Is it possible to open dropbox chooser in an iframe.
I've followed the doc to integrate chooser in my application, but when clicking on the chooser button it opens in a browser window.
I've seen some applications which opens Dropbox chooser within their application in a modal popup. Is it possible?
This is technically possible, but we (Dropbox) need to specifically allow it for your app. By default, nothing on dropbox.com will allow itself to be put in an iframe for security reasons. (E.g. take a look at "clickjacking.")
We usually won't change that policy, but we do sometimes make exceptions for larger customers who we can work with directly on the security implications.
Related
I am developing an iOS safari extension. Right after the installation and opening the container app, I would like to take the users to a page which shows instructions on how to enable the extension and allow it to run on all pages. Is there a way to detect the state of the extension?
So, the flow will be as: User opens the container app, and we take the user to a page on safari and depending on:
(1) if the extension is enabled
(2) if the extension is allowed to run on all pages
How can I detect these two states from the extension ?
Tried looking around if there is an API to detect so. Doesn't seem there to be one?
Loom's chrome extension can record your screen with "one click record".
Normally, to capture someone's screen, the browser will display a "do you want to share your screen" modal.
How does Loom achieve this?
It's an extension, not just a web page. When you installed it, Chrome showed you the things it would have access to, and you accepted that by continuing with the installation:
Extensions have very a different permissions model than web pages, because there's that explicit, user-driven installation step.
The website is developed in WordPress. It looks perfect on chrom/Firefox browsers but its not looking perfect on safari browser
Can someone help to understand what it the issue and how can i fix it?
If Safari doesn't load a page or webpage items are missing
Check Safari extensions, or try removing cookies, cache, and other website data if a webpage or site doesn't load on your Mac.
Use the steps in this article if this happens in Safari on your Mac:
You can’t log in to a secure website.
A webpage repeatedly reloads or redirects.
A message on a webpage tells you to remove or reset cookies.
Some images, videos, or other items aren't displayed on a webpage, but other page elements load.
Check Parental Controls
If you're logged into a user account that is restricted by Parental Controls or other web filtering software, some pages or page elements might not load if those sites aren't allowed. For example, embedded videos might not display if they're hosted on a site other than the one you're viewing.
Check with your administrator to see if you can get access to the site that you're trying to view.
Check Safari extensions
Some Safari extensions that block ads or other website content can prevent some page elements from displaying. You can temporarily turn off extensions, then re-load the page to see if this is the issue.
Choose Safari > Preferences.
Click Extensions.
Select an extension, then deselect the checkbox "Enable… extension." Repeat this step for every extension that's currently installed.
Reload the page by choosing Choose View > Reload in Safari. If the webpage loads correctly, one or more extensions was blocking the content from loading. Re-enable an extension, then reload the page again to determine which extension is blocking the content you want to view.
If the website still doesn't load with all of your extensions disabled, try the next steps in this article.
If Safari doesn't load pages from a specific site
If only one webpage or website isn't working, you can remove data related to that site to see if it fixes the issue. Use these steps to remove cookies, cache, and other data stored by Safari for a specific site:
Choose Safari > Preferences.
Click the Privacy icon.
Click the Details button.
Search for the name or domain of the website whose data you want to remove.
In the results list, click the domain (like example.com) that has data you want to remove.
Click Remove.
When you're finished, click Done and close the preferences window.
remove history, cookies, cache, website data, for a specific site
If you used the Private Browsing feature of Safari when visiting a website, you might not see the site listed here.
If Safari doesn't load pages from multiple sites
In OS X Yosemite, you can delete website data for the past hour, or past few days if websites or pages stopped loading recently.
Choose History > Clear History and Website Data.
In the sheet that appears, choose the range of data you want to remove from the Clear pop-up menu.
Click Clear History.
remove history, cookies, cache, website data
If you want to remove website data for all of the sites and pages you've ever visited, choose "all history" from the Clear pop-up menu. The option to Remove All Website Data in the Privacy pane of Safari preferences does this, too. These options also reset your browsing history and Top Sites.
