Secured and unsecured items message in IE - dojo

I'm getting "This page contains bothe Secure and Non secure items"message in IE. When I commented the following piece of code from dojo.js.uncompressed.js file, the message is gone.
if(dojo.isIE){
if(!dojo.config.afterOnLoad){
document.write('<scr'+'ipt defer src="//:" '
+ 'onreadystatechange="if(this.readyState==\'complete\'){' + dojo._scopeName + '._loadInit();}">'
+ '</scr'+'ipt>'
);
}
Is that an issue with the dojo? I would like to move the commented code to another custom file so that the dojo framework is not affected. Can you suggest a better way of implementing it.
Thanks.

You would get that error if you're using frames or have external files where some of the files have https URLs while some have http URLs. Assuming, your main page loads up through https, you could try changing:
src="//:"
to:
src="https//:"

the //: is most likely the problem, as I ran into a similar issue with a chunk of javascript code... In internet explorer, the locaiton //: is not secure, so when your page (presumably on an https:// url) loads, IE notes that you've got your main code loading from a secure location, and another script being loaded in from an unsecure location.
The workaround that I came to was to create an empty file in my web root named "blank.html" (though "blank.js" would probably work better in your case) and replace the //: link with "/blank.html". This results in another hit to your webserver, but browser caching will probably make that impact minimal.

Related

Selenium Webdriver - driver.get() not working correctly when inserting a variable inside

This is solved. I had my baseURL wrong. And it was going to a different site, that redirected to the base url of the correct site. Thanks.
I have a problem using driver.get() with a variable inside. For example:
driver.get(baseURL+othervariable);
When I execute it, the browser goes to baseURL alone.
I have added before that line a console print to make sure the concatenation is ok, like:
System.out.println(baseURL+othervariable);
driver.get(baseURL+othervariable);
And I can see in the console that the concatenation is ok.
The weird thing is that if I insert the url directly without base url, like:
driver.get("http://examplesite.com/subsection");
It works.
Why am I facing this problem? because I'm using a for cycle in order to open an array of URLs that I need to check.
So the structure of my program is something like:
for (i=0 ; i<URLs.lenght ; i++) {
driver.get(baseURL + URLs[i]);
// then do some stuff
}
But the browser always open baseURL alone.
The weird thing is that I don't have any problem when executing this in the lower environments of this website. The problem occurs with the Live site.
Could it be that some configuration in the site is preventing Selenium from going to the desired URL?
But then I don't understand why when I insert the URL directly as a String into driver.get(), it works as expected, even in the live site.
So the problem is when I insert a variable inside, and only in the live site.
I'm totally confused. I tried Firefox driver, Chrome driver, etc. All do the same.
I also tried:
String finalURL = baseURL+URLs[i];
driver.get(finalURL);
And it refuses to open the complete URL. I never had this problem in many tests. Many times I executed driver.get() with variables and concatenations inside and I never faced this problem.
Could someone give me a hint? why is the problem only appearing when sending the URL as a variable but not when I send it as a String?
I'm using Selenium 3.0 btw.
Thanks for your help.
Try to be sure of URLs syntaxe (especially \ and //)
For some website, incorrect URLs redirect to baseURL page.
If you're working on an AngularJS project, you may need some waits (try ngWebDriver)
Good luck !

Session lost while on PythonAnywhere Web2Py but NOT locally

I use a session variable to pass some info with a redirect:
session.OrigText = XML(str(OrigText))
redirect(URL('SearchResultsOrigText'))
It arrives at the new URL / page / view - SearchResultsOrigText - and works Ok.
But when from that new URL - SearchResultsOrigText- I navigate away (and it doesn't matter where I go from this new page), when returning with the 'back" button of the browser, the session.OrigText is now empty (showing as 'None').
This behaviour is happening only on PA and not locally.
I do not use session.forget anywhere in my code.
Trying to pass the 'html heavy' content in the OrigText as a dictionary variable (not a session variable) gets me into another interesting issue...Python Anywhere says "Something's wrong 502- Back End".
(Silent failing ?) This happens on PythonAnywhere but NOT locally as well.
Sanitizing this var doesn't help...
But let's focus on the first question...
Why is the session variable lost after 1.redirect and 2.leaving the new page / view - when hosted on PythonAnywhere and NOT locally ?
Thanks
Flask sessions, by default use cookies, so it's possible that somewhere in your settings you have a setting for what domain to set the cookies on and that is not set correctly. It's also possible that you haven't set a secret key for sessions.
I faced the same problem recently in PythonAnywhere. I solved it by deleting my domain's cookies from Firefox. I still don't know how they were messed up, though.
Make sure there is no "session.forget(response)" in your code or framework code along the way.

