JavaScript, images, and css do not load in Firefox over HTTPS - javascript

This is one of those issues where I'm going to punch myself in the face for not figuring out, but here goes anyway.
I've got a simple Laravel app (Laravel really has nothing to do with this anyway) and I need it to load its assets. The problem is, nothing loads. If you view page source and click on one of the links to the asset, it loads fine. If you view the network panel in firebug, no requests are even made for the files. That's 0 requests being made for the files.
I should mention, though, that this only happens in firefox. An item of note is that this page is served over HTTPS via self signed certificate (it's on a dev machine). Chrome and Safari both load the assets fine.
Let me know if you need any more information and I'll be happy to provide.
Here are some screens

It might be that you are using a http protocol for the resources whereas your page is being served with a https protocol as you say. Match the protocol for the page with the protocol for the resources that you are loading. e.g. You could use //: rather than http:// or https:// for your resources.

This issue was very obscure, and I didn't find it until starting Firefox in safe mode. This disabled all addons. When I did that, the page worked fine. The source of the issue was Adblock Plus. After disabling that addon the page works just fine. For some reason Adblock Plus doesn't play well with certain pages over HTTPS, so it may be a bug for them, or the page I was trying to load is being blocked by Adblock (don't know why, it's just a dev machine)

Related

Chrome JS Error: Mixed Content: for roboto

I keep getting the error below ONLY on Chrome Browser, however there is single call to http://fonts.gstatic.com/s/roboto/* within the page nor its included statics files. I do not have any idea why Chrome makes this call nor where it is coming from. Access same url from any other browser works except Chrome.
Please I will appreciate your help on fixing this error
Mixed Content: The page at 'https://www.domainname.com/' was loaded
over HTTPS, but requested an insecure font
'http://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu5mxKOzY.woff2'.
This request has been blocked; the content must be served over HTTPS.
Just for the record and anyone that might be facing similar problem. As #Raj mentioned in his answer, Chrome does not let https sites use resources from http sites.
However, I narrowed down issue when I served an empty page with just HTML & Body tag and confirmed the issue still persisted. This tells me there might be something else wrong somewhere.
And it happened to be one of the installed Chrome Extensions that is injecting this fond resource. I fixed the issue by disabling all Extensions. I will figure out which one was doing the harm by re-enabling them one after another
Chrome does not let https sites use resources from http sites. Changing to https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu5mxKOzY.woff2 will solve the problem
I had the same problem. The solution was to deactivate a chrome plugin. In my case, it was VLC Video downloader, which inserted this path to an unsecure resource.

bookmarklet on https page

I'm trying to make a bookmarklet to use on youtube and other video sites in order to easily get information from the video and store it elsewhere.
From today, apparently I can't do that anymore since youtube force itself on a https connection and from what I've read on chrome's console window, the bookmarklet doesn't run on a https page. Is there a workaround?
Here is the edited code:
javascript:(function(){var jsCode=document.createElement('script');jsCode.setAttribute('src','http://[mysite]/b/enter.php?i=userid&r='+Math.random());document.body.appendChild(jsCode);}());
Google Chrome (and possibly other browsers?) blocks HTTP resources from being accessed from an HTTPS document. This is to prevent "mixed content" attacks, in which insecure HTTP scripts could be intercepted by an attacker in transit over the network and altered to perform any kind of malicious activity (e.g., leak cookies or sensitive page information to a third party). Such a violation would undo any protection granted by HTTPS.
Chrome used to provide a prominent warning that an insecure resource was blocked, but now it no longer does so, and all insecure loads silently fail. The only solution available to you at this time is to use HTTPS yourself when you serve the script.
In Firefox, if you want to run a bookmarklet that references http on an https page, the way to get around this is to temporarily disable security.mixed_content.block_active_content. There are two ways to do this.
go to about:config in a new tab, search for security.mixed_content.block_active_content and then toggle the value to false. Run your bookmarklet and then toggle it back to true (since you probably want it turned on most of the time).
use an add-on / extension to toggle the block. A quick search turned up Toggle Mixed Active Content, and a quick test seemed to work well. There may be others.
Have fun and be careful. Here be dragons!
the bookmarklet doesn't run on a https page
Why not?
Try changing to a HTTPS domain yourself. Usually HTTP content is blocked when you're on a HTTPS domain.
I have created a work-around "fix" for this issue using a Greasemonkey userscript. You can now have bookmarklets on all CSP and https:// sites, plus have your bookmarklets in a nice, easily-editable library file instead of being individually squished into a bookmark.

IOS 6 Caching Everything except Cache Manifest. Updated files never being requested from web server

Our web app is being cached so aggressively in ios 6 app mode that the only file being requested from the web server every time is the cache manifest. We have changed a bunch of scripts and html, but the app never requests the new files. How can I fix this if nothing is requested from the web server? Is there a way that I can fix this in the cache manifest? Bear in mind that we are only using the cache manifest to cache images, fonts, etc and not the js itself. Any help would be much appreciated, I'm stumped!
Edit 1:
The content of the cache manifest has changed. I even put a guid in the cache manifest each time just to ensure that it is different. I've run charles and see that the page keeps requesting the manifest repeatedly, with 200 respone.. Seems to be something really weird going on with the ios 6 native app mode wrapper.
You get all the infos you need on this website: http://appcachefacts.info/
If you want to refresh the cached files, you have to change the content of appcache.manifest.
Maybe this link helps: Is Safari on iOS 6 caching $.ajax results?.
iOS6.0 is caching pretty much everything I assume... In our app, it was Ajax Post being cached and breaking the application. I hope it's fixed with setting cache:false on Ajax requests, but I'm not really sure. Otherwise I will add a random string to all AJAX requests.
Supposedly post-chaching is fixed in iOS6.1 beta, hopefully for web-app mode, too.

