I have an error related to CORs for a test deployment of OpenCPU, which may get its own question, but for now I'd like it to fail without notifying the end user via a popup - is this possible?
The error I see in the browser console is due to the website swapping TLD as you navigate:
XMLHttpRequest cannot load http://104.XX.3.XX/ocpu/library/predict/R/. The 'Access-Control-Allow-Origin' header has a value 'http://www.XXXX.com' that is not equal to the supplied origin. Origin 'http://www.XXXX.dk' is therefore not allowed access.
And a popup appears:
I'd like to ensure if there are possible future errors it doesn't detract for the user experience - in this case OpenCPU is used for a non-essential function of the website.
Found via a non-specific to OpenCPU question
// suppress alerts
window.alert = function ( text ) { console.log( 'tried to alert: ' + text ); return true; };
Related
I need to run my custom protocol twice but it doesn't work the second time, I got this error ( Not allowed to launch 'cutomProtocol' because user gesture is required. ) I tried to find a solution but I did not find any!
Same problem with chrome, firefox and edge.
I need to see this popup twice
window.location.href = 'my-protocol://${base64}';
and
customProtocolVerify(
`my-protocol://${base64}`,
() => {
// successCb: Callback function which gets called when custom protocol is found.
console.log('My protocol found and opened the file successfully..');
},
() => {
// failCb: Callback function which gets called when custom protocol not found.
console.log('My protocol not found.');
}
);
I tried with these two and didn't work
Clarification
I have a custom protocol.
My scenario:
check if it's installed successfully (I'm using customProtocolVerify method) and that method makes the launch if the protocol is found
run some APIs
launch the protocol again
My problem:
Step 3 doesn't work, I have the error on the console that says " Not allowed to launch... " and of course I can't see my popup to open my protocol.
I'm asking for help to make step 3 work
The only way to bypass this "bug" is to ask the user twice (or in a loop) by showing a OK alert or some sort of user confirm box.
My solution:
OpenLinkInExternalApp(Link);
alerty.alert('', { title: '', okLabel: 'Open Link' }, function () {
OpenLinkInExternalApp(Link);
});
The above code will open the external app, then a OK alert will pop up, after clicking OK, I call the same code again. Do this in a loop if needed.
TIP:
We guide our users to use split screen at this stage. This is where users can dock your web-app on the left and the external app on the right as an example.
Alert Box:
We user Alerty.js https://github.com/undead25/alerty#readme
I'm learning Cypress and for that purpose I am using this site: automationpractice.com.
Scenario: Sign up. In the sign up form the app validate the email (1) then it is redirected to another form (2).
In this flow, Cypress throws the following error:
CypressError: Cypress detected a cross origin error happened on page load:
> Blocked a frame with origin "http://automationpractice.com" from accessing a cross-origin frame.
Before the page load, you were bound to the origin policy:
> http://automationpractice.com
A cross origin error happens when your application navigates to a new URL which does not match the origin policy above.
I don't know why of this error, the form 2 is not inside an iframe, is the same url. Anyone knows?
Trying to fix it, "chromeWebSecurity": false was added to cypress.json. Then, after "Register an Account" button is clicked the second form is loaded inside cypress viewport but cypress changes the url to http://automationpractice.com/__/#account-creation, so the form disappears and the fields are not located.
I suppose that avoiding that cypress change the url I can solve this issue. But, I couldn't find any related in the documentation. Anyone knows how to solve it?
// test.spec.js
context('Cypress Training', () => {
beforeEach(() => {
cy.visit('http://automationpractice.com/index.php?controller=authentication&back=my-account')
})
it('Register user', () => {
const email = 'test#test.test.test';
// form 1
cy.get('#email_create').type(email)
cy.get('#SubmitCreate').click();
// form 2
cy.wait(3000)
cy.get('#id_gender1').click()
})
})
The solution is here: https://github.com/cypress-io/cypress/issues/7402
You have to upgrade cypress to version 4.6.0 and add
{
"experimentalSourceRewriting": true
}
to cypress.json
I am trying to combine Github Pages with Google Apps Script so I can have Server Side Scripting with Github Pages. I try to connect to the Google Script web app using:
<script src="https://script.google.com/macros/s/NO_LINK_FOR_YOU/dev">
</script>
(I need that /dev there, google script says nothing was returned when I don't use it.)
That is supposed to (and does) return:
return ContentService.createTextOutput("window.onload = function(){document.getElementById(\"request\").innerHTML = \"Generated: " + generateRandomNumber(10, 42) + "\";}");
Which outputs this:
window.onload = function(){document.getElementById("request").innerHTML = "Generated: 28";}
(Of course, it would not always be 28.)
When I load this into the browser, it does nothing. I looked in inspect element and it says that it's returning the code 302 (Temporarily Moved). This is usually used for redirects, and content service always makes the browser redirect "for security reasons", so this is expected.
But how can I get the browser to follow that redirect and get the script from there? Can I even do that?
In this case, a mimetype error occurs, since mimetype is not set. So please add setMimeType() as follows.
return ContentService
.createTextOutput("window.onload = function(){document.getElementById(\"request\").innerHTML = \"Generated: " + generateRandomNumber(10, 42) + "\";}")
.setMimeType(ContentService.MimeType.JAVASCRIPT);
I have been trying to build a kind of Hello World project using Google + SignIn. I followed the tutorial at https://developers.google.com/+/web/signin/, with my (excerpted) code being:
...