Multiple RequiredFieldValidator crashes page

I have a very strange problem. I've recently added MVC4 to an old Web Forms project. I did this by creating a new project, and adding the old files to the new project (rather than opposite approach of copying the new MVC files in). When I did this, one of my Web Forms pages stopped working - When I try to access it, it redirects to HTTP Error 404.0 - Not Found.
The file is there, and I also have other Web Forms (.aspx) pages that load without any issues. To pin-point the issue, I created a Web Forms page with the same name to replace it, and it the blank page loads. I started adding code to the new page one line at a time till I found the issue.
I finally found that what caused the issue is when I have more than one RequiredFieldValidator tag on the page. Any idea why this would happen or what I can do to work around it?
assign groups to the validators. Put them in separate groups, dont put them in same groups , make sure You dont have controltoassign be same because then during compilation same requiredfield validator might have concurrency issues and crash the page. Putting them in different groups assures that even more. If you still get the same issue then try this as well
Open IIS Manager
Right Click the server name
Select properties
Click the MIME Types button
Click New
Extension is .pdf
MIME type is application/pdf

Reliably getting favicons in Chrome extensions, chrome://favicon?

I'm using the chrome://favicon/ in my Google Chrome extension to get the favicon for RSS feeds. What I do is get the base path of linked page, and append it to chrome://favicon/http://<domainpath>.
It's working really unreliably. A lot of the time it's reporting the standard "no-favicon"-icon, even when the page really has a favicon. There is almost 0 documentation regarding the chrome://favicon mechanism, so it's difficult to understand how it actually works. Is it just a cache of links that have been visited? Is it possible to detect if there was an icon or not?
From some simple testing it's just a cache of favicons for pages you have visited. So if I subscribe to dribbble.com's RSS feed, it won't show a favicon in my extension. Then if I visit chrome://favicon/http://dribbble.com/ it won't return right icon. Then I open dribbble.com in another tab, it shows its icon in the tab, then when I reload the chrome://favicon/http://dribbble.com/-tab, it will return the correct favicon. Then I open my extensions popup and it still shows the standard icon. But if I then restart Chrome it will get the correct icon everywhere.
Now that's just from some basic research, and doesn't get me any closer to a solution. So my question is: Is the chrome://favicon/ a correct use-case for what I'm doing. Is there any documentation for it? And what is this its intended behavior?
I've seen this problem as well and it's really obnoxious.
From what I can tell, Chrome populates the chrome://favicon/ cache after you visit a URL (omitting the #hash part of the URL if any). It appears to usually populate this cache sometime after a page is completely loaded. If you try to access chrome://favicon/http://yoururl.com before the associated page is completely loaded you will often get back the default 'globe icon'. Subsequently refreshing the page you're displaying the icon(s) on will then fix them.
So, if you can, possibly just refreshing the page you're displaying the icons on just prior to displaying it to the user may serve as a fix.
In my use case, I am actually opening tabs which I want to obtain the favicons from. So far the most reliable approach I have found to obtain them looks roughly like this:
chrome.webNavigation.onCompleted.addListener(onCompleted);
function onCompleted(details)
{
if (details.frameId > 0)
{
// we don't care about activity occurring within a subframe of a tab
return;
}
chrome.tabs.get(details.tabId, function(tab) {
var url = tab.url ? tab.url.replace(/#.*$/, '') : ''; // drop #hash
var favicon;
var delay;
if (tab.favIconUrl && tab.favIconUrl != ''
&& tab.favIconUrl.indexOf('chrome://favicon/') == -1) {
// favicon appears to be a normal url
favicon = tab.favIconUrl;
delay = 0;
}
else {
// couldn't obtain favicon as a normal url, try chrome://favicon/url
favicon = 'chrome://favicon/' + url;
delay = 100; // larger values will probably be more reliable
}
setTimeout(function() {
/// set favicon wherever it needs to be set here
console.log('delay', delay, 'tabId', tab.id, 'favicon', favicon);
}, delay);
});
}
This approach returns the correct favicon about 95% of the time for new URLs, using delay=100. Increasing the delay if you can accept it will increase the reliability (I'm using 1500ms for my use case and it misses <1% of the time on new URLs; this reliability worsens when many tabs are being opened simultaneously). Obviously this is a pretty imprecise way of making it work but it is the best method I've figured out so far.
Another possible approach is to instead pull favicons from http://www.google.com/s2/favicons?domain=somedomain.com. I don't like this approach very much as it requires accessing the external network, relies on a service that has no guarantee of being up, and is itself somewhat unreliable; I have seen it inconsistently return the "globe" icon for a www.domain.com URL yet return the proper icon for just domain.com.
Hope this helps in some way.
As of Oct 2020, it appears chrome extensions using manifest version 3 are no longer able to access chrome://favicon/* urls. I haven't found the 'dedicated API' the message refers to.
Manifest v3 and higher extensions will not have access to the
chrome://favicon host; instead, we'll provide a dedicated API
permission and different URL. This results in being able to
tighten our permissions around the chrome:-scheme.
In order to use chrome://favicon/some-site in extension. manifest.json need to be updated:
"permissions": ["chrome://favicon/"],
"content_security_policy": "img-src chrome://favicon;"
Test on Version 63.0.3239.132 (Official Build) (64-bit)
chrome://favicon url is deprecated in favor of new favicon API with manifest v3.
// manifest.json
{
"permissions": ["favicon"]
}
// utils.js
function getFaviconUrl(url) {
return `chrome-extension://${chrome.runtime.id}/_favicon/?pageUrl=${encodeURIComponent(url)}&size=32`;
}
Source: https://groups.google.com/a/chromium.org/g/chromium-extensions/c/qS1rVpQVl8o/m/qmg1M13wBAAJ
I inspected the website-icon in Chrome history page and found this simpler method.
You can get the favicon url by --
favIconURL = "chrome://favicon/size/16#1x/" + tab.url;
Don't forget to add "permissions" and "content_security_policy" to Chrome. (https://stackoverflow.com/a/48304708/9586876)
In the latest version of Chrome, Version 78.0.3904.87 (Official Build) (64-bit)) when tested, adding just img-src chrome://favicon; as content_security_policy will still show 2 warnings:
'content_security_policy': CSP directive 'script-src' must be specified (either explicitly, or implicitly via 'default-src') and must whitelist only secure resources.
And:
'content_security_policy': CSP directive 'object-src' must be specified (either explicitly, or implicitly via 'default-src') and must whitelist only secure resources.
To get rid of them use:
"permissions": ["chrome://favicon/"],
"content_security_policy": "script-src 'self'; object-src 'self'; img-src chrome://favicon;"
Now you can use chrome://favicon/http://example.com without getting any errors or warnings.