Problem loading web pages that contain google adsense

This may not seem like a development question but there is a link.
I have been experiencing some issues loading some web pages from my development machine. They were painfully slow. I disregarded this until I tried running my own site and found that the culprit was the show.ad.js file provided by google adsense.
Using firebug I see that the page hangs on the loading of this file and then aborts after about 5-10seconds. If I am calling multiple database records to a page it will load one, hang, abort and then load another.
Trouble shooting I have done and things I can rule out are:
My router or any other external peripheral. If I go to any other PC in the house the page loads fine and very quickly. I have tried cabled and wireless. The problem appears to be something unique with my machine.
It is not just my website, it is all websites with google adsense.
I have turned off my firewall and shutdown anti virus. No change.
It is from all browsers on this PC. I have tried chrome, safari, firefox and ie. No change.
I do not have any ad blocker software installed that I know about.
I know there could be a million reasons why I could be having this problem but I thought someone out there may have had a similar experience. Failing that, is there any way I can trace the problem as I have no idea where to start.
Thanks in advance
Put it as far down in the page as possible to minimize interference with rendering other elements.
I've worked on high volume sites where we would intermittently experience issues loading Google and other 3rd party js; we determined that the issue was with the 3rd party servers, not us; the only thing you can do (other than turning off adsense) is to organize the page so that it renders even if you can't load the 3rd party components.
Have you checked your hosts file? There may be a bogus IP address for the AdSense host defined there. This file is plain text and is located at %SystemRoot%\system32\drivers\etc\hosts on Windows boxes, with no extension. (%SystemRoot% is typically C:\WINDOWS on a default install.)
Also, there may be a bad IP address in your DNS cache. Run ipconfig /flushdns to clear it.

Opera: .js file won't load

I have a page that calls a script in the header, like so:
<script type="text/javascript" src="http://www.discoverfire.net/analytics/l/a.js"></script>
(Note you will NOT be able to load this script as it is DNSd locally as a staging domain)
Very Simple.
Firefox, IE, Chrome all have no problem with this basic, square-one feature.
Opera, however, refuses to load the script. Any variables or functions in it are "undefined" and in dragonfly, the script tag is shown in the DOM, but the "Script" tab says "No script files found."
I go to google and find random pages, their external .js files seem to work just fine.
Any idea why Opera hates me? Is there a security/javascript thing I am missing?
A few things that may be relevant, but really should make no difference:
The script is on a different domain than the page.
The script is only available on my local network. The domain is DNS'd locally for staging, from outside the network it points somewhere else. Does Opera have a setting to secretly use an external DNS server?
The script works on every other browser I have.
The problem isn't in the script content. I've reduced it to a single line with an alert and it simply won't work in Opera.
Update:
OK, the problem seems to be how Opera treats the domain.
I have moved the script to several other domains, and it DOES work just fine. I've moved it to several paths on the locally DNS'd domain, and it won't work from anywhere on that domain.
This leads me to believe that the problem is that Opera can't, or won't, load the script from this domain for some reason.
Strangely, there seems to be no problem loading pages and other resources from the domain, the problem lies in .js files only.
The domain is registered, but parked. We DNS'd it locally so we can use it for staging/testing, and that may be messing with Opera somehow with JS security.
I could be wrong though - I really have no idea. If anyone else has one, I'd love to hear it.
Update 2:
Regarding Dragonfly and the error console/developer tools, they don't say anything about the script at all. There are plenty of Undefined Variable errors for variables and functions that should be present from the script, but other than that, no errors. Oddly, the script tag does show up in the DOMM, but if I click on the Scripts tab, it says "No Scripts Found".
Update 3:
There is no blocked content, so we can at least rule out that setting.
You may want to see if its ad blocker is getting in the way. Your URL contains the text "analytics," which may be part of a "block this" pattern. I know some block Google analytics through Opera. An easy test for this may be to try moving your .js to a different path on the host.
Have you checked Opera's error console? Tools > Advanced > Error Console
It should provide information on why it won't load or if there another error of some kind.
Like Jacob suggested, you should check if it isn't blocked. To do this:
Right-click on your page
Select "Block Content..." in the context menu
At the top of the screen, click the "Details..." button
You should see the URL's that are blocked on the current page
You should ask in the Opera Forums. I had some problems with Opera in the past and they answered quickly.
Is the host serving the correct mime type of the JavaScript file. It's not a commonly known fact but the type=text/javascript attribute is actually ignored by browsers as it trusts that the server is specifying the correct type.
Additionally the mime type of text/javascript is actually wrong when it comes to JavaScript, the actual JavaScript mime type is application/ecmascript (if I recall correctly, it may be application/javascript though). If you don't believe me you should have a look here where I had more information and linked off to the Douglas Crockfords videos where he discussed the mime type.
I had something similar recently - opera would just not run a script on an external server... nor if I downloaded it and had it on localhost. It only ran when copy/pasted between script tags into the html page.
It turned out that the script was encoded with UTF-16 and that was somehow confusing the browser. When I converted it to UTF-8, everything ran fine.
So, just in case and if you still have that problem, check out the encoding settings...
I had the exact same issue, tying to load a script from a localhost/development server into a page, hosted on the public server at no avail. The only way I managed the script to load in Opera was to save a copy of the page into a location on the same development server and use the tag to refer to the original domain to get the page's .css and .js linked files. That worked. Looks like Opera doesn't like to mix public and localhost domains, but handles localhost without complaints.
what you're seeing is probably Opera's security precaution against the so-called "phish pharm" attacks: cross-network protection. You can not mix content from a public server and content from a local server.
Have a look at my answer here for a workaround:
Opera won't load some JavaScript files

Categories

Resources