for several days I'm struggling with putting ads to my personal website and since I'm already out of ideas I would like to ask you for help. Any idea or suggestion is highly welcome because I'm really desperate.
I got a short JS code from the ad network to put on my website. The code basically loads, dynamically creates iframe and loads ad content to this iframe from the ad company (more or less standard approach).
However in my case the iframe is created but the content is not loaded until I refresh the page one or more times.
The symptoms I identified are following:
it happens only on my site, ads from the same ad network work fine on different webs in the same browser
I'm able to reproduce the same behavior on different browsers, devices and operating systems = not local issue
the problem is not in my CMS (Wordpress)
To isolate the problem and make sure that the issue is not in any of Wordppress plugins or Wordpress itself I created simple test page on the same domain out of Wordpress:
https://www.beapple.pro/test.html
Just pure HTML, short text and the ad code. When you open this page the ad is not loaded on the first load, it must be refreshed.
I also found out that if I disable cross-domain tracking prevention in the browser (e.g. Safari) it works fine. However the ads from this network should work even if no cookie is set. And after several refreshes of the page it works as well no matter if the cookie is set or not. As I said ads from the same ad network work on different sites fine, therefore the dependency on cookies is probably not important. If the ad is finally displayed, it stays fine for some minutes and then it disappears again (probably cache).
I also tracked the HTTP request / response communication when the iframe is loaded. I found out that that the response contains empty HTML code if the ad is not displayed (at least this is what browser shows me in debug mode). The ad company told me that the request probably times out due to slow connection however I do not believe them since I verified the same behavior from different places and different connections.
The behavior is very strange and despite my effort I did not find root cause of the issue. If it happened only on my machine, I would say it is a local problem, if I had the same problem on all webs, I would say it is problem of the ad company. However it can be reproduced on any device (with blocking of 3rd party cookies enabled) but only on my domain.
Please help, you are my last resort. Thanks a lot for any input.
UPDATE: Any workaround is welcome as well. I did not figure out how to refresh the iframe reliably. Since I cannot access the inner html of the iframe due to browser security rules, it is hard to find out if there is any content or not = if refresh worked.
Related
I've been working on a requirement that involves a website fetching/manipulating data stored on a different domain. There didn't seem a way except for enabling CORS on the other server to allow me to get and modify data from a different domain. However, that caused some issues with Office 365 apps and I had to take a different approach.
The approach is to use postMessage to talk to a hidden iframe (not a good approach, but I was insisted to use it) on the page that is running on the target domain. The source page posts message along with information about the REST call to the hidden iframe which makes a requests on behalf of the parent page and uses postMessage to return back the results.
Everything works fine except for when the website is being used on an iPhone. Turned out placing alert calls in the script running inside the target iframe makes it to work but removing the alert calls sort of disables the target iframe from making those cross-origin network calls.
My theory is that it is due to the security of mobile Safari that in order to make cross-origin calls from an iframe running on a different domain, the user needs to provide their consent by interacting at least once with the embedded iframe. Does that sound correct?
The comment by diodeus-james-macfarlane is the closest that we could go but the iframe being hidden, there was no way we could have placed a control for the user to interact with, even if that was only for it to work.
To my surprise, turning off a setting on the SharePoint site made it work. The setting was around mobile view compatibility and without that, the iframe is able to make HTTP requests, send and receive messages to and from the parent webpage.
Apologies if this is a roundabout way of asking this question, but I am a little confused about how the web and javascript work.
What I want to do: execute javascript on all pages of a list of urls I have found. (Specifically use jquery to pull info from them)
Problem I can't execute Javascript on these pages because they aren't mine and don't have the Access-Control-Allow-Origin header. So I can't load them (with AJAX) in order to use JQuery on them.
BUT Google Chrome can both load pages and execute javascript on them (with their developer's console). So if I wanted too, I could go to each page, open the developers console, and pull the information from there. If there's nothing stopping Chrome from accessing these, then why am I stopped? And, is there a way around this?
Thank you, and I hope my description makes sense. I've been researching this for a while but have found nothing that explains how seemingly inconsistent CORS is.
I could go to each page, open the developers console, and pull the information from there. If there's nothing stopping Chrome from accessing these, then why am I stopped?
You're not stopped. You, the human at the keyboard, can do exactly as you say, by visiting each page as a top-level page.
What is stopped -- happily -- is any and all scripts on the Web you happen to run having the same level of visibility that you do. Based on your cookies and your network topology, you have a unique view into the Web. You can see your home router's control interface (on 192.168.1.1 or similar). You can see any local web server you're running on 127.0.0.1. No one else can see these. If the same-origin policy were not in place, then any script that you loaded on the Web could inspect these.
