I've got a page which uses Flash with animations (These are not crucial but additional).
Everything works fine, if I'm not using Opera with activated Turbo. Then the Flash Movie is shown as a big ugly arrow in a circle the size of the flash movie which is intended to act as a play button for the flash.
I'm using SWFobject, so I easily could turn of the animation if I knew if Opera's turbo mechanism is used, but how do I do this in JavaScript (or maybe CSS if this goes)
How to reproduce?
Surf this page with Opera (or any other page which uses flash)
http://www.adobe.com/software/flash/about/
Without Opera Turbo you see a flash animation and flash version information
With Opera Turbo you see two white arrows in gray circles
edit 1
I'm quite sure now, that there is not a pure JS solution and not a PHP solution. The best guess is a combined AS/JS solution.
Client side detection:
There is no way to access that through javascript. Client side detection for opera turbo is not possible currently, maybe it will be supported in the future but who knows?
Server side detection:
When opera turbo is enabled all requests from client are done to opera servers, the opera servers are going to access your application (do compressions) and forward the processed content to the final client (user's computer).
With that in mind, let's do some network sniffing and see where are your connection going:
~$ nslookup opera10beta-turbo.opera-mini.net
>Server: 189.40.226.80
>Address: 189.40.226.80#53
>Non-authoritative answer:
>opera10beta-turbo.opera-mini.net canonical name = global-turbo-1.opera-mini.net.
>Name: global-turbo-1.opera-mini.net
>Address: 141.0.11.252
~$ nslookup 64.255.180.252
>Server: 192.168.1.254
>Address: 192.168.1.254#53
>Non-authoritative answer:
>252.180.255.64.in-addr.arpa canonical name = 252.0-24.180.255.64.in-addr.arpa.
>252.0-24.180.255.64.in-addr.arpa name = global-turbo-1-lvs-usa.opera-mini.net.
As you can see the name and canonical name from opera servers can be used to detect if you application is being accessed through opera servers intermediation. I think server side coding could handle that (not sure what language are you using on your server).
It's good to remember that Opera Turbo will not intermediate your requests if you're accessing something in your local server.
Hope it helps.
You can try to check if the flash object is loaded with some javascript. This code works on my computer with Opera 11:
<html>
<head>
<script language=JavaScript>
function isFlashBlocked(){
var blocked;
try {
// Can test this on any flash object on the page
window.document.myFlash.SetVariable("dummy", "dummy");
// Flash not blocked
blocked = false;
}
catch(err) {
// Flash blocked
blocked = true;
}
return blocked;
}
function removeBlockedFlash() {
if (isFlashBlocked()) {
// Hide all flash objects
window.document.myFlash.setAttribute("style", "display: none");
// ...
// Display replacement content
window.document.myImage.setAttribute("style", "display: inline");
// ...
}
}
</script>
</head>
<body onload="removeBlockedFlash()">
<object type="application/x-shockwave-flash" data="HelloWorld.swf"
width="100" height="100" id="myFlash">
</object>
<img src="image.jpg" style="display: none" id="myImage" />
</body>
</html>
If you detect that flash is blocked, you hide every flash object and display what you want.
Edit: This code doesn't work with Firefox, you probably need to detect the browser before using this function.
I believe that the answer to the speed issue is that the Flash content is not downloaded initially. You have to manually click on the icon to download it. Same for animated GIFs. This is part of the strategy to boost the speed. (cf., this Opera Desktop Team post.)
Which is why you want to know how to check for Opera Turbo, and not just Opera. From my local tests, I cannot tell the difference using PHP's _SERVER["HTTP_USER_AGENT"] variable. I think this is similar to what Opera lists as the user agent string, as shown here and here.
It seems that, rather notifying the website of the browser condition, Opera silently manages the request results differently.
Related
I'm looking for an html5 audio and video player that has a waveform. I found wavesurfer.js, but that looks like just audio. But hey, I thought I'd play around with it. Here is some very simple code (this is just me with an html file on my desktop - and wav was converted to PCM. Though, I've tried this with a wav and mp3):
<html>
<head>
<script src="https://cdnjs.cloudflare.com/ajax/libs/wavesurfer.js/1.3.7/wavesurfer.min.js"></script>
<script>
var wavesurfer = Object.create(WaveSurfer);
document.addEventListener('DOMContentLoaded', function () {
wavesurfer.init({
container: '#waveform',
waveColor: '#A8DBA8',
progressColor: '#3B8686'
});
wavesurfer.load('session.wav');
});
wavesurfer.on('ready', function () {
wavesurfer.play();
});
</script>
</head>
<body>
<div id="waveform"></div>
</body>
</html>
This couldn't get any simpler! OK, let's open this in Firefox:
Great! It starts playing. I have a waveform. Awesome!
