard refresh.
The main problem is I've got a javascript file called app.js and its has all my javascript in for my Angular app. And it doesnt seem like its trying to get the resource in the browser.
I've changed the app.js to app.js?1490959855777
And still doesnt fetch the file again.
I basically want to see my JS file without a user having to hard refresh.
Based on the discussion above, it looks like the caching is happening on the browser - since a hard refresh will get the new file contents.
I think what happened is CF told the browser to hold onto that file for a very log time. And the browser is listening to that request.
Because you can't ask your users to do a hard refresh, you'll need to rename the static files that are being cached so aggressively.
I version all of my client side JS files like "/js/myfile.js?v=3903948" so that my clients don't need to clear their browser cache to ensure they get the updated files. But every time I push an update, without fail, at least one person runs into a problem where they are running the old version and get some kind of error. I used to think that this was just them having already been on the page during the release and just needing to reload the browser, but this happened to me today when I was definitely not previously on the page. I browsed to the live site and was running the old code. I needed to do a browser refresh on that page to get the new file.
What can cause this?
PS I was using Chrome on Win7, but I have seen clients report this before on all different browsers.
If your main web page can also be cached, then the old version of that page can be requesting the old version of the JS file. JS file versioning works best if the page that actually refers to the JS file cannot be cached or has very short caching time.
I agree with jfriend00 about the webpage itself being cashed and thus requesting the old javascript version.
To prevent this, you can have the javascript file loaded by an ajax (Post) request, either requesting the server what is the accurate(latest) version number to download, or requesting the javascript itself and inserting it, e.g. in the head of the page.
Edit: see for example here
I make a quick AJAX request to the server for the version it expects them to have, then force them to refresh the page if the client's script is old.
Seems that proxy or some load balancer is serving old content instead of new. Also check IIS/webserver settings how are these files cached/expired.
You can check what is going on on the wire with tools like Fiddler.
We have a file handling ASP.Net web control used in intranet web applications, that currently uses ActiveX to handle file check-outs, and check-ins. Works fine, in IE&Win.
But now we are trying to get rid of ActiveX & IE only behavior...
If a file is checked out, it is copied to file share, with access right limited to the checking-out user.
Using a hidden iframe, and setting the src of the iframe to something like "file:////file_share/dictionary/users_stuff/someDoc.doc", an open/download dialog is shown, so the user can open and edit the shared file in Word, Excel, etc directly from the file share.
Works fine for file types browsers can't handle themselves.
But for file types like txt, images, html the browser simply loads the file to the iframe, or opens the file, if the user is given a link. And the user can't edit the file without manually launching the appropriate application and copying the url. Showing the users a "Copy this url to your preferred application, and try to edit it" would not be really user friendly...
My question is: is it possible to get the browser (without ActiveX, IE...) to pass the link to the OS, or show a "What do you want to do with this file" dialog of some sort?
If not, what and how could be achieved?
The closest I could come up with is this thread:
https://stackoverflow.com/a/1394725/1195927
#Red says no (and the original poster agrees) BUT #Daan seems to have a solution.
I have not tested, so YMMV.
If a javascript/html solution is not found, I may have an ugly hack for you . . .
See my post here: Launching a Downloadable Link
I have a site, from which you can download an HTML file. This HTML file contains a form with hidden fields, which is right away posted back to the site using JavaScript. This is a way of allowing users to download to their own machine data that they edit on the site.
On some machines, you get an IE "yellow bar" when trying to open the file you saved. The "yellow bar" in IE is warning that the HTML is trying to run an Active X (which it is not, there is only JavaScript doing a submit() on a form). However if you receive the exact same HTML file by email, save it, and open it, you don't have this problem. (It looks like IE is putting some more constraint on what can be done in a HTML file you saved from web site.)
My question is: where can I find documentation on this IE security mechanism, and possibly how can I get around it?
Alex
The yellow bar is because your page is executing in the Local Machine security zone in IE. On different machines, the Local Machine security zone might be configured in different ways, so you can see the yellow bar on some machines and not see it on other machines.
To learn more about the IE's URL Security Zones, you can start reading here: http://msdn.microsoft.com/en-us/library/ms537183.aspx
Look here for details on the MOTW - Mark Of The Web
If you add this to your locally served pages, IE will not show the yellow bar.
http://msdn.microsoft.com/en-us/library/ms537628(VS.85).aspx
I am not usre about any specific documnet, but if you open the properties for the file in windows explorer on the general tab is the file blocked? if so click unblock and try again and see if you gte the same issue. This is typical security for files downloaded fom the internet.
Other than that i am afraid i dont know what else to suggest.
I don't 100% follow what your JavaScript is submitting to, but if you're submitting back to the original site from the downloaded copy you'll have a problem using JavaScript as all browsers treat cross-domain JavaScript as a security violation.
JavaScript isn't allowed to read or write to any site not on the current domain
As Franci had said it is becaue you are in the local machine security context and this allows scripts to create objects and execute code that could do harm to your PC. For example you can create a File System Object and perform tasks that an untrusted page shouldn't perform generally because it could be malicious in nature.
Have you tried changing the file name from yourname.html to yourname.hta to see if the security problem goes away?
More on HTML Applications (.HTA files): http://msdn.microsoft.com/en-us/library/ms536496%28VS.85%29.aspx