Permission denied to call method ModalContentWindow.postMessage in Firefox - javascript

I am working with the YouTube Data API v3. Google recommends loading the libs using:
<script src="https://apis.google.com/js/client.js?onload=googleApiClientReady">
It works fine but when I load the script like this into a modal window in Firefox (it's got to be this way. I can't control the way my widget is called by Sitecore) it fails with:
Error: Permission denied for https://accounts.google.com to call method ModalContentWindow.postMessage
It comes from within internal callbacks that Google's client.js calls when loaded even if I omit the ?onload part.
Works fine loaded into a standalone tab. IE and Chrome do fine either way.
Is there a good way to make it work in FF modal window? (I am running 27.0.1 if it matters)
UPDATE: I worked around it by calling YouTube Data API HTTP endpoints directly. I am still wondering though what's up with that postMessage() thingy in FF's modal window and whether it's known to the authors of Google's client.js.

The main problem is that Firefox has policy for capability.policy.default.Window.postMessage.get but it doesn't have policy capability.policy.default.ModalContentWindow.postMessage.get.
There is two way to solve this issue.
add pref for Firefox pref("capability.policy.default.ModalContentWindow.postMessage.get", "allAccess");
instead of loading the script into a modal window directly put it inside iframe. iframe would have class Window.
BTW I faced this issue in FF28. In FF31 everything works fine.

Related

PostHog | Brave Browser Event Tracking Issue

we have implemented Posthog with React and tested the implementation, which is working fine on Chrome and Firefox. But when we are testing it on Brave/Microsoft Edge Browsers it is not working.
We have done some research on this, which says these browsers have default ad blocker feature enabled and I need to manually disable ad blocking.
For resolving Brave browser tracking issue, we have created self hosted cloud front distribution and pass cloud front url in api_host parameter inside posthog.init function but it's not working and I am getting authentication issue. Could you please guide me for the same ?
I have used posthog-js in my react app for tracking events. Everything is working properly on chrome browser but my custom events are not getting triggered on brave browser.
Here is console logs error, please have a look to attached screenshot
The errors in the screenshot are the Brave browser doing its thing and blocking third-party scripts. You can check this using "shields" https://support.brave.com/hc/en-us/articles/360022806212-How-do-I-use-Shields-while-browsing-
I'd recommend you set up a reverse proxy so that traffic to PostHog travels to your own domain. So you would have something like https://my-own-domain.com/e
see https://posthog.com/docs/integrate/proxy
(as in the comment thread above. full disclosure I'm an engineer at PostHog)

Internet Explorer reloads IFrame

I've got a web form (using the ZK framework), let's say at http://www.example.com/myform
This form get's included in my main page (for example http://www.anotherexample.com) in an iframe.
Now the strange thing:
In Internet Explorer 9-11, the IFrame completely reloads whenever I unfocus a field (some field checking happens there). But this ONLY happens in IE and ONLY in the IFrame. If I load the http://www.example.com/myform directly, it works fine.
Another detail that makes the whole thing strange is: If I addtionally open a tab in the IE and load http://www.example.com/myform there, the iframe suddenly also works fine (after one reload).
Unfortunately, IE does not display any errors when reloading the iframe, so I have no clue what happens and why. Other browsers (Firefox, Chrome) work perfectly fine with the IFrame.
Any clues what might be the reason there?
In this case, the reason was P3P, as described here: https://blogs.msdn.microsoft.com/ieinternals/2013/09/17/a-quick-look-at-p3p/
In short, Internet Explorer rejects cookies from third-party contexts (different domain) in iframes, etc. This of course leads to the behavior mentioned:
Any request (including something that triggers on "focus lost") sent to the ZK backend will not have a session id (because no cookie), so ZK will trigger a complete reload.
Opening the ZK application in another tab allows it to create a cookie - which then the ZK application inside the iframe can access
The solution is to send the correct P3P header, in ZK this can be done in various ways, for example via the .zul file header directive, in a servlet filter or directly on the webserver. Having done this, the application works as expected in IE 9-11.

