we are not able to open URL in the iFrame when using chrome as a browser. We are using the latest version of chrome.
The Html we are using:-
<!DOCTYPE html>
<html>
<body>
<h1>The iframe element</h1>
<iframe src="http://localhost:8080/ui/overview" width="500px" height="500px">
</iframe>
</body>
</html>
But the iframe is returning Too many times redirect issue.
We have also used this in the spring-security.xml file:-
<headers>
<frame-options disabled="true" />
</headers>
We have also tried to configure in our Web application init() method:-
we set the wicket RenderStrategy to :- RequestCycleSettings.RenderStrategy.REDIRECT_TO_BUFFER
When we inspect elements and see the network tab in chrome. This is the output. It shows 302 as Status
:-
It is not working in google chrome only.
How can we solve this issue?
Please suggest some way to do it.
Related
I have a html structure like this
<html>
<body>
<iframe srcdoc="HTMLDOC"></iframe>
<body>
</html>
where HTMLDOC is a HTML doc which has some <img> tags that show images in my server that the user must be authenticated to see.
This works flawlessly on Chrome, but when trying on Firefox the requests made from the browser to fetch these images do not send the user's cookies, and thus the images are not downloaded, (since the server thinks that the user is not authenticated).
If I convert the iframe to a "classic" iframe, like this:
<iframe src="URL INSIDE MY SERVER"></iframe>
where URL INSIDE MY SERVER is an endpoint that serves the same HTMLDOC it works both in Chrome and Firefox, sending the appropriate cookies in the requests to fetch the images.
I've tried as well to add the parameter sandbox="allow-same-origin allow-top-navigation allow-scripts" to the iframe using srcdoc, to no avail.
What's weird is that if this is a same-origin situation I can't think a clearer same-origin that having the page in the HTML itself, so I don't know if I'm missing something.
I'm not sure whether the implement differences between Chrome and Firefox are, but I use some DOM manipulations to bypass this issue:
<html>
<body>
<iframe onload="fillIframe(this);"></iframe>
</body>
</html>
<script type="text/javascript">
function fillIframe(o) {
o.contentWindow.document.body.innerHTML = "HTMLDOC";
}
</script>
I am working with CKEditor 4.4.5 and its plugin Stylesheet Parser 4.4, but I get empty list from the style drop-down.
To make my question easier to understand, please try this code (download from its example site: http://sdk.ckeditor.com/samples/styles.html):
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta name="robots" content="noindex, nofollow">
<title>Stylesheet Parser plugin</title>
<script src="http://cdn.ckeditor.com/4.5.2/standard-all/ckeditor.js"></script>
</head>
<body>
<textarea cols="80" id="editor2" name="editor2" rows="10" ><p>This is some <strong>sample text</strong>. You are using <a href="http://ckeditor.com/">CKEditor</a>.</p>
</textarea>
<script>
CKEDITOR.replace( 'editor2', {
extraPlugins: 'stylesheetparser',
height: 300,
// Custom stylesheet for editor content.
contentsCss: [ 'http://sdk.ckeditor.com/samples/assets/stylesheetparser/stylesheetparser.css' ],
// Do not load the default Styles configuration.
stylesSet: []
} );
</script>
</body>
</html>
It doesn't really work. But the sample on that site works well.
I also find another sample site:
http://ckeditor.com/ckeditor_4.3_beta/samples/plugins/stylesheetparser/stylesheetparser.html
I tried to copy all the sources code from this demo site, but get no luck.
Did anyone else have the same problem?
How can I make the codes above work? It basically uses the source codes from CDN site so I don't think the version of source code matters.
You should try with this version: http://ckeditor.com/addon/stylesheetparser-fixed
The official plugin has some problems since very long ago but they don't seem to plan to fix them.
This problem is caused by Cross-domain request. The CSS file is in HTTP server, and my application is running with a port number. So they are treated as cross domain request.
