I've had lots of progress on this and wanted to implement the "invisible player" on the chromecast receiver as explained here:Deezer invisible player
I have my demo app running, and am able to pass from the sender to the receiver my access token and my token expires.
Instanciating the DZ player like so:
DZ.init({
appId : deezer_app_id,
channelUrl : deezer_channel_url,
player : {
onload : onPlayerLoaded,
token : {
accessToken:event.message.accessToken,
expire:event.message.expire
}
}
});
the onPlayerLoaded function just logs a message for the time being.
I am currently getting:
Unsafe JavaScript attempt to access frame with URL http://mydomain/chrome/myreceiver.html from frame with URL http://www.deezer.com/es/plugins/player.php?channel=http://Mydomain/chrome/channel.php&app_id=IDVALUE&emptyPlayer=true. Domains, protocols and ports must match.
external-v00202097.js:40
FB.getLoginStatus() called before calling FB.init(). vb.js:56
Flash is not installed or is too old vb.js:56
Unsafe JavaScript attempt to access frame with URL http://mydomain/chrome/myreceiver.html from frame with URL http://static.ak.facebook.com/connect/xd_arbiter.php?version=27#channel=f3a…Ffb_xd_fragment%23xd_sig%3Df2d6a19d8%26&origin=http%3A%2F%2Fwww.deezer.com. The frame requesting access set 'document.domain' to 'facebook.com', but the frame being accessed did not. Both must set 'document.domain' to the same value to allow access.
xd_arbiter.php:18
Unsafe JavaScript attempt to access frame with URL http://Mydomain/chrome/myreceiver.html from frame with URL https://s-static.ak.facebook.com/connect/xd_arbiter.php?version=27#channel=…Ffb_xd_fragment%23xd_sig%3Df2d6a19d8%26&origin=http%3A%2F%2Fwww.deezer.com. The frame requesting access has a protocol of 'https', the frame being accessed has a protocol of 'http'. Protocols must match.
now the first one does not make sense, as I have my channelURL set to the same domain, looking with the inspector I can guarantee both on the channelURl and on the chrome cast receiver that we have the same document.domain .
the second error seems to be from deezer loading something in flash (weird as the example does not state anything in flash).
the third error would be deezer calling FB for some reason.
I know the youtube api through Iframe has been made to work with chromecast, so I think this is possible, however the flash problem and cross domain seems to be an issue.
Any advice?
About the domain, sometimes you get errors when the domain you specified for your app on http://developers.deezer.com contains http:// as it shouldn't.
About Flash, the Deezer player is based on Flash for encryption so you need to install it to get it to work.
Facebook is included in the Deezer player (for sharing, login purposes) and you get warnings when your page is loaded within iframes. You can ignore these warnings.
I am not familiar with Deezer so won't be able to comment on Deezer related issues but the "Unsdafe ..." message can also be caused by trying to use file://*; this is an additional security measure in Chrome. In addition, what are the sanbox properties of the iframe? Does it include "allow-same-origin" ?
Related
Cobalt can default load the URL. We are investigating how to add the DIAL paring code to the URL. Maybe it needs a changeURL API for avoiding re-launching YouTube.
// Restrict navigation to a couple of whitelisted URLs by default.
const char kYouTubeTvLocationPolicy[] =
"h5vcc-location-src "
"https://www.youtube.com/tv "
"https://web-release-qa.youtube.com/tv "
[scenario]
launch YTTV with your remote controller
open YouTube app on your phone
try to pairing to TV
Cobalt currently doesn't implement DIAL smooth-pairing once launched, but it does support being launched with alternate query parameters via the --url= command-line parameter.
For example:
https://www.youtube.com/tv?...anything...
Will pass the navigation whitelist.
Full implementation of smooth-pairing support is planned for Q1 2017.
I'm trying to capture and handle every single request a web page, or a plugin in it is about to make.
For example, if you open the console, and enable Net logging, when a HTTP request is about to be sent, console shows it there.
I want to capture every link and call my function even when a video is loaded by flash player (which is logged in console also, if it is http).
Can anyone guide me what I should do, or where I should get started?
Edit: I want to be able to cancel the request and handle it my way if needed.
