For getting authorization code , the flow goes to email/password page of social tables. I am trying to load that page in an iframe.
Gives below error message:
Refused to display 'https://auth.socialtables.com/login?redirect=/oauth/authorize?client_id=xxxxx..' in a frame because it set 'X-Frame-Options' to 'sameorigin'.
Is there a anyway i can override this option so that it gets
displayed in iframe?
Is there another way to display this page
within my application?
Currently, we don't have iframe's enabled for our login page. The recommended way is to have the Social Tables login page page open in a new tab (or in current page) and set the redirect_url to the page the user was currently on within your app. That would be the easiest method.
I'll submit a request for comments for this feature to be available in the meantime.
Related
enter image description here
When i try to login my instagram through the web this blank screen doesn't load. Tried clearing cache and cookies on the browser but still the issue persists. On inspecting the page on console this error is displayed
https://i.instagram.com/api/v1/business/account/get_web_pro_onboarding_eligibility/
The resource https://www.instagram.com/static/bundles/es6/FeedSidebarContainer.css/f627ebef4169.css was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
Subsequent non-fatal errors won't be logged; see https://fburl.com/debugjs.
Same errors here. Feed site is empty. I can open my profile site or profiles from other users, that is working.
See the screenshot. On the feed site is a GET request and in the status I get "429 Too Many Requests". I have no glue what is going wrong here. On my two other Instagram profiles the feed is working.
I am trying to create a web page which will allow my user to upload a file to my S3 storage. For choosing the file user can use Google Drive, Dropbox and also local system. Am facing issues while implementing the Dropbox part of this.
Am using this technique for integration(using core API and OAuth 2).
First when user chooses Dropbox i am opening an HTML page in an IFrame. Here I have an authorize button which will open the authorize endpoint mentioned in the above link. This link shows me X-FRAME-Options error inside the Iframe so i had to open this link as a popup to work.
Is there a way around this? I'd like the authorize URL to open in the same iframe by using location.href.
Also when i open it as a popup, after the user logs in successfully the redirect_uri which i pass i getting opened in the popup. I had to do some unconventional setInterval coding to go around this. Can someone suggest a solution for this as well?
I also tried using CSRF tokens as mentioned in Smarx's blog but this also gives me the same error.
EDIT :
#smarx i tried using dropbox.js and it works fine. Stuck at one place
I used the OAuth popup driver and have a button which says sign-in.
First on load i create the client and then the popup driver as below
client = new Dropbox.Client({ key: client_id });
client.authDriver(new Dropbox.AuthDriver.Popup({
receiverUrl: "http://localhost/uploadCare/dbcallback.html"
});
);
And in the call back html i am writing
Dropbox.AuthDriver.Popup.oauthReceiver()
as mentioned in the docs.
But this does not take me back to the original page and show me the list of files.
I particularly did not understand this part of the explanation
"To use the popup driver, create a page on your site that contains the receiver code, change the code to reflect the location of dropbox.js on your site, and point the Dropbox.AuthDriver.Popup constructor to it."
Could you please help me out here.
You definitely can't put dropbox.com into an iframe, for security reasons (e.g. clickjacking).
A few suggestions:
Can you just use the Chooser for your use case? That would certainly be easier for you and your users.
If you can't use the Chooser, is there a reason you're not using dropbox.js? It has a popup auth driver that will pretty much just take care of all this for you. The redirect will definitely happen in the same window as auth, so communication between the windows (usually via localStorage) is generally necessary. This is already done in dropbox.js.
I have a mobile XPages application which uses the single page application control (xe:singlePageApp) of the XPages extension library. The application also uses a workflow engine which sends out emails with links to documents to users so they can approve requests.
The link URL is composed like
http://hostname/app.nsf/m_page.xsp?action=openDocument&documentId=2A2A#requestForm
where requestForm is the name of the appPage containing the form to display a single request document.
If the user is already logged in, the browser opens and displays the document as intended.
However, if the user is not already logged in, the Domino login form is displayed (session based authentication). When the user then logs in, the same XPage is opened, but to the default page (selectedPageName attribute of the singlePageApp) instead of the appPage with the pageName requestForm. The reason for this behavior is that after submitting the login form the anchor part (#requestForm) is no longer present in the URL the browser is redirected to because the #requestForm-part is never sent to the server where the redirect URL is computed in the first place.
Possible solutions I can think of are
put the intended pageName in a real URL parameter (like documentId), parse the URL and modify the browser location (from ...&documentId=2A2A&pageName=requestForm to ...&documentId=2A2A#requestForm)
check the URL for the existence of the documentId parameter and modify the browser location (add #requestForm) if it is present
modify the Domino login form as per Jake Howlett's Suggestion (which is a not always permitted)
I was wondering now if there are more elegant solutions to this.
I would take the first option in your case. But instead of handling the url change at the client-side, I would handle this on the server-side. Otherwise, client will load the initial page once and submit an additional request to the server.
On the beforePageLoad event:
var url:XSPUrl=context.getUrl();
if(url.hasParameter("pageName")) {
var pageName=url.getParameter("pageName");
url.removeParameter("pageName");
facesContext.getExternalContext().redirect(url.toString()+"#"+pageName)
}
This will do the redirection before loading the page.
I am building a basic login page using the existing sign-in portlet.
I just want to have a functionality that when a user access the website, right now localhost:8080, the sign-in portlet should pop up!
Is this doable? If so, Can someone please hint me how this can be done?
This is how the default page looks like right now:
To log in, I have to explicitely click on the "sign-in" blue button and then it pops out a modal sign in portlet.
But what I am trying to do here is:
Whenever a user clicks on the default url, it should immediately ask the user to login rather than showing a blank page with a sign-in button (something like the output image)
Or even a modal sign-in box (Whatever is easy to customize.)
and
Whenever a user hits any other url for eg. localhost:8080/web/project1/home and if the user is not signed in, it should force him to sign in first.
Two possibilities out of the box:
place nothing but the sign in portlet on the homepage, appearing at that location (typically /web/guest/home)
protect your default page to be not visible to the guest user (this will automatically forward to the sign-in portlet) - see the "Permissions" button on the "Manage Pages" interface
There are more, but these seem to be the first and most obvious ones. Let me know if one of them works for you or what the reason for your request is
From what I understand, you want the Login Portlet to popup as a modal window/lightbox on the current page (i.e. without leaving the page). AFAIK, to achieve this, you'll have to develop all your portlets to use AJAX to create links that point protected resources. So when you get an unauthenticated request, you can stay on the same page and show login dialog.
This is high-level approach. You'll need to 1) embed the Login portlet in your theme and 2) put the below javascript functionality in Theme:
callback function - to handle response for unauthenticated request,
to render modal/lightbox
You might face surprises while implementing this.
I have seen that it is not possible to display any Google page from an iframe. An error message is displayed: cannot display, open in a new window.
I need to login to Google (OpenId authentication) from an iFrame in Joomla (cannot change this). Is there a workaround for this? I thought I could open the authentication page in a new window, and then try to kill that window and reload the original one, but I am not sure I can do that.
Thanks
Well you can just get the form (html code) and put it in your iframe but this will get very messy, for example, there maybe certain JS files that you need to include as well.
Redirecting to Google is best way to implement it.As Using IFrame Sometime does not allowed by some Companies Due to Security.