I also tested the HTML page and CSS file in the local files. However, file://...path is still treated as Cross Domain request in Chrome, but FF and IE works with that properly though.
When I tried this in server, it works properly with Chrome. Unfortunately, there seems no way to make cross domain request work in Chrome and Firefox.
I am working locally on a PHP site. I am on a Mac OS X Yoesmite and have setup Apache. But sometimes when i refresh the page it doesn't load, so I have to refresh the page again and again until it randomly loads my site again. When it doesn't load and I view the source it looks like this...
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title></title>
</head>
<body>
<!-- ERR_DNS_FAIL -->
</body>
</html>
Anybody know why this is happening or how I might go about fixing it as it's very annoying when trying to build a site and you have to keep refreshing the page until it loads.
I know(pretty sure) what was causing this issue now. I switched browsers developing because I noticed it was only happening in Chrome, so I was using Firefox. But then when I installed "Zapyo" browser extension in Firefox(I already had it in Chrome) the same thing started happening. So I just disable this plugin when developing.
So nothing to do with Apache configuration.
I have a C# MVC app that makes use of recaptcha security code in a particular view.
In my view i have the following code:
<script type="text/javascript" src="https://www.google.com/recaptcha/api/js/recaptcha_ajax.js"></script>
...
#Html.Raw(Html.GenerateCaptcha("captcha", "white"))
#Html.ValidationMessage("captcha")
When i try to load the page, i get the following error in chrome's debugger:
Mixed Content: The page at 'https://mywebsite.com' was loaded over HTTPS, but requested an insecure resource 'http://www.google.com/recaptcha/api/challenge?k=mykey'. This request has been blocked; the content must be served over HTTPS.
and if i inspect the source of the loaded page, the razor control for recaptcha generates this script tag:
<script type="text/javascript" src="http://www.google.com/recaptcha/api/challenge?k=mykey">
the src attribute is a http url not a https url.
If anyone knows how i can overcome this error, it would be greatly appreciated.
Thanks,
Kapetanios
Ok here i am posting an answer to my own question again.
It turns out that this:
#Html.Raw(Html.GenerateCaptcha("captcha", "white"))
#Html.ValidationMessage("captcha")
was rendering this:
<script type="text/javascript" src="http://www.google.com/recaptcha/api/challenge?k=mykey"></script>
The src attribute of the script tag contained http and not https
So, to fix this issue, i just replaced the #html.raw & #html.validate with this:
<script type="text/javascript" src="https://www.google.com/recaptcha/api/challenge?k=mekey"></script>
<noscript>
<iframe src="https://www.google.com/recaptcha/api/noscript?k=mykey" height="300" width="500" frameborder="0"></iframe><br>
<textarea name="recaptcha_challenge_field" rows="3" cols="40"></textarea><input name="recaptcha_response_field" value="manual_challenge" type="hidden" />
</noscript>
Doing this stopped chrome debugger from getting the error.
When I try to debug my gwt app that's inside an iframe (note that gwt codserv and webserv are all local) I'm having permissions issues. The following errors are thrown:
on Chrome console: "Refused to display document because display
forbidden by X-Frame-Options.";
on Chrome webpage window: "Plugin
failed to connect to Development Mode server at 127.0.0.1:9997 Follow the underlying troubleshooting instructions"
This ONLY happens in Google Chrome, firefox and IE are ok.
I've already searched for simillar problems but all of them are on crossdomain context, and mine is local. Also, tried the proposed solutions but all without success.
Here is an example of my webpage containing my iFrame. I can't debug MyGWT app.
<!doctype html>
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
</head>
<body>
<iframe src="MyGWT.html?gwt.codesvr=127.0.0.1:9997"></iframe>
</body>
</html>
The page that's being blocked is probably TroubleshootingOOPHM
FYI, this has been fixed in GWT 2.5, which now links to this page rather than trying to display it in an iframe (moreover underneath the error glasspane, which made it hardly readable anyway before Google changed their server settings)