You can use the Jetpack SDK to get most of what you need, I believe. If you register to system events and listen for http-on-modify-request, you can use the nsIHttpChannel methods to modify the response and request
let { Ci } = require('chrome');
let { on } = require('sdk/system/events');
let { newURI } = require('sdk/url/utils');
on('http-on-modify-request', function ({subject, type, data}) {
if (/google/.test(subject.URI.spec)) {
subject.QueryInterface(Ci.nsIHttpChannel);
subject.redirectTo(newURI('http://mozilla.org'));
}
});
Additional info, "Intercepting Page Loads"
non sdk version and with much much more control and detail:
this allows you too look at the flags so you can only watch LOAD_DOCUMENT_URI which is frames and main window. main window is always LOAD_INITIAL_DOCUMENT_URI
https://github.com/Noitidart/demo-on-http-examine
https://github.com/Noitidart/demo-nsITraceableChannel - in this one you can see the source before it is parsed by the browser
in these examples you see how to get the contentWindow and browserWindow from the subject as well, you can apply this to sdk example, just use the "subject"
also i prefer to use http-on-examine-response, even in sdk version. because otherwise you will see all the pages it redirects FROM, not the final redirect TO. say a url blah.com redirects you to blah.com/1 and then blah.com/2
only blah.com/2 has a document, so on modify you see blah.com and blah.com/1, they will have flags LOAD_REPLACE, typically they redirect right away so the document never shows, if it is a timed redirect you will see the document and will also see LOAD_INITIAL_DOCUMENT_URI flag, im guessing i havent experienced it myself
How can you detect the url that I am browsing in chrome/safari/firefox via cocoa (desktop app)?
As a side but related note, are there any security restrictions when developing a desktop app that the user will be alerted and asked if they want to allow? e.g. if the app accesses their contact information etc.
Looking for a cocoa based solution, not javascript.
I would do this as an extension, and because you would like to target Chrome, Safari, and Firefox, I'd use a cross-browser extension framework like Crossrider.
So go to crossrider.com, set up an account and create a new extension. Then open the background.js file and paste in code like this:
appAPI.ready(function($) {
appAPI.message.addListener({channel: "notifyPageUrl"}, function(msg) {
//Do something, like send an xhr post somewhere
// notifying you of the pageUrl that the user visited.
// The url is contained within msg.pageUrl
});
var opts = { listen: true};
// Note: When defining the callback function, the first parameter is an object that
// contains the page URL, and the second parameter contains the data passed
// to the context of the callback function.
appAPI.webRequest.onBeforeNavigate.addListener(function(details, opaqueData) {
// Where:
// * details.pageUrl is the URL of the tab requesting the page
// * opaqueData is the data passed to the context of the callback function
if(opaqueData.listen){
appAPI.message.toBackground({
msg: details.pageUrl
}, {channel: "notifyPageUrl"});
}
}, opts ); // opts is the opaque parameter that is passed to the callback function
});
Then install the extension! In the example above, nothing is being done with the detected pageUrl that the user is visiting, but you can do whatever you like here - you could send a message to the user, you could restrict access utilizing the cancel or redirectTo return parameters, you could log it locally utilizing the crossrider appAPI.db API or you could send the notification elsewhere, cross-domain, to wherever you like utilizing an XHR request from the background directly.
Hope that helps!
And to answer the question on security issues desktop-side, just note that desktop applications will have the permissions of the user under which they run. So if you are thinking of providing a desktop app that your users will run locally, say something that will detect urls they access by tapping into the network stream using something like winpcap on windows or libpcap on *nix varieties, then just be aware of that - and also that libpcap and friends would have to have access to a network card that can be placed in promiscuous mode in the first place, by the user in question.
the pcap / installed desktop app solutions are pretty invasive - most folks don't want you listening in on literally everything and may actually violate some security policies depending on where your users work - their network administrators may not appreciate you "sniffing", whether that is the actual purpose or not. Security guys can get real spooky so-to-speak on these kinds of topics.
The extension via Crossrider is probably the easiest and least intrusive way of accomplishing your goal if I understand the goal correctly.