And, is there a way around this?
If you have some scripts that you trust absolutely (hopefully a significant subset of "all scripts that exist on the Web") that you want to be able to bypass the same-origin policy and see your full, cross-domain view of the Web, you could load them as an extension, which can act with elevated permissions beyond the abilities of normal web pages. (See How does Same Origin Policy apply to browser extensions?)
I'm going to assume that you are looking to grab data from these pages that aren't yours and store it somewhere. I have done this before with curl using php. If you are looking to display these sites for users to interact in a different way, but starting from a page that is yours, you may be able to render these pages by grabbing the source html using curl and rendering it as a sort of proxy.
I've used this tutorial for something similar https://www.youtube.com/watch?v=_kQN-3aNCeI . Hopefully this gives you a start. I think you should be a little more detailed in your question though to get more help.
If I open my webpage and then look at developer tools on the browsers like chrome/firefox/ie, I see multiple copies of the same view/javascript files loaded. This can potentially screw up how javascript behaves wrt to its state.
Almost everytime, doing page refresh would solve it.
This happens very randomly.
I am not at liberty to post my code, but the set up is nginx/thin/ruby/haml.
What can lead to such behavior? is the problem on the server side or browser side?
Our initial hunch was that may be they are multiple versions of the same doc, but all of them are exact replicas. So I ruled out caching as possible culprit.
More info about the page:
No dynamic loading of scripts - simple script tags
No frames on the page - simple body tag with a form in it
No advertisement scripts on the page
happens on all browsers
intermittent - frequency is like once in 500 page loads
How can I stop loading a web page if it uses a frame-buster buster as mentioned in this question, or an even stronger X-Frame-Options: deny like stackoverflow.com? I am creating a web application that has the functionality of loading external web pages into an <iframe> via javascript, but if the user accidentally steps on to websites like google.com or stackoverflow.com, which have a function to bust a frame-buster, I just want to quit loading. In stackoverflow.com, it shows a pop up message asking to disable the frame and proceed, but I would rather stop loading the page. In google, it removes the frame without asking. I have absolutely no intent of click jacking, and at the moment, I only use this application by myself. It is inconvinient that every time I step on to such sites, the frames are broken. I just do not need to continue loading these pages.
Edit
Seeing the answers so far, it seems that I can't detect this before loading. Then, is it possible to load the page in a different tab, and then see if it does not have the frame-buster buster, and then if it doesn't, then load that into the <iframe> within the original tab?
Edit 2
I can also acheive the header or the webpage as an html string through the script language (Ruby) that I am using. So I think I indeed do have access to the information before loading it into an <iframe>.
There's no way to detect this before loading the page since the frame busting is done via a header or is triggered via JavaScript as the page is loading.
Without a server backend you won't be able to as you are pretty limited with the amount of tinkering you can do in javascript due to crossdomain policies.
You might want to consider creating some sort of a blacklist for URLs to stay away from...
This may not seem like a development question but there is a link.
I have been experiencing some issues loading some web pages from my development machine. They were painfully slow. I disregarded this until I tried running my own site and found that the culprit was the show.ad.js file provided by google adsense.
Using firebug I see that the page hangs on the loading of this file and then aborts after about 5-10seconds. If I am calling multiple database records to a page it will load one, hang, abort and then load another.
Trouble shooting I have done and things I can rule out are:
My router or any other external peripheral. If I go to any other PC in the house the page loads fine and very quickly. I have tried cabled and wireless. The problem appears to be something unique with my machine.
It is not just my website, it is all websites with google adsense.
I have turned off my firewall and shutdown anti virus. No change.
It is from all browsers on this PC. I have tried chrome, safari, firefox and ie. No change.
I do not have any ad blocker software installed that I know about.
I know there could be a million reasons why I could be having this problem but I thought someone out there may have had a similar experience. Failing that, is there any way I can trace the problem as I have no idea where to start.
Thanks in advance
Put it as far down in the page as possible to minimize interference with rendering other elements.
I've worked on high volume sites where we would intermittently experience issues loading Google and other 3rd party js; we determined that the issue was with the 3rd party servers, not us; the only thing you can do (other than turning off adsense) is to organize the page so that it renders even if you can't load the 3rd party components.
Have you checked your hosts file? There may be a bogus IP address for the AdSense host defined there. This file is plain text and is located at %SystemRoot%\system32\drivers\etc\hosts on Windows boxes, with no extension. (%SystemRoot% is typically C:\WINDOWS on a default install.)
Also, there may be a bad IP address in your DNS cache. Run ipconfig /flushdns to clear it.