Solve IE6 static content caching issues on IIS6

I'm currently experiencing problems with static content - most noticeably jQuery datepicker images, but also other static files - which results in images/static content loaded many times - I can clearly see it in IE6 status bar (not to mention SLOW rendering).
The problem and possible solutions seems to be described here: http://www.explainth.at/en/tricks/flickfix.shtml. However, I use IIS6 not Apache, and static files that I don't want to feed through php or asp.
How do I make IE6 cache static images properly? How do I add custom response header for specific files/folders?
Hm, let met re-phrase it. I'm not sure it is caused by the bugs above. Actually, I tried appcmd to apply cacheControlMode/etc and it doesn't seem to work. As far as I remember, IE6 also does not cache for XMLHttpRequest calls? So, the biggest problem that I need to solve is:
in jQuery calendar, moving mouse over image buttons (prev/next) causes them to be reloaded-refreshed
in jQuery dialog, each dialog('open') causes images from theme (like header background) to be re-loaded/refreshed
etc
This link probably gives a better explanation: http://ajaxian.com/archives/internet-explorer-and-ajax-image-caching-woes
How do I solve this - that is, without feeding images through ASP.NET to setup headers?
Thanks everybody for listening, the trick with appcmd seems to work ;-) The problem was that I used jQuery theme from googleapis... which obviously was not affected by appcmd ;-) Moving theme to local folder did the trick. These are the commands:
\Windows\system32\inetsrv\appcmd.exe set config "Default Web Site/images" -section:system.webServer/staticContent -clientCache.cacheControlMode:UseMaxAge
\Windows\system32\inetsrv\appcmd.exe set config "Default Web Site/images" -section:system.webServer/staticContent -clientCache.cacheControlMaxAge:"01:00:00"
from http://forums.iis.net/t/1067723.aspx