One last note, you can get the current tab urls for all tabs using Crossrider's tabs API:
// retrieves the array of tabs
appAPI.tabs.getAllTabs(function(allTabInfo) {
// Display the array
for (var i=0; i<allTabInfo.length; i++) {
console.log(
'tabId: ' + allTabInfo[i].tabId +
' tabUrl: ' + allTabInfo[i].tabUrl
);
}
});
For the tab API, refer to:
http://docs.crossrider.com/#!/api/appAPI.tabs
For the background navigation API:
http://docs.crossrider.com/#!/api/appAPI.webRequest.onBeforeNavigate
And for the messaging:
http://docs.crossrider.com/#!/api/appAPI.message
And for the appAPI.db stuff:
http://docs.crossrider.com/#!/api/appAPI.db
Have you looked into the Scripting Bridge? You could have an app that launches, say, an Applescript which verifies if any of the well known browser is opened and ask them which documents (URL) they are viewing.
Note: It doesn't necessarily need to be an applescript; you can access the Scripting Bridge through cocoa.
It would, however, require the browser to support it. I know Safari supports it but ignore if the others do.
Just as a quick note:
There are ways to do it via AppleScript, and you can easily wrap this code into NSAppleScript calls.
Here's gist with AppleScript commands for Safari and Chrome. Firefox seems to not support AE.
Well obviously this is what I had come across on google.
chrome.tabs.
getSelected
(null,
function
(tab) {
alert
(tab.url);
}) ;
in pure javascript we can use
alert(document.URL);
alert(window.location.href)
function to get current url
I would like to open an audio file from an HTTPS resource.
First, I tried using MediaPlayerLauncher like so:
MediaPlayerLauncher mediaPlayerLauncher = new MediaPlayerLauncher {
Media = filename,
Controls = MediaPlaybackControls.Pause,
Orientation = MediaPlayerOrientation.Portrait,
Location = MediaLocationType.None
};
mediaPlayerLauncher.Show();
filename in this case is a URL beginning with https://.
Using Fiddler to monitor traffic, I have noticed that https:// in filename is getting changed to http://.
Next I tried opening the same URL using WebBrowserTask:
WebBrowserTask webBrowser = new WebBrowserTask {
Uri = filename
};
webBrowser.Show();
Checking Fiddler out again, I noticed that two requests are being sent. First is a request to filename by the browser. This results in the "Tap to open file" message to appear in the browser. Tapping it opens the phone's media player (MediaPlayerLauncher?), which sends another request -- in this case, the https:// changed to http:// again (which is similar result to first attempt).
The server I am getting the file from only supports HTTPS, hence the problems arising when the media player requests the file as HTTP.
Is there anyway to stream a file from an HTTPS resource? Does Windows Phone's media player even support it?
Pointing location on the internet for the MediaLuncher is a bad idea. It will freez UI thread and your app won't be responsive. Try first download the audio as a stream and then play it. Use WebClient to open a stream. HTTPS can be open in WP7, so that shouldn't be a problem.
I having an issue with FB.ui permissions.request window.
FB.ui({
method: 'permissions.request',
perms: 'publish_actions',
display: 'popup'
},function(response) {
// This function is never called ? });
Context :
I use the new OAuth window (with timeline), i have configured my apps to work with it.
I'm french and use Facebook in French.
First issue :
- My callback function is never called ...
Second issue :
- The new OAuth window, seem to be not the good window.
It's called 'permission request' but inside it is the copy of login window. And no permission request is displayed.
So, my question is : how can i do the permission request in js ?
How displaying this window : https://developers.facebook.com/attachment/app_extended_perms.png/ ?
Thanks.
The reason you are not seeing it is because the application process has become a two step process.
Being that the person accepts to login into your application.
Being the person accept your extended permission which is where the callback url comes into play.
Documentation can be found here.
So the reason your callback isn't being called is because the two step process. I would suggest making the response attached to second page that is called.
I am not sure how the JS SDK works but it is how I managed to do it.
Goodluck.
Disable "Enhanced Auth Dialog" in your app's advance settings and see if it works. If you want to stick with Enhanced Auth Dialog then checkout Setup Auth Dialog Preview for Authenticating user section of this tutorial.