<script>
function signinCallback(authResult) {
//location.reload();
//var x = 0
//while(x=0){
if (authResult['access_token']) {
// Successfully authorized
// Hide the sign-in button now that the user is authorized, for example:
document.getElementById('signinButton').setAttribute('style', 'display: none');
//document.getElementById("secret").innerHTML = ("<p>Non-Conspicuous Link to Super Secret Page</p>");
//alert("IT WORKED");
document.getElementById("secret").innerHTML=("Non-Conspicuous Link to Super Secret Page");
document.getElementById("game").innerHTML=("Non-Conspicuous Link to Super Secret Game Page");
document.getElementById('refresh').setAttribute('style', 'display: none');
//alert("Please Refresh");
} else if (authResult['error']) {
// There was an error.
// Possible error codes:
// "access_denied" - User denied access to your app
// "immediate_failed" - Could not automatically log in the user
console.log('AuthERROR: ' + authResult['error']);
//alert("ERROR: A team of poorly trained robots has been dispatched to handle the situation. If they arive, tell them '" + authResult['error'] + "'");
}
}
</script>
...
<span id="signinButton">
<span
class="g-signin"
data-callback="signinCallback"
data-clientid="CLIENT ID"
data-cookiepolicy="single_host_origin"
data-requestvisibleactions="http://schemas.google.com/AddActivity"
data-scope="https://www.googleapis.com/auth/plus.login"
data-width="wide"
data-theme="light">
</span>
...
<p id="secret"></p>
...
When I run the code in Google Chrome (Version 29.0.1547.18 dev-m), I get this error:
Blocked a frame with origin "https://accounts.google.com" from accessing a frame with origin "https://apis.google.com". Protocols, domains, and ports must match.
The code in my signinCallback function is called on the page's first load, but doesn't run when the button is used for sign in. The code isn't executed until the page is reloaded.
However, this issue does not occur in Firefox, so it seems to be an error isolated to Chrome. I have not yet tested any other browsers.
Is there anyway to solve this issue?
Thanks!
I was adapting the java hybrid server-side flow quick-start app and having the "blocked frame" error even when using https. I found that the error was triggered by this block of javascript client-side code (within the onSignInCallback function):
for (var field in authResult) {
$('#authResult').append(' ' + field + ': ' +
authResult[field] + '<br/>');
}
The code above is part of the quick-start app and is there for education purposes only. The error occurs when enumerating or getting a certain field within the authResult object. Removing the above code (or surrounding it with a try-catch block) solved the problem.
Turns out that the reason that my button wasn't authenticating without a refresh was beacuse I forgot to close my <script> on my server, even though it was closed in the code in my question.
For the error it does seem like you can ignore it (thanks #Ismael ToƩ).
I have an iframe FB app. We have three places where we develop it: My localhost, stage server where we test the app, production server. Localhost and production have HTTPS. Localhost and stage apps have sandbox mode enabled. All versions of app are identical, code is the same. Stage and production are totally the same server machine with the same settings except of the HTTPS.
Now what is happening only at my stage server app: When I click on something where jQuery UI dialog should be summoned, it raises following error in my Firebug: Permission denied to access property 'Arbiter'. No dialog is summoned then. It's raised in somehow dynamically loaded canvas_proxy.php, within this code:
/**
* Parses the fragment and calls Arbiter.inform(method, params)
*
* #author ptarjan
*/
function doFragmentSend() {
var
location = window.location.toString(),
fragment = location.substr(location.indexOf('#') + 1),
params = {},
parts = fragment.split('&'),
i,
pair;
lowerPageDomain();
for (i=0; i<parts.length; i++) {
pair = parts[i].split('=', 2);
params[decodeURIComponent(pair[0])] = decodeURIComponent(pair[1]);
}
var p = params.relation ? resolveRelation(params.relation) : parent.parent;
// The user is not inside a frame (probably testing on their own domain)
if (p == parent || !p.Arbiter || !p.JSON) {
return;
}
p.Arbiter.inform(
'Connect.Unsafe.'+params.method,
p.JSON.parse(params.params),
getBehavior(p, params.behavior));
}
The line if (p == parent || !p.Arbiter || !p.JSON) { raises it. My script code linking the JS API looks like this:
<script src="https://connect.facebook.net/en_US/all.js#appId=APPID"></script>
Have anyone any clue why this could be happening? I found this and this, but these issues doesn't seem to be helpful to me (or I just don't get it). Could it be because of the HTTPS? Why it worked the day before yesterday? I am desperate :-(
whenever you have a permission denied message and you are dealing with frames or iframes, it's a document domain issue. One document belongs to domain x and the other is domain y. And notice that www.domain.com and domain.com are not the same document domains!
When you are tapping into the DOM of one framed document from another one, (whether it is for the purpose of changing the values of a page element or simply reading the values of some hidden variable or url etc), you will get a permission denied message unless both framed documents are served from the same/identical domains.
So, if one frame belongs to www.mydomain.com and the other happens to be just mydomain.com or www.someotherdomain.com, you get that bloody permission denied error.
And there is no way around it. And If there were, the identity theft problem would have sky-rocketed in no time.