Now Chrome (or Edge - both do the same):
Absolutely nothing (scratches head). No sound. Nothing.
OK, I found this link here: https://wavesurfer-js.org/example/audio-element/
It says: wavesurfer.js will automatically fallback to HTML5 Media if Web Audio is not supported. However, you can choose to use audio element manually. Simply set the backend option to "MediaElement"
Without googling (listen I'm jumping in the pool feet first here!), I guess I don't know the exact difference between HTML 5 Media and Web Audio. Or my assumption off my head is Web Audio means the HTML 5 Audio tag, which is different from HTML 5 Media How? Not sure yet. I know nothing.
Regardless, I'll change that code I posted above and add one line of code to the init function:
wavesurfer.init({
container: '#waveform',
waveColor: '#A8DBA8',
progressColor: '#3B8686',
backend: 'MediaElement'
});
Running in Chrome now, I get:
It plays. But no waveform.
I mean, I go to the wavesurfer.js website with Chrome and all the demos work. I don't get it. On top of that, I'm concerned about forcing things with the 'MediaElement' backend property.
What am I missing?
EDIT: Oh for goodness sake. I took the same html5.html file (without the back end 'MediaElement' property) and session.wav file and placed them on a web server (IIS). Now, I'm fetching the page through a web server instead of working local to my desktop. Works in Edge and Chrome (and Opera - tried that too!) - No problem. Must be something about working locally that Chrome and Edge don't like. I'll leave this question open - green check marks await for that person that adds valuable info!
Chrome (in an effort to maintain better security involving file system access) prevents the dynamic loading of anything from the file protocol. This (as well as a deep discussion about why this is both a good idea and a bad idea) is referenced here:
https://bugs.chromium.org/p/chromium/issues/detail?id=47416
My personal favorite quote is this one (I have so been this guy in the past):
Your local file policy is 'over the top' as regards security and I urge you to reconsider, please don't fall into the trap of making your browser so secure that it ceases to be useful or usable. Allow the user to decide as Microsoft do with a simple option choice or, God help me, another yellow bar.
You can disable this by launching Chrome with the command line argument --allow-file-access-from-files or by (as you found out) just spinning up a web server, if you want an even easier server I would recommend Python's SimpleHTTPServer which you can start from any directory (in Windows, Mac OSX and Linux) by typing python -m SimpleHTTPServer 8000 (it comes standard with any version of Python)
I've been hacking round for about a week trying to work this out, so finally cracked and asked a question:
My setup is Raspberry Pi 2 running Apache and IBM's Node-Red. I'm using Apache to serve up a simple web page which calls Node-Red to kick off a flow (in this case it's to switch on and off lights via Open Zwave.)
The following solution works on desktop browsers (firefox / IE 11) but not on mobile browsers (IE on WP8.1 and Android browser). However the code triggers the "Alert" from mobile browsers, just not the $.get() Any ideas?
Note that I've used two different methods of calling the target, one proper JSON, the other just a string. Both work on desktop browsers, both fail mobile browsers.
Header:
<meta http-equiv="X-UA-Compatible" content="IE=10; IE=11; IE=edge"/>
<script type="text/javascript" src="./js/jquery-2.1.4.min.js"></script>
Script Section:
<script>
// Wait until the page is loaded so that all the IDs are setup
$(document).ready(function(){
$('img').click(function(){
switch ($(this).attr('id')) {
case 'node-3-on':
$.get("http://node-red:1880/setValueBinary.html", {nodeid:"3", value:"1"});
alert ("node 3 on");
break;
case 'node-3-off':
// alert ("node 3 off");
$.get('http://node-red:1880/setValueBinary.html?nodeid=3&value=0');
break;
// removed further case statements
default:
alert ("You shouldn't see this, some sort of error has happened.");
};
});
});
</script>
HTML:
<p><b>Switch 3:</b></p>
<p> <img src="images/green-tick.png" id="node-3-on" alt="Switch On" height="100" width="100" />
<img src="images/red-cross.png" id="node-3-off" alt="Switch Off" width="100" height="100"/></p>
At the suggestion of a workmate I installed Chrome and set it up to do remote debug on my Android phone.
https://developer.chrome.com/devtools/docs/remote-debugging
It turns out that the problem was that for some reason desktop/laptop/tablet devices can resolve the shortname of the raspberry pi, however mobile phones can't. This is using the same DHCP and DNS servers. I went through the code and added FQDNs to all the URLs and it all works fine now.
