Adblock prevents my call to Indeed API - adblock

I'm doing a project that employs an API call to Indeed.com.
When adblock is enabled, it does not work, with an error message in the chrome dev console:
"Failed to load resource: net::ERR_BLOCKED_BY_CLIENT"
This is followed by the Indeed.com api call URL.
Anyone else have experience with adblock shutting down API calls?
Any ideas for a solution?
Thanks!

Related

Example of Using AJAX Oauth call from Suitelet to call a restlet

I have been trying this for quite some time and with no avail. Would someone point me to the right direction.
I have a simple suitelet
the suitelet dumps a html in the response by reading a file
The html has a button. On ajax call of that button, a restlet gets called and a request is sent.
This is working great with Login and internal calls. However, I want the suitelet to be available without login and also the restlet.
When I do that, I get CORS error and using jsonp when I relsolve that, I get 401 Unauthorized
Tried Outh and NLAuth, no avail.
Will really appreciate any help or pointers.
If the info isn't sensitive you can call the suitelet from the domain of your website. If you have enabled https on the site then that'll just work
e.g. https://forms.na3.netsuite.com/app/site... becomes http://example.com/app/site...
If you are using SCA then you can also just do this by calling a .ss service function. The nice thing about that is that you can set the role on the .ss file and have better control of your resources without just making the customer center role capable of seeing everything. Same issue with https though.
If the info is sensitive you can get around the issue on most browsers by embedding an iframe at the https:// forms etc and using the onMessage operation to transfer info from the non-secure to the secure. (see https://developer.mozilla.org/en-US/docs/Web/API/Window/postMessage)
It's certainly possible to call a RESTlet from a Suitelet but it sounds like your issue is more how to call the Suitelet securely.

chrome devtools extension: CORS issues on windows

I'm building a chrome extension, where I add a panel in the devtools, from where I need to perform some ajax calls.
From what I read, I have to add my domain in the manifest.json permissions:
{
...
"permissions": ["https://example.com/"]
}
And from within my devtools panel, I'm now able to perform api calls to the server.
Except that on chrome-windows, nothing works.
From what I could observe:
osX, linux: as long as the domain is authorized, everything works fine
windows: a pre-flight request is sent although the domain should be authorized. It then fails, and everything is blocked
Is there something I'm doing wrong here ?
Thanks,
Ok, without changing anything the extension seems to behave as expected now.
My guess is that there was some bug on chrome/windows that have been fixed since. Closing the question.
If you're having trouble with regard to CORS in chrome extension, check the Cross-Origin XMLHttpRequest guide. There's a Requesting cross-origin permissions which details how you can implement cross-origin permissions.
There's also a handy chrome extension app called Allow-Control-Allow-Origin which might help when testing xhr requests.

Google map places service is giving REQUEST

I am using google place api for places sugestions.
https://maps.googleapis.com/maps/api/place/textsearch/json?query=ari&sensor=false&key=your_api_key
I have valid api key and this URL is working fine when I am executing it from the browser.
The api return "OK" as status and places suggestion but when I am executing the same URL by cUrl or file_get_contents It returns "REQUEST_DENIED" as status and hence no place suggestions.
why this is behaving like this.
Is there any setting which I am missing.
Any suggestion would be a great help.
Thanks
Did you ever get your answer to this? As far as I am aware this is die to "cross-site-scripting" security limits. You can't go from the Places API directly to Google even though you can in a browsers address bar. You have to make the call back to your sever and have the server send the call to Google - then return those results back to your page/ web site.

