I see similar questions but it is not clear whether it is a CORS issue or it is because I cannot post to https://www.recaptcha.net/recaptcha/api/siteverify? nor https://www.google.com/recaptcha/api/siteverify? from the browser.
Thank you
Related
I have a SpringBoot API with a POST end-point.
Trying to make a call to end-point from Grafana AJAX panel
It seems to be hitting the end-point but error occurs complaining about missing body.
error: "Bad Request" message: "Required request body is missing: public org.springframework.http.ResponseEntity status: 400
But the request has indeed a body.
Have been looking for possible POST examples for hrs now but no joy, e.g.
https://community.grafana.com/t/using-ajax-plugin-to-make-rest-call/6674
Any tips or solutions would be much appreciated.
Asked this same question on Grafana support forum.
Turns out the plugin/panel in question does not support POST with body.
Indeed, it looks like POST JSON data to backend is not currently supported. There seem to be two related issues here:
https://github.com/ryantxu/ajax-panel/issues/48
https://github.com/ryantxu/ajax-panel/issues/13
You're welcome to share your thoughts there, it looks like this feature request has been added as a future enhancement but I am not sure when that work will be completed. In the meantime, you may need to forego using the AJAX Plugin.
So it's basically useless as my backend API end-point requires a body.
try the new JSON API plugin
https://grafana.com/grafana/plugins/marcusolsson-json-datasource/?tab=changelog
or AjaxPanel plugin for more control
I am newbie Parse and I have a problem. I want to use parse classes for dynamic content such as blog posts. Everyting works as expected there is no problem ; but when I try to fetch as google in Google Webmaster Tools it says AJAX blocked. So google will not index this content anyway.
when I follow the link I saw this below.
this is what I see when follow class link
So google crawler try to get ajax content but it comes to it with a ConnectionFailed aka 100 error. (I tested it to show in a label on page what returns in parse query error callback. So I see what renders google)
Am I doing something wrong is this an expected behaviour ?
Anyone knows how to solve this ?
Btw: I am hosting this website on heroku with custom domain over https (with cloudflare dns redirected and free ssl)
I also deployed to Parse Cloud Hosting unfortunately the result is same :(
This is the full result of the Fetch as Google :
full page result of fetch as google
The page at https://api.parse.com/1/classes/GameScore is asking for authentication, and it's throwing a 401 Unauthorized status code for unauthorised requests. That's already a problem.
Besides that, the page at https://api.parse.com/robots.txt is currently showing
User-Agent: *
Disallow: /
Googlebot can't access that page because it's disallowed for crawling in the first place, but even if it could access it, it would run into an authentication gate which it wouldn't be able to pass.
If the content from that URL (https://api.parse.com/1/classes/GameScore) is essential for the page where its referenced/used, you would have to work with Parse to allow crawlers access those URLs.
If it's not essential, then you can safely ignore that warning.
I published a web site: "https://www.mynotefy.com". Some users were not able to see the recaptcha screen on createaccount pageon chrome browsers.
Any reason why this is happening. No errors are being logged.
"if we use https in chrome, recaptcha not showing. If we use just http, recaptcha is showing".
How do we fix this issue ?
Thanks,
Here are the warnings I get in the Console of Chrome Developer Tools:
[blocked] The page at https://www.mynotefy.com/Account/CreateAccount ran insecure content from http://fonts.googleapis.com/css?family=Istok+Web:400,700,400italic,700italic|Rokkitt:400,700.
[blocked] The page at https://www.mynotefy.com/Account/CreateAccount ran insecure content from http://www.google.com/recaptcha/api/challenge?k=6Lci-doSAAAAAHuBYSQjNhr-qgvdqkXuVqn7OtS3.
My guess is that your page is an HTTPS and these links are HTTP, so that's why they are being blocked.
According to this article it is enough to validate X-Requested-With header for AJAX requests sent by jQuery. So in this case it is not necessary to implement tokens?
And if yes, where is defined that cross-browser requests are not allowed?
Thanks in advance.
The article itself says that this method is insufficient:
Warning
The method of preventing CSRF attacks described in this post
is now considered to be insufficient. A comment on this post links to
more details about an attack that circumvents it.
I've got a strange problem with my Analytics Windows Phone App. It's been 2 months now from the first release. My Google Oauth always worked... until several days ago.
It is impossible to authorize the app to access Analytics data anymore. And I've changed totally nothing!
The first URI I use is:
https://accounts.google.com/o/oauth2/auth?redirect_uri=http:// localhost
&response_type=code
&client_id=*myClientAppId*
&approval_prompt=force
&scope=https://www.googleapis.com/auth/analytics.readonly
&access_type=offline
It's the same as https://developers.google.com/oauthplayground/. The Web Explorer shows me the login form, and then the authorization form. When I tap "Authorize access", it redirects me to a 404 page.
I don't know why, it always worked before.
EDIT: OK, this works in Google Chrome. It gives me a 404 at the end but the code is in the browser URI.
EDIT 2: It works in Firefox too! But not in Internet Explorer. Google has modified something that doesn't fit IE! As it is IE in Windows Phone, I'm out of luck.
