Anyone know the reason why CloudFlare is injecting the following code?
<script type="text/javascript">
//<![CDATA[
try{(function(a){var b="https://",c="www.mywebsite.com",d="/cdn-cgi/cl/",e="img.gif",f=new a;f.src=[b,c,d,e].join("")})(Image)}catch(e){}
//]]>
</script>
I have other website with the same CloudFlare's configuration and i didn't notice the img.gif on the source code.
I disabled the ScrapeShield app integration on the CloudFlare's dashboard and the strange code just disappeared.
Related
I'm trying to show amazon banner on my website. Here's the banner's default code:
<script type="text/javascript" language="javascript">
var aax_size='160x600';
var aax_pubname = 'username';
var aax_src='302';
</script>
<script type="text/javascript" language="javascript" src="http://c.amazon-adsystem.com/aax2/assoc.js"></script>
This is the error I'm getting if I don't change the http link:
first:1 Mixed Content: The page at 'https://example.com/' was loaded over HTTPS, but requested an insecure script 'http://c.amazon-adsystem.com/aax2/assoc.js'. This request has been blocked; the content must be served over HTTPS.
Now if I change the url src as https://c.amazon-adsystem.com/aax2/assoc.js. The amazon banner is loading but the padlock is breaking with the following message in the console:
Mixed Content: The page at 'https://example.com' was loaded over HTTPS, but requested an insecure frame 'http://s.amazon-adsystem.com/iu3?d=assoc-amazon.com&rP=https%3A%2F%2Fexample.com'. This request has been blocked; the content must be served over HTTPS.
The above url http://s.amazon-adsystem.com/iu3?d=assoc-amazon.com&rP=https%3A%2F%2Fexample.com is in the javascript hosted by amazon which I can't change. Is there a way to fix it?
Most services which support https but provide http will accept https://our.site.com as an alternative to http://our.site.com. Have you tried just changing the protocol from
"http://s.amazon-adsystem.com/iu3?d=assoc-amazon.com&rP=https%3A%2F%2Fexample.com"
to
"https://s.amazon-adsystem.com/iu3?d=assoc-amazon.com&rP=https%3A%2F%2Fexample.com"
just clear your browser cache or try it in private/incognito window with your HTTPS changes. It can be a browser level issue.
As amazon is using Protocol Relative URL in this script. So there is no where hard coded http or https.
You can view the same by beautifing the code in http://c.amazon-adsystem.com/aax2/assoc.js
By changing http:// to https:// it worked for me.
Problem
I keep getting one of the following two 403 (Forbidden) errors related to Typekit after uploading my content to Amazon S3. Originally, I thought it might be related to the order of the scripts, but that hasn't seemed to work.
index.html (just the bottom where the scripts are)
<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/jquery.js"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/modernizr/2.8.3/modernizr.js"></script>
<script src="assets/js/scripts.js"></script>
<!-- Typekit -->
<script src="https://use.typekit.net/nig8pij.js"></script>
<script>try{Typekit.load({ async: true });}catch(e){}</script>
<!-- Google Analytics -->
<script>
(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
})(window,document,'script','//www.google-analytics.com/analytics.js','ga');
ga('create', 'UA-65254339-3', 'auto');
ga('send', 'pageview');
</script>
Errors
GET https://use.typekit.net/c/621b04/1w;proxima-nova,2,gbj:W:n3,gbl:W:n4,gbs:W:…6c6c63d47eb6ce1a7c34402d30d0658eb4fd0a4fa5105f68413522cff7d9b48b9c7de0f2f2
OR
Failed to load resource: the server responded with a status of 403 (Forbidden)
You'll get a 403 error if you don't include the https://s3.amazonaws.com url in your domains you want the fonts to appear on Typekit. Simple fix.
Kit Settings > Domains > Publish
I saw some code for something called rocketscript. I searched the name and it only came up with stuff about WordPress, but I finally found something on the cloudflare website. It just gives information about what it is, and what it does, I seen on another site that the snippet of code they have like the one below is custom, and has their domain / a unique id in it.
I was wondering how can I get my own code for my website? I can't find any page where cloudflare will give me the code, or tell me how to implement it into my website, do I just copy the code from another website? I don't think I do as each code has the websites domain and a unique id.