Google OAuth API not working anymore?! 404 error

I've got a strange problem with my Analytics Windows Phone App. It's been 2 months now from the first release. My Google Oauth always worked... until several days ago.
It is impossible to authorize the app to access Analytics data anymore. And I've changed totally nothing!
The first URI I use is:
https://accounts.google.com/o/oauth2/auth?redirect_uri=http:// localhost
&response_type=code
&client_id=*myClientAppId*
&approval_prompt=force
&scope=https://www.googleapis.com/auth/analytics.readonly
&access_type=offline
It's the same as https://developers.google.com/oauthplayground/. The Web Explorer shows me the login form, and then the authorization form. When I tap "Authorize access", it redirects me to a 404 page.
I don't know why, it always worked before.
EDIT: OK, this works in Google Chrome. It gives me a 404 at the end but the code is in the browser URI.
EDIT 2: It works in Firefox too! But not in Internet Explorer. Google has modified something that doesn't fit IE! As it is IE in Windows Phone, I'm out of luck.
EDIT 3: This is the URL from Windows Phone IE during the process:
https://accounts.google.com/o/oauth2/auth?redirect_uri=http://localhost&response_type=code&client_id=*clientID*&approval_prompt=force&scope=https://www.googleapis.com/auth/analytics.readonly&access_type=offline
https://accounts.google.com/ServiceLogin?service=lso&passive=1209600&continue=https://accounts.google.com/o/oauth2/auth?scope=https://www.googleapis.com/auth/analytics.readonly&response_type=code&access_type=offline&redirect_uri=http://localhost&approval_prompt=force&client_id=*clientID*&hl=fr-FR&from_login=1&as=-f41460280d51b31&ltmpl=embedded&shdf=Cp8BCxIRdGhpcmRQYXJ0eUxvZ29VcmwaAAwLEhV0aGlyZFBhcnR5RGlzcGxheU5hbWUaGkFuYWx5dGljcyBmb3IgV2luZG93c1Bob25lDAsSBmRvbWFpbhoaQW5hbHl0aWNzIGZvciBXaW5kb3dzUGhvbmUMCxIVdGhpcmRQYXJ0eURpc3BsYXlUeXBlGhJOQVRJVkVfQVBQTElDQVRJT04MEgNsc28iFJZQrUSzSBUX1XVpZxx-K_xFjAA7KAEyFBX1s-5Zjlet_038EBgHpUrtzMWT&scc=1
https://accounts.google.com/ServiceLoginAuth
http://accounts.google.fr/accounts/SetSID?ssdc=1&sidt=ALWU2cvavauNt1Z0SXgI2DX+i+T5G1snNnu5C+aq/NBExAfG+WenK3WQRLVDLUWqsRcCCbj6c1b1qoZUOQminXYpKJMQzl6FWmuTgA8rVQYtaK5tatpCXffmlXh9CLec/zn8SUijYZILc7vwN9ByicxS1vSyFGvuoteb7wfDiemkcbvaPjfQZ4PrfmEWtl/Us+Gua+ePdTMc9tHFllBYj3TUZDiL7H1FmfPe1nE4jPyteAnGcF500lFyGSYAftGVpsMRQZiJ+4qVhGcgBrFrySpb92sVTq5FGTrQmqryhvhwQF6Sy6SJbq1CqgiavbsZbfwrvZIWVq31&continue=https://accounts.google.com/ServiceLogin?passive=true&go=true&continue=https%253A%252F%252Faccounts.google.com%252Fo%252Foauth2%252Fauth%253Fscope%253Dhttps%253A%252F%252Fwww.googleapis.com%252Fauth%252Fanalytics.readonly%2526response_type%253Dcode%2526access_type%253Doffline%2526redirect_uri%253Dhttp%253A%252F%252Flhttps://accounts.google.com/ServiceLogin?passive=true&go=true&continue=https://accounts.google.com/o/oauth2/auth?scope=https://www.googleapis.com/auth/analytics.readonly&response_type=code&access_type=offline&redirect_uri=http://localhost&approval_prompt=force&client_id=*clientID*&hl=fr-FR&from_login=1&as=-f41460280d51b31&shdf=Cp8BCxIRdGhpcmRQYXJ0eUxvZ29VcmwaAAwLEhV0aGlyZFBhcnR5RGlzcGxheU5hbWUaGkFuYWx5dGljcyBmb3IgV2luZG93c1Bob25lDAsSBmRvbWFpbhoaQW5hbHl0aWNzIGZvciBXaW5kb3dzUGhvbmUMCxIVdGhpcmRQYXJ0eURpc3BsYXlUeXBlGhJOQVRJVkVfQVBQTElDQVRJT04MEgNsc28iFJZQrUSzSBUX1XVpZxx-K_xFjAA7KAEyFBX1s-5Zjlet_038EBgHpUrtzMWT&service=lso&ltmpl=embedded&fss=1
https://accounts.google.com/o/oauth2/auth?scope=https://www.googleapis.com/auth/analytics.readonly&response_type=code&access_type=offline&redirect_uri=http://localhost&approval_prompt=force&client_id=*clientID*&hl=fr-FR&from_login=1&as=-f41460280d51b31&pli=1&auth=DQAAAIMAAAAw6WtQDD3JKEg_qAs6neUVzWA5ixsW0ido7pIOrK5KRLnHA-_QQhVd7RzSelpNhkhCVJxVGSEgQpZINeKa29lwivfu-Rbu-vuM1uR4U-JC3EJZEwDMIMuva19_KNsd83ihmeYcuGbnBvUR5iln1KhZZIvhUkbS9CjVwLRdwbMRG5nRHO-oJruBkuezuntX8Iw
https://accounts.google.com/o/oauth2/auth?scope=https://www.googleapis.com/auth/analytics.readonly&response_type=code&access_type=offline&redirect_uri=http://localhost&approval_prompt=force&client_id=*clientID*&hl=fr-FR&from_login=1&as=-f41460280d51b31&pli=1
https://accounts.google.com/o/oauth2/approval?as=-f41460280d51b31&hl=fr_FR&xsrfsign=APsBz4gAAAAAUHsS0dCApfLAWpZILWjeTNZSt6DUZzug
404 error -> https://accounts.google.com/o/oauth2/
On Chrome, same URIs, but when I click on "Authorize", I get localhost with the code for the token.
I believe in WP, embedded IE webview has javascript disabled by default. There's a simple webview API call to enable JS before starting the webview. At this point, we can only reproduce this bug in browsers that do not execute JS.
More specifically, see: http://msdn.microsoft.com/en-us/library/microsoft.phone.controls.webbrowser.isscriptenabled(v=vs.92).aspx on how to enable JS.
We've identified an issue with our server that we hope to fix soon for the way we report an error when JS is not enabled on the client.
Clients that do not have javascript enabled will not be able to submit the OAuth approval form going forward. The error you're seeing, with the 302 to the 404 is a redirect bug in our error page that explains this requirement.
In addition, we have tested windows phone 7 IE on our page and recreated your issue. At this point we assume is related to JS in the client. We're looking into this and hope to have a fix soon.

Ajax https request issue

When I am calling a REST service through AJAX, its working fine. I am calling it with the URL staring with HTTP e.g.: http://www.myserver.com/customers. Its works really great.
But when I am calling a same URL but with HTTPs e.g.: https://www.myserver.com/customers,
I am not getting any response from server.
Its not working for GET or POST both.
Its not working in Mac firefox, actually I am developing an application for iPhone using phonegap framework.
Its also not working in iPhone simulator's mobile safari.
Can anyone here know what problem is this? And how to solve this?
The requesting domain must match the requested domain down to the protocol, according to the Same Origin Policy
It could probably be because of same origin policy. read
http://en.wikipedia.org/wiki/Same_origin_policy

Resources