I'm sort of glad and sort of livid.
Thanks all for your help.
I have a webpage, lets call it entry.html.
When a user enters this page, a javascript code (see below) is attempting to deep-link the user to the native iOS / Android app.
If the deep-link fails (probably if the app isn't installed on device), user should "fall back" to another page- lets call it fallback.html.
here is the javascript code that is running on entry.html:
$(function(){
window.location = 'myapp://';
setTimeout(function(){
window.location = 'fallback.html';
}, 500);
});
this is a standard deep-linking method that is recommended all over the network; try to deep-link, and if the timeout fires it means that deep-link didn't occur- so fallback.
this works fine, as long app is installed on device.
but if the app isn't installed, this is the behaviour when trying to deep-link:
Mobile Safari: I see an alert message saying "Safari cannot open this page..." for a moment, and then it falls-back properly to fallback.html- which is the expected behaviour.
Mobile Chrome is my problem.
when the app isn't installed, browser is actually redirected to the myapp:// url, which is of course, invalid- so i get a "not found" page, and fall-back doesn't occur.
Finally- my question is:
How can I fix my code so FALL-BACK WILL OCCUR on mobile Chrome as well? just like mobile Safari?
note: i see that LinkedIn mobile website does this properly, with Safari & Chrome, with or without the app installed, but i couldn't trace the code responsible for it :(
note2: i tried appending an iframe instead of window.location = url, this works only on Safari, mobile Chrome doesn't deep-link when appending an iFrame even if app is installed.
Thanks all!
UPDATE:
i found a decent solution, and answered my own question. see accepted answer for my solution.
for whoever is interested, i managed to find a decent solution to solve these issues with deeplinking Chrome on Android.
i abandoned the myapp:// approach, i left it functioning only in cases of an iOS device.
for Android devices, i'm now using intents which are conceptually different than the myapp:// protocol.
I'm mainly a web developer, not an Android developer, so it took me some time to understand the concept, but it's quite simple. i'll try to explain and demonstrate MY solution here (note that there are other approaches that could be implemented with intents, but this one worked for me perfectly).
here is the relevant part in the Android app manifest, registering the intent rules (note the android:scheme="http" - we'll talk about it shortly):
<receiver android:name=".DeepLinkReceiver">
<intent-filter >
<data android:scheme="http" android:host="www.myapp.com" />
<action android:name="android.intent.action.VIEW" />
<category android:name="android.intent.category.BROWSABLE"/>
<category android:name="android.intent.category.DEFAULT"/>
</intent-filter>
</receiver>
now, after this is declared in the app manifest, i'm sending myself an email with "http://www.myapp.com" in the message.
when link is tapped with the Android device, a "chooser" dialog comes up, asking with which application i want to open the following? [chrome, myapp]
the reason this dialog came up upon tapping on a "regular" url, is because we registered the intent with the http scheme.
with this approach, the deeplink isn't even handled in the webpage, it's handled by the device itself, when tapping a matching link to an existing intent rule defined in the Android app manifest.
and yes, as i said, this approach is different by concept than the iOS approach, which invokes the deeplink from within the webpage, but it solves the problem, and it does the magic.
Note: when app isn't installed, no chooser dialog will come up, you'll just get navigated to the actual web page with the given address (unless you have more than 1 browser, so you'll need to choose one... but lets not be petty).
i really hope that this could help someone who's facing the same thing.. wish i had such an explanation ;-)
cheers.
It is very important to make sure that when you try to open a deeplink URL with JavaScript that the URL is properly formatted for the device and browser. (If you do not use the appropriate deeplink URL for the browser/platform, a user may be redirected to a “Page Not Found”, which is what you experience.)