<script type="text/javascript">
//<![CDATA[
try{if (!window.CloudFlare) {var CloudFlare=[{verbose:0,p:0,byc:0,owlid:"cf",bag2:1,mirage2:0,oracle:0,paths:{cloudflare:"/cdn-cgi/nexp/dok3v=1613a3a185/"},atok:"0c520450ae00f93ad3c6d427e6175e11",petok:"39b2bad3263429bff6b9dfc54bc4b070f517b5df-1443920379-1800",zone:"fabborp.co.uk",rocket:"a",apps:0}];document.write('<script type="text/javascript" src="//ajax.cloudflare.com/cdn-cgi/nexp/dok3v=e9627cd26a/cloudflare.min.js"><'+'\/script>');}}catch(e){};
//]]>
</script>
<script type="text/rocketscript">
//<![CDATA[
try{if (!window.CloudFlare) {var CloudFlare=[{verbose:0,p:0,byc:0,owlid:"cf",bag2:1,mirage2:0,oracle:0,paths:{cloudflare:"/cdn-cgi/nexp/dok3v=1613a3a185/"},atok:"cc7792bcd37b11acfe5d52854c3c31cb",petok:"60a72fe01a43af4ce7bfedbb9aa1557bd41221e9-1437754506-1800",betok:"b5597544ec58644c04609e45c7005743deab17c5-1437754506-120",zone:"fabborp.co.uk",rocket:"a",apps:0}];document.write('<script type="text/javascript" src="//ajax.cloudflare.com/cdn-cgi/nexp/dok3v=e6ea9bd6c9/cloudflare.min.js"><'+'\/script>');}}catch(e){};
//]]>
</script>
Main question is, how do I get my OWN code? for rocketshare..
CloudFlare's Rocket Loader system...
is a general-purpose asynchronous JavaScript loader coupled with a lightweight virtual browser which can safely run any JavaScript code after window.onload.
You can use Rocket Loader by adding the website you would like to enable Rocket Loader on to CloudFlare. CloudFlare automatically adds the code to every page on your website using DNS, no need for you to add it in yourself.
Sign up for CloudFlare.
Add your website to CloudFlare using CloudFlare's easy to use wizard that should appear after you login.
Select your site from the list that should appear on your screen. A list may not appear as you have only one site in your account.
Select 'Speed' in the navigation bar:
Scroll down to Rocket Loader and select the desired option, probably Automatic.
Give it a little while to propagate, stuff like this doesn't happen instantly.
Hope that works for you!
I have seen this question and response, but it still does not work for us:
Embedding Apps with API key
We are having a problem with the Rally API. Our intent is to make a stand-alone page (outside of Rally) that shows the portfolio Kanban.
I have attached the test page. It was created with the rally-app-builder. We created an API key. When we try to load the page, passing the API key, we get a json exception about cross-site violations. The documentation says that we will see this error if we don't pass the key. But even when we do pass it, the error persists.
We have tried it through an apache server, so the issue about being a standalone file is not our problem. Does anyone have any other ideas?
The html page is below.
<!DOCTYPE html>
<html>
<head>
<title>helloworld</title>
<script type="text/javascript" src="https://rally1.rallydev.com/apps/2.0rc3/sdk.js"></script>
<script type="text/javascript">
Rally.onReady(function () {
Ext.define("CustomApp",{extend:"Rally.app.App",componentCls:"app",items:{html:'App SDK 2.0rc3 Docs'},launch:function(){this.add({xtype:"rallycardboard",types:["Portfolio Item/Feature"],attribute:"State",storeConfig:{context:{project:"/project/14292239482",projectScopeUp:!1,projectScopeDown:!0}},context:this.getContext(),readOnly:!0})}});
Rally.launchApp('CustomApp', {
name:"helloworld",
parentRepos:""
});
});
</script>
<style type="text/css">
</style>
</head>
<body>
</body>
</html>
The api key we generated is of type alm-wsapi-read-only. When page is loaded, even with apikey parameter provided, we get the JSON x-site error.
We are wondering if there is a config to change on Rally subscription side or perhaps there is an error in the documentation or something else simple.
I submitted a defect. It works up to the point when I load an App-debug.html using rally-app-builder run command:
rab run
and append apiKey to the app's URL as a query parameter. It loads fine using the apiKey:
The problem starts when I choose a different server to load an embedded app, for example:
a)start a simple http python or node server in another directory
b)copy App-external.html from deploy folder to the directory from which the server is running
c)create a new file, App-embedded.html in this directory :
<html>
<header>
<title>Embedded app test: revs</title>
</header>
<body>
<iframe src="http://localhost:9000/App-external.html?apiKey=_Ib4u6d7"></iframe>
</body>
</html>
d)load App-embedded.html
These steps results in cross-origin error.
If you check in Chrome's Network tab, or Safari debugger it shows that artifact (hierarchicalrequirement or defect) requests fails. Interestingly, the preceding subscription, user and schema requests complete successfully. Screenshot from Safari:
It turns out that the underlying issues were related to the CORS configuration on the Rally servers, not anything specific with App SDK 2.0rc3. As of 11/24/14 this issue should be resolved.
My website is here, and visiting it in Chrome gives the 'load unsafe script' error and unsecured content errors in the console. Firefox loads the site, but there isn't a lock.
My site is entirely in PHP, and I'm not sure where to start. The console and firebug said that the site was loading unsecure scripts over HTTP, but how do I make it all HTTPS?
Thanks in advance!
Your HTML has lots of links to http:// resources, eg.:
<link rel="stylesheet" type="text/css" href="http://portal.thespartaninstitute.com/...">
You need to ditch the http: part and just link to //portal.thespartaninstitute.com/... - that will then use https when the page has been loaded that way.