EDIT 3: This is the URL from Windows Phone IE during the process:
https://accounts.google.com/o/oauth2/auth?redirect_uri=http://localhost&response_type=code&client_id=*clientID*&approval_prompt=force&scope=https://www.googleapis.com/auth/analytics.readonly&access_type=offline
https://accounts.google.com/ServiceLogin?service=lso&passive=1209600&continue=https://accounts.google.com/o/oauth2/auth?scope=https://www.googleapis.com/auth/analytics.readonly&response_type=code&access_type=offline&redirect_uri=http://localhost&approval_prompt=force&client_id=*clientID*&hl=fr-FR&from_login=1&as=-f41460280d51b31<mpl=embedded&shdf=Cp8BCxIRdGhpcmRQYXJ0eUxvZ29VcmwaAAwLEhV0aGlyZFBhcnR5RGlzcGxheU5hbWUaGkFuYWx5dGljcyBmb3IgV2luZG93c1Bob25lDAsSBmRvbWFpbhoaQW5hbHl0aWNzIGZvciBXaW5kb3dzUGhvbmUMCxIVdGhpcmRQYXJ0eURpc3BsYXlUeXBlGhJOQVRJVkVfQVBQTElDQVRJT04MEgNsc28iFJZQrUSzSBUX1XVpZxx-K_xFjAA7KAEyFBX1s-5Zjlet_038EBgHpUrtzMWT&scc=1
https://accounts.google.com/ServiceLoginAuth
http://accounts.google.fr/accounts/SetSID?ssdc=1&sidt=ALWU2cvavauNt1Z0SXgI2DX+i+T5G1snNnu5C+aq/NBExAfG+WenK3WQRLVDLUWqsRcCCbj6c1b1qoZUOQminXYpKJMQzl6FWmuTgA8rVQYtaK5tatpCXffmlXh9CLec/zn8SUijYZILc7vwN9ByicxS1vSyFGvuoteb7wfDiemkcbvaPjfQZ4PrfmEWtl/Us+Gua+ePdTMc9tHFllBYj3TUZDiL7H1FmfPe1nE4jPyteAnGcF500lFyGSYAftGVpsMRQZiJ+4qVhGcgBrFrySpb92sVTq5FGTrQmqryhvhwQF6Sy6SJbq1CqgiavbsZbfwrvZIWVq31&continue=https://accounts.google.com/ServiceLogin?passive=true&go=true&continue=https%253A%252F%252Faccounts.google.com%252Fo%252Foauth2%252Fauth%253Fscope%253Dhttps%253A%252F%252Fwww.googleapis.com%252Fauth%252Fanalytics.readonly%2526response_type%253Dcode%2526access_type%253Doffline%2526redirect_uri%253Dhttp%253A%252F%252Flhttps://accounts.google.com/ServiceLogin?passive=true&go=true&continue=https://accounts.google.com/o/oauth2/auth?scope=https://www.googleapis.com/auth/analytics.readonly&response_type=code&access_type=offline&redirect_uri=http://localhost&approval_prompt=force&client_id=*clientID*&hl=fr-FR&from_login=1&as=-f41460280d51b31&shdf=Cp8BCxIRdGhpcmRQYXJ0eUxvZ29VcmwaAAwLEhV0aGlyZFBhcnR5RGlzcGxheU5hbWUaGkFuYWx5dGljcyBmb3IgV2luZG93c1Bob25lDAsSBmRvbWFpbhoaQW5hbHl0aWNzIGZvciBXaW5kb3dzUGhvbmUMCxIVdGhpcmRQYXJ0eURpc3BsYXlUeXBlGhJOQVRJVkVfQVBQTElDQVRJT04MEgNsc28iFJZQrUSzSBUX1XVpZxx-K_xFjAA7KAEyFBX1s-5Zjlet_038EBgHpUrtzMWT&service=lso<mpl=embedded&fss=1
https://accounts.google.com/o/oauth2/auth?scope=https://www.googleapis.com/auth/analytics.readonly&response_type=code&access_type=offline&redirect_uri=http://localhost&approval_prompt=force&client_id=*clientID*&hl=fr-FR&from_login=1&as=-f41460280d51b31&pli=1&auth=DQAAAIMAAAAw6WtQDD3JKEg_qAs6neUVzWA5ixsW0ido7pIOrK5KRLnHA-_QQhVd7RzSelpNhkhCVJxVGSEgQpZINeKa29lwivfu-Rbu-vuM1uR4U-JC3EJZEwDMIMuva19_KNsd83ihmeYcuGbnBvUR5iln1KhZZIvhUkbS9CjVwLRdwbMRG5nRHO-oJruBkuezuntX8Iw
https://accounts.google.com/o/oauth2/auth?scope=https://www.googleapis.com/auth/analytics.readonly&response_type=code&access_type=offline&redirect_uri=http://localhost&approval_prompt=force&client_id=*clientID*&hl=fr-FR&from_login=1&as=-f41460280d51b31&pli=1
https://accounts.google.com/o/oauth2/approval?as=-f41460280d51b31&hl=fr_FR&xsrfsign=APsBz4gAAAAAUHsS0dCApfLAWpZILWjeTNZSt6DUZzug
404 error -> https://accounts.google.com/o/oauth2/
On Chrome, same URIs, but when I click on "Authorize", I get localhost with the code for the token.
I believe in WP, embedded IE webview has javascript disabled by default. There's a simple webview API call to enable JS before starting the webview. At this point, we can only reproduce this bug in browsers that do not execute JS.
More specifically, see: http://msdn.microsoft.com/en-us/library/microsoft.phone.controls.webbrowser.isscriptenabled(v=vs.92).aspx on how to enable JS.
We've identified an issue with our server that we hope to fix soon for the way we report an error when JS is not enabled on the client.
Clients that do not have javascript enabled will not be able to submit the OAuth approval form going forward. The error you're seeing, with the 302 to the 404 is a redirect bug in our error page that explains this requirement.
In addition, we have tested windows phone 7 IE on our page and recreated your issue. At this point we assume is related to JS in the client. We're looking into this and hope to have a fix soon.