Now you must note that Chrome on Android has a different URL format than the old standard Android browser 1! You need to annotate the deep links using href="android-app://" in the HTML markup of your web pages. You can do this in the section for each web page by adding a tag and specifying the deep link as an alternate URI.
For example, the following HTML snippet shows how you might specify the corresponding deep link in a web page that has the URL example://gizmos.
<html>
<head>
<link rel="alternate"
href="android-app://com.example.android/example/gizmos" />
...
</head>
<body> ... </body>
For more details, see the references here:
https://developer.chrome.com/multidevice/android/intents
https://developers.google.com/app-indexing/webmasters/server
https://developer.android.com/training/app-indexing/enabling-app-indexing.html#webpages
And here's a deep link testing tool for Android: https://developers.google.com/app-indexing/webmasters/test.html
Hope that helps.
1 Since the old AOSP browser was replaced by chromium, this is now the default way to handle deep links for recent Android versions. Nonetheless, Android still requires a conditional soltion, because older OS versions still use the AOSP browser.
I have created a Javascript plugin, which supports most of the modern browsers on mobile. But it requires to have deep linking landing pages to be hosted on cross domain(different than universal link url) to work on ios9 Facebook using universal linking. There is also different way to get that working on the Facebook iOS9 using Facebook SDK. I am sharing this if anyone might find this helpful. Currently it does not fallback option, but if falls back to the App Store.
https://github.com/prabeengiri/DeepLinkingToNativeApp
I am Using this Code to for deeplinking.
If the app is installed the app will open up..
If the app is not installed then this remains as it is..
If you wish to add any other condition for app no install then just uncomment the setTimeout code .
<script>
var deeplinking_url = scootsy://vendor/1;
$(document).ready(function(){
call_me_new(deeplinking_url);
});
var call_me_new = function(deeplinking_url){
if(deeplinking_url!=''){
var fallbackUrl ='http://scootsy.com/';
var iframe = document.createElement("iframe");
var nativeSchemaUrl = deeplinking_url;
console.log(nativeSchemaUrl);
iframe.id = "app_call_frame";
iframe.style.border = "none";
iframe.style.width = "1px";
iframe.style.height = "1px";
iframe.onload = function () {
document.location = nativeSchemaUrl;
};
iframe.src = nativeSchemaUrl; //iOS app schema url
window.onload = function(){
document.body.appendChild(iframe);
}
//IF the App is not install then it will remain on the same page.If you wish to send the use to other page then uncomment the below code and send a time interval for the redirect.
/*
setTimeout(function(){
console.log('Iframe Removed...');
document.getElementById("app_call_frame").remove();
window.location = fallbackUrl; //fallback url
},5000);*/
}
};
</script>
setTimeout(function () { if (document.hasFocus()) { window.location = 'URL WILL BEHERE';} }, 2000);
window.location = 'app://';
Need to check document.hasFocus() here because if app is open then playstore url is also open in browser
I also had similar issue, there is a possible alternative for this. If the app is not installed on user's device we can redirect that to some other url.To know more about it Check Here
Example:
Take a QR code
In my case its working fine in opera and chrome browser my deeplink url is
"intent://contentUrl + #Intent;scheme=" +envHost +;package="+envHost+";end";
For other browser create iframe and append the url.
Note -: iframe url append having issue with old device and in firefox its opening app dialog .
I'm working on a solution to speed our website up. I'm having the client first ajax load the expected next page of the application:
$.ajax({url: '/some/real/path', ...});
The server responds to this and includes in the header:
Cache-Control => 'max-age=20'
which marks the response as being cachable.
The clientside application then waits to see if its prediction was correct, and upon finding that it was, transitions the browser to that same page, but adds a few bits of information into the URL as a # fragment, where this info is available to us only when the user has actually committed their action (i.e. not predictable):
location.href = '/some/real/path#additionalInfoInFragement';
When the browser transition to the page the additional info in the fragment is picked up by that page's javascript and worked to achieve some effect there.
For all browser, including Safari, the response to the starting ajax request IS properly inserted into the browser cache.
And then, for all browsers except Safari, the browser pulls that content out of the cache when we effect the location.href transition to that page. This avoids the server hit and is the basis for our speed-up.