We set up new domains to forward to an application on our jboss platform. These new domains are used in the links on a pdf created with itext. They are shorter links to additional data, as we wanted to hide the full links. These links forward to our application correctly. The problem is that, when a link is clicked, adobe displays a dialog box (printed below) asking if the user wants to allow this connection. Unfortunately, every time the user clicks a link in the pdf, he will get the dialog box below. I read in the Adobe documentation that cross-domain access triggers a security warning. Have any of you encountered and solved this problem? Any help will be appreciated. Thanks.
Per Adobe:
Allow or block links to the Internet in PDFs
Clicking any link to the Internet poses a potential security risk. Malicious websites can transfer harmful content or silently gather data. If you are concerned about these risks, you can configure Acrobat and Reader to display a warning when a PDF attempts to connect to an Internet site.
You can allow Acrobat and Reader to contact selected websites by adding their addresses (URLs) to your list of trusted websites in the Trust Manager preferences. Alternatively, you can allow all URLs.
Note: If the options in the Manage Internet Access dialog box are disabled, select Custom Setting. If options are still disabled, your product could be under an administrator’s control with those restrictions in place.
Choose Edit > Preferences (Windows) or Acrobat/Adobe Reader > Preferences (Mac OS).
From the Categories on the left, select Trust Manager.
Click Change Settings to specify the default behavior for accessing the Internet from PDFs.
Choose from the following options:
To allow access to all URLs, select Allow PDF Files To Access All Web Sites.
To restrict access to all URLs, select Block PDF Files’ Access To All Web Sites.
To restrict access to only the URLs you specify, select Custom Setting.
To add a website, type its URL in the Host Name text box and click Allow or Block.
To remove a URL you no longer want to visit, select the website in the list and click Delete.
To specify what the program should do with websites not in your custom list, select one of these options: Always Ask, Allow Access, Block Access.
For more information, see the Application Security Guide at http://www.adobe.com/go/learn_acr_appsecurity_en.
Note: If you open a protected PDF and receive a prompt to allow or block a URL, select Remember My Action For This Site. This reply adds the URL to this list.
I have a facebook iframe app I'm trying to test using a WebBrowser Control on a form in VB.NET 2010. Whenever I try to access the WebBrowser.Document.Window.Frames frame object on a document where my app is showing in the broswer, I get an Access Denined exception. Reading around on the web, I see people saying that this is to keep scripts in a document from accessing content in iframes that are pulling content from another domain, as per 'http://msdn.microsoft.com/en-us/library/ms533028.aspx', for security reasons.
While I totally understand why this is done for the general public, how can I disable it on my machine so that I can run these tests? I can't properly test my app without doing it in the facebook iframe and using the WebBrowser control is the only way I know to do this test programmatically.
Any ideas? I'm on windows server 2003 and ie8, .net4.0, if that helps. I own the domain where the app is, and its in AS.NET MVC2, so if there's anything I can do to the web code to enable this??? I also removed the Internet Explorer ENhanced Security COnfiguaration component, but that didn't help.
Thanks,
Philip
Have you tried changing your Internet Explorer settings to enable cross domain scripting?
I believe the VB.Net Web Browser control inherits settings from the local copy of IE.
Try this:
From Internet Explorer, choose Internet Options from the Tools menu.
On the Security tab of the Internet Options dialog box, select the Local Intranet Web Content Zone and then click Custom Level.
Locate the Miscellaneous/Access Data Sources Across Domains setting, and then select Enable, as shown in Figure 2.
Click OK, and then click Yes to the warning dialog box that appears.
Click OK to close the Internet Options dialog box.
Also try adding the Facebook https Url into your trusted sites.
As a last resort disable Native XMLHttp in IE and attempt to revert back to an older version of the XMLHttp object.