I have a Play framework app which handles sensitive data and so enforces SSL.
I'm building a frontend with React.js , but when I try to load
<script src="https://fb.me/react-0.11.1.js" type="text/javascript"></script>
<script src="https://fb.me/JSXTransformer-0.11.1.js" type="text/javascript"></script>
I get the error
[blocked] The page at 'https://localhost:9443/react' was loaded over HTTPS, but ran insecure content from 'http://dragon.ak.fbcdn.net/hphotos-ak-xpf1/t39.3284-6/10173493_255140104677950_2108691993_n.js': this content should also be loaded over HTTPS.
How can I enforce that the transient dependencies are also loaded via https?
The Facebook "CDN" for React doesn't work over HTTPS right now, sorry. You can instead use cdnjs:
http://cdnjs.com/libraries/react
Your script tags will look something like
<script src="https://cdnjs.cloudflare.com/ajax/libs/react/0.11.1/JSXTransformer.js"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/react/0.11.1/react.js"></script>
Related
I'm starting a chrome app. But things like this doesn't work for security reason.
<script src='https://code.jquery.com/jquery-1.11.0.min.js'></script>
<script src='app.js'></script>
So how to add those 2 kind of script to my app?
I tried different things in the manifest file but none of them have been successfull
The simplest way to avoid security issues is to download jquery-1.11.0.min.js and place it in your script directory. This will ensure you won't have security SOAP issues. Then include the files like this:
<script src='/example_local_directory/jquery-1.11.0.min.js'></script>
<script src='/example_local_directory/app.js'></script>
I have added script tag as follows working on a https website.
<script src="http://jsconsole.com/remote.js?xxx-xxxx-x-xx-xxxx"></script>
I replaced the http to https still no luck.
<script src="https://jsconsole.com/remote.js?xxx-xxxx-x-xx-xxxx"></script>
I have downloaded remote.js and added relative path still no luck.
<script src="js/remote.js?xxx-xxxx-x-xx-xxxx"></script>
Any suggestion?
Please, help include custom javascript library "jquery-EmbedPicasaGallery.js" to google site.
I tried 3 methods and always have error:
failed to load external url jquery-EmbedPicasaGallery.js
I tried:
.
<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js"></script>
<script type="text/javascript" src="https://googledrive.com/host/0BziEumkvYpL6Ql9NRFhET2FXM1E/jquery-EmbedPicasaGallery.js"></script>
.
<script type="text/javascript" src="https://docs.google.com/uc?id=0BziEumkvYpL6ZmlHZ2FWQ1NrVG8"></script>
.
<script type="text/javascript" src="https://docs.google.com/uc?id=0BziEumkvYpL6ZmlHZ2FWQ1NrVG8&export=download"></script>
Have you tried downloading the script and running it from your own server?
Is your site being tested on a server, or locally?
It is common for errors to occur when attempting certain things locally, so make sure to run on a server, especially in cases involving php, ajax, canvas image data, http headers, and cookies, to name a few.
I'm using the out-of-the-box JQuery UI tabs- they work fine on an unsecured page but not on the secure https:// page.
I'm calling my scripts like this:
<script src="//code.jquery.com/ui/1.8.22/jquery-ui.min.js" type="text/javascript"></script>
<script src="//jquery-ui.googlecode.com/svn/tags/latest/external/jquery.bgiframe-2.1.2.js" type="text/javascript"></script>
<script src="//jquery-ui.googlecode.com/svn/tags/latest/ui/minified/i18n/jquery-ui-i18n.min.js" type="text/javascript"></script>
Examples here:
http://ntcla.com/fb-static.php and
https://ntcla.com/fb-static.php
(see map at the bottom of the page)
Any help is appreciated!
It looks like there is an SSL cert error on the code.jquery.com link. You could just download it and host it on your own site/CDN.
SSL certificate error will be thrown when you try using any js in following manner
download above files and copy them on your server and access them using relative paths on your script
I'm developing a JavaScript API service. Main html page looks like this:
<html>
<head>
<script type="text/javascript" src="scripts/logic.js"></script>
<script type="text/javascript" src="scripts/jquery-1..."></script>
<script type="text/javascript" src="http://mydomain/api/main.js"></script>
</head>
...
</html>
In the main.js script I load another script from mydomain. I'm doing it by adding script tag ([script.. src="http://mydomain/api/getsomedata.js?callback_id=3434&someparams=..."]). Loaded script imediatly calls API callback function: MyApi.processCallback(...). Everything works ok.
But when I'm trying to load another mydomain script from local file (logic.js), I recive very strange situation: all script global objects are undefined. There is no MyApi object or jQuery $ object which were visible during previous call. So I can't call MyApi callback function.
Perhaps it is because of security restrictions. Anti-XSS, or something similar. I tried to add a X-XSS-Protection header, like in all Google JavaScript APIs. But it did not help.
I don't use IFRAMES.
The problem can be solved exactly, since many cross-site JavaScript API's are working (Google Maps API, etc.) on the same idea.
What is happening in your script?
If you are doing Ajax calls back to the domain, your script will fail with a Same Origin security error. If you need to do communication with your server from another domain, than you need to use JSONP to do it. If you are working with only modern day browser you can get away with CORS.