Safari though is not using the cache to re-serve the content. It seems to get tripped up by the '#additionalInfoInFragment' part of the transition. It is including the fragment in its construction of the cache key it uses to check for existing cached content. Here are the entries from Safari's cache.db file, which I dumped via sqlite:
* ajax request: INSERT INTO "cfurl_cache_response" VALUES(3260,0,-1982644086,0,'http://localhost:8080/TomcatScratchPad/EmptyPage','2012-05-14 07:01:10');
* location.href transition: INSERT INTO "cfurl_cache_response" VALUES(3276,0,-230554366,0,'http://localhost:8080/TomcatScratchPad/EmptyPage#wtf','2012-05-14 07:01:20');
Also notable is the fact that Chrome is behaving correctly, even though both share a tremendous amount of WebKit code.
I would really appreciate any ideas the community has. Thanks!
I see only a couple of options:
File a bug report with Apple and don't worry about it. :-) Your caching stuff will still work for other browsers. Overall, Safari has a very small market share, although of course if your site is targeted at (say) iPad or iPhone users, that rather changes the nature of the stats for your specific site. :-) (You presumably know from your logs how big your Safari audience is.)
Sub-category: If Safari is a big part of your target market and this really bothers you, see if it's a bug in any of the open source parts of it and, if so, offer a patch.
Don't use the fragment identifier to pass the information, use something else (a cookie perhaps) instead.
I am using a mobile network based internet connection and the source code is being rewritten when they present the site to the end user.
In the localhost my website looks fine, but when I browse the site from the remote server via the mobile network connection the site looks bad.
Checking the source code I found a piece of JavaScript code is being injected to my pages which is disabling the some CSS that makes site look bad.
I don't want image compression or bandwidth compression instead of my well-designed CSS.
How can I prevent or stop the mobile network provider (Vodafone in this case) from proxy injecting their JavaScript into my source code?
You can use this on your pages. It still compresses and put everything inline but it wont break scripts like jquery because it will escape everything based on W3C Standards
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
On your server you can set the cahce control
"Cache-Control: no-transform"
This will stop ALL modifications and present your site as it is!
Reference docs here
http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9.5
http://stuartroebuck.blogspot.com/2010/08/official-way-to-bypassing-data.html
Web site exhibits JavaScript error on iPad / iPhone under 3G but not under WiFi
You're certainly not the first. Unfortunately many wireless ISPs have been using this crass and unwelcome approach to compression. It comes from Bytemobile.
What it does is to have a proxy recompress all images you fetch smaller by default (making image quality significantly worse). Then it crudely injects a script into your document that adds an option to load the proper image for each recompressed image. Unfortunately, since the script is a horribly-written 1990s-style JS, it craps all over your namespace, hijacks your event handlers and stands a high chance of messing up your own scripts.
I don't know of a way to stop the injection itself, short of using HTTPS. But what you could do is detect or sabotage the script. For example, if you add a script near the end of the document (between the 1.2.3.4 script inclusion and the inline script trigger) to neuter the onload hook it uses:
<script type="text/javascript">
bmi_SafeAddOnload= function() {};
</script>
then the script wouldn't run, so your events and DOM would be left alone. On the other hand the initial script would still have littered your namespace with junk, and any markup problems it causes will still be there. Also, the user will be stuck with the recompressed images, unable to get the originals.
You could try just letting the user know:
<script type="text/javascript">
if ('bmi_SafeAddOnload' in window) {
var el= document.createElement('div');
el.style.border= 'dashed red 2px';
el.appendChild(document.createTextNode(
'Warning. Your wireless ISP is using an image recompression system '+
'that will make pictures look worse and which may stop this site '+
'from working. There may be a way for you to disable this feature. '+
'Please see your internet provider account settings, or try '+
'using the HTTPS version of this site.'
));
document.body.insertBefore(el, document.body.firstChild);
}
</script>
I'm suprised no one has put this as answer yet. The real solution is:
USE HTTPS!
This is the only way to stop ISPs (or anyone else) from inspecting all your traffic, snooping on your visitors, and modifying your website in flight.
With the advent of Let's Encrypt, getting a certificate is now free and easy. There's really no reason not to use HTTPS in this day and age.
You should also use a combination of redirects and HSTS to keep all of your users on HTTPS.
You provider might have enabled a Bytemobile Unison feature called "clientless personalization". Try accessing the fixed URL http://1.2.3.50/ups/ - if it's configured, you will end up on a page which will offer you to disable all feature you don't like. Including Javascript injection.