Chrome SecurityError loading jQuery Mobile page from local file system

I get the following error in Chrome when loading a trivially simple html file with a jQuery Mobile reference. The error is not present with just the jQuery reference.
Uncaught SecurityError: Failed to execute 'replaceState' on 'History':
A history state object with URL 'http://stacksnippets.net/js' cannot
be created in a document with origin 'null'.
<html>
<head>
<script src="https://code.jquery.com/jquery-2.1.4.js"></script>
<script src="https://code.jquery.com/mobile/1.4.5/jquery.mobile-1.4.5.js"></script>
</head>
<body></body>
</html>
You can also "Run code snippet" and see the error in the console.
This error did not happen before today. I have not changed my code or method of loading the html file in the browser. It used to work perfectly - I use the same code for all my PhoneGap apps.
Does anyone know if there was a Chrome security update that causes this SecurityError or whether I'm missing something? How would you go about debugging this? Thank you.
UPDATE
This discussion I think points out what is going on, which I suspected, since the error does not appear when running with a web server: Origin null is not allowed by Access-Control-Allow-Origin .
But I am still wondering why this changed in the past day, whether Chrome has had a change in their security policy, or why it was working before, and whether any of my PhoneGap apps will be affected.
This error is same as the origin is null error. This error occurs because of the security feature of Chrome.
A simple solution to test the application is to bypass this security on chrome.
Steps:
create a chrome browser shortcut on desktop.
Close all the instances of chrome on your machine.
Right click on the desktop shortcut of chrome and click on Properties.
in Target field, append " -allow-file-access-from-files" at the end.
Save and close properties.
Open chrome via this shortcut only.
Hurry, the error has gone. App works perfectly.
NOTE: This is just a work-around I use to test my cordova apps on desktop browser for UI testing.
Temporary solution: I've commented out all history.replaceState calls in jquery mobile, didn't need to manipulate browser history in my app anyways.
I wonder if it's chrome security bug or model and future behavior.
On a Mac I was able to fix this by running a webserver instead of loading it from a "file://" url:
http://lifehacker.com/start-a-simple-web-server-from-any-directory-on-your-ma-496425450?utm_expid=66866090-49.VYy4WCNHSyuP6EmjnM93MQ.0&utm_referrer=https%3A%2F%2Fwww.google.com%2F
python -m SimpleHTTPServer 8000
In the directory should make it available from Chrome via 0.0.0.0
I don't seem to have the same problem, not on the stable version of Chrome (45) or the Dev version (47).
However, I have personally seen issues with the CORS header, too. If you can cause the problem to happen reliably, I suggest filing a bug at crbug.com and a Chrome developer will have a look at it.

Issue while loading Google maps api V3 in Firefox over https

I am loading google maps api v3 script over https using the url
https://maps.googleapis.com/maps/api/js?sensor=false
.The maps get loaded and work properly in IE and chrome. But on firefox the maps don't work and I can see the error TypeError: google.maps.event is undefined
.I checked if the google object is loaded using undefined check and its not getting loaded on Firefox, IE and chrome load it properly.
The same behavior can be checked via the url
https://google-developers.appspot.com/maps/documentation/javascript/examples/full/map-simple
. The error occurs only over https and not http. The same issue has been noticed over multiple networks and multiple machines.
Firefox version being used:- 33.1.
My script import is in the head and my jquery bindings in the document.ready, so not much chance of the scripts executing before the import.
Same behavior is getting exhibited even in Firefox safe mode.
Can somebody help me out with a solution for this?
maybe the problem would be the ssl, you could try erasing the "s" from http
http://maps.googleapis.com/maps/api/js?sensor=false

Servicestack-SwaggerUI crashes on IE<10 for method "defineproperty" not found

I'm using SwaggerUI over a Servicestack v4.07(licensed) application to expose REST specs.
Everything works on Firefox and Chrome, but when i try to open the swagger index with IE9 or below, it crashes, showing nothing but the page header, so no service is listed.
Actually i can reproduce this but even on the swagger demo website http://petstore.swagger.wordnik.com/
When i open it with IE9 it crashes because of a (probably) known issue: https://github.com/wordnik/swagger-ui/pull/204.
When i open it with IE8 instead the fiddler tells me that there's no such defineProperties method for the Object class(exception raised from shred.bundle.js)
Does someone know about such issues?

Categories

Resources