django-cms==3.4.2
server=nginx
security=https://letsencrypt.org/
Since my web site is on https I'm unable to access django admin pages directly from my site (www.blabla.ab)
I can access them by changing the url while adding admin at the end or the url https://blabla.ab/fr/admin but not thought the admin cms dropdown menu (top left part of the window) or double click menu, I get the following error:
SecurityError : Failed to read the ‘contentDocument’ property from ‘HTMLIFrameElement’ : Blocked a frame
With origin “https” from accessing a cross-origin frame
or at form popup:
The form could not be loaded. Please check that the server is running.
It seems that Django CMS admin does not work with https because of cross-origin frame?
I've tried with
X_FRAME_OPTIONS = 'SAMEORIGIN'
X_FRAME_OPTIONS = 'ALLOW-FROM https://blabla.ab/'
with the django security middleware
MIDDLEWARE_CLASSES = (
'cms.middleware.utils.ApphookReloadMiddleware',
'django.middleware.security.SecurityMiddleware',
but it does'nt change anything. Any idea?
I've found the cause of the problem.
My vhost.conf file located in /etc/nginx/sites-available was pointing on a ssl params file include /etc/nginx/snippets/ssl-params.conf
and in that ssl-params.conf file I had the following line
add_header X-Frame-Options DENY;
I've changed that line to
add_header X-Frame-Options SAMEORIGIN;
Related
I have a laravel 6 application that I want to put into setup form. so i found phpdesktop chrome and copy my app content to phpdesktop www folder. When I start the application with the setup, it shows me the home page, but when I click on a button to access my login page, I receive this error: Error 404: Not Found
File not found.
What can I do to make the routes accessible via the desktop application?
any help would be appreciated. thank you
It was enough to put /index.php at line "404_handler":
"web_server": {
"listen_on": ["127.0.0.1", 62412],
"www_directory": "www/public",
"index_files": ["index.html", "index.php"],
"cgi_interpreter": "php/php-cgi.exe",
"cgi_extensions": ["php"],
"cgi_temp_dir": "",
"404_handler": "/index.php",
"hide_files": []
},
I have used ARR and URL rewrite to reverse proxy request from the internet to my local host MVC web app.
The weird thing is some parts of the web app works while others show 404 err:
1) When I type in : mywebsite/Nodewebsite/ - that works
2) When I type in : mywebsite/Nodewebsite/blog - that works
3) When I type in : mywebsite/Nodewebsite/admin - I get my admin page fine but when I try to log on I get a 404 err.
4) When I click on a link on lets say : mywebsite/Nodewebsite/blog that points to another page in my web app, I get a 404 err.
I checked the URL, the path is not right in the 404 err, it points to a location in my web root folder.
It seems whenever I try to access the web app from the internet by typing in a specific URL, it will work but if something redirect to a site it gives a 404 err.
I have a site built in drupal 7 where I use an adding node form which uses ajax for form submission (I use the modal module or the ajax_entity module). In both case when I submit the code the node is not create and I receive the following error in a popup:
"An AJAX HTTP request terminated abnormally. Debugging information follows. Path: http://demo/q=modal/node/add/TestType/ajax/0" Status text:n/a ResponseText:Skip to main content"
I dont if this is important but the node form is divided in vertical tabs and it is opening in modal window. Also it includes textboxes,textareas and file upload field, but in this case still I havent used the file upload fields.
Thanks in advance
Most of the type Drupal Ajax Http error occurs when Drupal cant find Base URL.
So to resolve this issue follow below steps
Set $base_url variable in settings.php
If you have written some custom module, then make sure that whenever you to execute Ajax, check base_url variable have proper value. You can verify base_url value by printing this variable.
I recently had a similar issue and found that someone adjusted the X-Frame-Options in Apache. If you look in the browser's console log, I had this error displaying:
Refused to display 'https://www.example.com/file/ajax/field_heading_background_image/und/0/form-kfxURDN5ZPpN5pjFWajkPCDpMKJrrJthX9WVcY2K8' in a frame because it set 'X-Frame-Options' to 'DENY'.
Adding this to your .htaccess should fix it, but you can also adjust the server configuration:
Header always unset X-Frame-Options
Header set X-Frame-Options SAMEORIGIN
I use Drupal 7.33 and Image Field. I can't upload or delete images when JS is turned on in my browser. So it can't be a file-permission or php problem.
From my nginx-log-file:
[warn] 812#0: *7074 a client request body is buffered to a temporary
file /var/lib/nginx/body/0000000023, client: 174.61.242.24,
server: www.example.com, request: "POST /file/ajax/field_foto/und/0/form
Bw9u5Xhbowcr3qGBI4mPYtnNtC0AUHpyi2L_xesa9qY HTTP/1.1", host: "www.example.com",
referrer: "http://www.example.com/node/8/edit"
I also use the jQuery-Update Module with Version 1.5 for administrative sites.
Console-Error:
'Attr.nodeValue' is deprecated. Please use 'value' instead.
jquery-1.5.2.min.js:16
Refused to display 'http://www.example.com/file/ajax/field_foto/und/0/form-wNmrRuGxQgvWtN_glNEmnFI34Bm-m_sMC-iuGVn0Wmk'
in a frame because it set 'X-Frame-Options' to 'DENY'. about:blank:1
Uncaught SecurityError: Sandbox access violation: Blocked a frame at
"http://www.example.com" from accessing a frame at "null".
The frame being accessed is sandboxed and lacks the "allow-same-origin" flag.
js_4QRrlXrX4C71F2nR2dAhf6BenDZnNcl6GHuDAJyosZw.js:101t
js_4QRrlXrX4C71F2nR2dAhf6BenDZnNcl6GHuDAJyosZw.js:101
With the default jQuery Version provided by the theme, I get this error (pop-up), when I try to delete the file:
An AJAX HTTP request terminated abnormally.
Debugging information follows.
Path: /file/ajax/field_foto/und/0/form-3_O5Rsz9PLD9NJCuwI157oZdHW1XJ8gOdTtJYQTT1oI
StatusText: n/a
ResponseText:
ReadyState: undefined
I've tested this with Chrome, Firefox and Safari.
The Status-Report from Drupal is OK.
Thanks for your help ;)
This small configuration should fix the issue:
Configuring Apache
To configure Apache to send the X-Frame-Options header for all pages, add this to your site's configuration:
Header always append X-Frame-Options SAMEORIGIN
Configuring nginx
To configure nginx to send the X-Frame-Options header, add this either to your http, server or location configuration:
add_header X-Frame-Options SAMEORIGIN;
This only seems to be happening to me on localhost. Overlay is off and the only error I see in Chrome dev tools console is "'Attr.nodeValue' is deprecated. Please use 'value' instead.".
Im creating a mobile app with Phonegap and Backbone.js. My app hits a url which returns an rss feed in xml format and this is to be loaded into the Backbone connection. However I am getting the error:
Origin http://localhost is not allowed by Access-Control-Allow-Origin.
In my res/xml/config.xml I have the line:
<access origin="*"/>
The phonegap docs at http://docs.phonegap.com/en/1.9.0/guide_whitelist_index.md.html, state that this should stop this type of error, but it's not.
I'm testing from localhost on a desktop browser. Could this be the issue?
Put his in your top in your PHP file that you make the request to:
header('Access-Control-Allow-Origin: *');
I take it that you use php :)
if now please say which language :)
I was testing in a browser, the whitelist in res/xml/config.xml only works on a mobile device.