Good luck!
Alex.
If you're writing you own websites, adding a header worked for me:
PHP:
Header("Cache-Control: no-transform");
C#:
Response.Cache.SetNoTransforms();
VB.Net:
Response.Cache.SetNoTransforms()
Be sure to use it before any data has been sent to the browser.
I found a trick. Just add:
<!--<![-->
After:
<html>
More information (in German):
http://www.programmierer-forum.de/bmi-speedmanager-und-co-deaktivieren-als-webmaster-t292182.htm#3889392
BMI js it's not only on Vodafone. Verginmedia UK and T-Mobile UK also gives you this extra feature enabled as default and for free. ;-)
In T-mobile it's called "Mobile Broadband Accelerator"
You can Visit:
http://accelerator.t-mobile.co.uk
or
http://1.2.3.50/
to configure it.
In case the above doesn't apply to you or for some reason it's not an option
you could potentially set-up your local proxy (Polipo w/wo Tor)
There is also a Firefox addon called "blocksite"
or as more drastic approach reset tcp connection to 1.2.3.0/24:80 on your firewall.
But unfortunately that wouldn't fix the damage.
Funny enough T-mobile and Verginmedia mobile/broadband support is not aware about this feature! (2011.10.11)
PHP: Header("Cache-Control: no-transform"); Thanks!
I'm glad I found this page.
That Injector script was messing up my php page source code making me think I made an error in my php coding when viewing the page source. Even though the script was blocked with firefox NoScript add on. It was still messing up my code.
Well, after that irritating dilemma, I wanted to get rid of it completely and not just block it with adblock or noscript firefox add ons or just on my php page.
STOP http:// 1.2.3.4 Completely in Firefox: Get the add on: Modify
Headers.
Go to the modify header add on options... now on the Header Tab.
Select Action: Choose ADD.
For Header Name type in: cache-control
For Header Value type in: no-transform
For Comment type in: Block 1.2.3.4
Click add... Then click Start.
The 1.2.3.4 script will not be injected into any more pages! yeah!
I no longer see 1.2.3.4 being blocked by NoScript. cause it's not there. yeah.
But I will still add: PHP: Header("Cache-Control: no-transform"); to my php pages.
If you are getting it on a site that you own or are developing, then you can simply override the function by setting it to null. This is what worked for me just fine.
bmi_SafeAddOnload = null;
As for getting it on other sites you visit, then you could probably open the devtools console and just enter that into there and wipe it out if a page is taking a long time to load. Haven't yet tested that though.
Ok nothing working to me. Then i replace image url every second because when my DOM updates, the problem is here again. Other solution is only use background style auto include in pages. Nothing is clean.
setInterval(function(){ imageUpdate(); }, 1000);
function imageUpdate() {
console.log('######imageUpdate');
var image = document.querySelectorAll("img");
for (var num = 0; num < image.length; num++) {
if (stringBeginWith(image[num].src, "http://1.1.1.1/bmi/***yourfoldershere***")) {
var str=image[num].src;
var res=str.replace("http://1.1.1.1/bmi/***yourfoldershere***", "");
image[num].src = res;
console.log("replace"+str+" by "+res);
/*
other solution is to push img src in data-src and push after dom loading all your data-src in your img src
var data-str=image[num].data-src;
image[num].src = data-str;
*/
}
}
}
function stringEndsWith(string, suffix) {
return string.indexOf(suffix, string.length - suffix.length) !== -1
}
function stringBeginWith(string, prefix) {
return string.indexOf(prefix, prefix.length-string.length) !== -1
}
An effective solution that I found was to edit your hosts file (/etc/hosts on Unix/Linux type systems, C:\Windows\System32\drivers\etc on Windows) to have:
null 1.2.3.4
Which effectively maps all requests to 1.2.3.4 to null. Tested with my Crazy Johns (owned by Vofafone) mobile broadband. If your provider uses a different IP address for the injected script, just change it to that IP.
Header("Cache-Control: no-transform");
use the above php code in your each php file and you will get rid of 1.2.3.4 code injection.
That's all.
I too was suffering from same problem, now it is rectified. Give a try.
I added to /etc/hosts
1.2.3.4 localhost
Seems to have fixed it.