I'm using Apache 2 and have a custom 401 page, in httpd.conf
ErrorDocument 401 /error/unauthorized.html
When I access a protected resource, all browsers show the basic http authentication dialog. If I click "cancel", all browsers but Safari (v3 and v4) will display the custom 401 page. Safari just displays the current page.
Is there any way to get Safari to display the 401 page through Apache configuration and/or mod_perl handlers?
G'day,
I believe that this is a well known issue for Safari browsers. In fact, several aspects of HTTP Authentication are subject to a "special" Apple implementation.
Sorry I can't give you a quick workaround.
cheers,
I can't reproduce the error in Safari 4 Beta, but try adding some bytes in your unauthorized.html file. Some versions of IE wouldn't show custom error pages unless the page was over a certain size, it assumed small pages were the default non-useful pages and tried to show something more useful (aka confusing).
Related
A friend of mine has been having trouble getting her site indexed by google and asked me to have a look, but that is not something I really know much about and was hoping for some assistance.
Looking at her search console, google crawl shows an error of soft-404 on the index page. I marked this as fixed a few times, because the site looks fine to me but it keeps coming back.
If I fetch the site as google it seems to be working fine, although it is showing the mobile version instead of the desktop.
It keeps giving another reoccurring 404 of a page http://www.smeyan.com/new-page, which doesn't exist anywhere I can see including server files or sitemaps.
Here is what I know about this site:
It used to be a wix site and was moved to a host gator shared server 2-3 months ago.
It's using JavaScript/jQuery .load to get page content outside the index.html template.
It has 2 sitemaps one for the URLs and one for both URLs and images
http://www.smeyan.com/sitemap_url.xml http://www.smeyan.com/sitemap.xml
It has been about 2 months since it was submitted for indexing and google has not indexed any of the content when you search for site:www.smeyan.com it shows some old stuff from the wix server. Although search console says it has 172 images indexed.
it has www. as a preference set in search console.
Has anyone experienced this and has an direction for a fix?
How long time was set for this site in Cache-Control header? If long, you should use "google removals" for obsolete snippets and cache. I simulated Google visit on your webpage. Correct 404 return code. Correct headers. Thus. Report google removals for "not found" pages. You must request visit of Googlebot and keep calm and wait for reaction.
BTW: For permanently removed content use 410 Gone for Google or... report via Removals.
https://support.google.com/webmasters/answer/1663419?hl=en
The only download error that I saw while using Chrome's Inspect function pertains to a SCRIPT tag with a Facebook url as the source (src) file.
This is the error as reported by Inspect.
This is the SCRIPT tag that caused the error.
I am not sure that this is the cause of the reoccurring 404 error, but it is an issue that needs attention on this website.
I checked your site with Tor Browser which has... DISABLED SCRIPTS. You should provide any content on your site with use of <noscript/> tag. It doesn't have to be beautiful but should be visible for bots. <a href... ></a>, <img/> etc. and... TEXT. Without it the site is NOT OPTIMIZED for search bots. Read about SEO. The sitemap content can be never indexed if the content will be never linked.
Probably your webpage also doesn't meet requirements for screen readers (for blind people).
Note: The image with "SMEYAN" caption is visible on webpage and is indexed.
second image on the webpage (in source): <img class="gallery-full-image" src="./galleries/home_gallery/smeyan_home-1.jpg" /> and indexed
The menu also doesn't work without scripts.
I thought the step is good implemented.
Please use <noscript/> element and implement version for blind people (without scripts, provide alt tag for images) and for noscript browsers. You can test it via disabling script or via NOSCRIPT extension for Firefox.
BTW. You should use HTML, CSS (including animations) and... use the JS ONLY if it is needed. Or... <noscript/> method.
Google bot currently use web rendering service (WRS) that is based on old Chrome 41 (M41), so it may fail where browsers succeed.
To learn how google boot works read this.
Add this code to the page to see the real error.
You can see the error using Url Inspector live, from google search console. It will show at more info tab.
Note: if the bot gets a 301 code or if the page is too little to have significant content it will return a soft 404 error, and won't preview or show any other error.
I went to Twitter's resource page here (https://twitter.com/about/resources/tweetbutton) and got the following code:
Tweet<script type="text/javascript" src="//platform.twitter.com/widgets.js"></script>
When I put this in my Wordpress template, I don't get the Twitter button -- I just get the text "Tweet". However, when I change the src for widgets.js to include https:// or http:// at the beginning it works.
Could it be that it's just an error that they forgot the protocol? Also, do you think it is better to use https (for consistency with the share link) versus http, or does it not matter?
Thanks for your suggestions.
The URL "//example.com/script.js" tells the browser to open the URL using the protocol of the current page, which is likely to be "file://" if your browser opened an html file on your own machine. Of course, you don't have a file called "file://example.com/script.js" on your computer.
In the past, urls for embedded widgets used to include the protocol (http or https), but a site visitor would receive warnings whenever a secure page loaded a script from an insecure page, and sometimes even vice versa. Now, widgets from Twitter, Google Analytics, and other sites no longer specify the protocol so that the same embed code can work on any page on the internet. The downside is that this does not work when you embed such a widget into a file and view it on your own browser by double-clicking it!
Apache realm auth is great for quick and dirty site acl's. Can one do realm authentication with a modal window instead of the usual ugly native one? I know there are other solutions, like CAS, etc. But Apache is always there (for the most part) and .htaccess is simple quick and easy
As a short answer no; the ugly native window is not something coming from Apache, but from your browser.
When you ask access to a resource, basically answers with a response with status 401 (Unauthorized); the browser shows the usual modal dialog, asking for username and password; once you provide them, the browser tries again adding an Authentication: header with the username/password provided. If you can be authorized, fine, otherwise you've another 401, and the browser asks for the password again.
Simple answer: no.
This "ugly native window" is the kind of dialog your web browser shows when it encounters HTTP authentication as defined in RFC 2617. This has nothing to do with Apache httpd, the dialog will look the same in your web browser, no matter which web server (Apache httpd, nginx, lighttpd, IIS, Hiawatha, fnord, gatling, …) generated the WWW-Authenticate header.
I don't see any error messages in the log file, and there is no message on the screen. Logging in to my Rails 3 app as it is served up in an iframe from another site results in being returned to the main site without the user being logged in.
It sounds like the Rails app is not recognizing the cookie through the iframe. Has anyone else run into this problem? Where could I go to see what the error is?
Please note this ONLY occurs in IE, version 8 (maybe it occurs in 7 and 6, haven't tested yet).
James is correct, IE has some security in place to prevent iFrames from generating cookies. There's an easy fix for this, simply include the following response header into your controller:
response.headers['P3P'] = 'CP="NON DSP COR CURa IVAa IVDa CONa OUR NOR STA"'
Source: http://adamyoung.net/IE-Blocking-iFrame-Cookies
I had similar problems with IE 6 and 7 and Devise with iframes. From my understanding it has something to do with sessions not being passed through iframes in IE. According to what I was able fo find, IE prevents this for security.
I'm not sure why this only seems to be a security issue in IE and not other browsers.
i want to add a "register" link into the apache authentication popup.
i would also like to change the error message page that is called when you press cancel.
i looked into directory www/error where i found some files but it seem none of those files is the error page that is called.
how can i find the Authorization Required page that is called ?
so i can change it.
You can't - that's native browser behavior, not an Apache popup. Try different browsers and see how they do the popup differently.