I use Firebug for web development. Since version Firefox 37 I see the following annoying message in my console:
This site makes use of a SHA-1 Certificate; it's recommended you use certificates with signature algorithms that use hash functions stronger than SHA-1"
I understand that it is an important message, but it is duplicated many times and makes my work almost impossible.
Moreover, it appears every time my page communicates with other pages, for example with Google Analytics and other counters. So if I were to update my certificate, this message would still appear because these sites would have SHA-1.
So any site with GA gives me trouble.
How can I disable or filter this message?
As stated in the Firebug discussion group, Firebug's Console panel currently (Firebug 2.x) cannot filter single messages out. You can only filter by messages matching a specific text using the search field.
There are enhancement requests like issue #4507 reported to add such a filter, though it is unlikely that this will get implemented in Firebug, especially not in version 2.x, directly.
Firebug 3 will integrate into the built-in DevTools, which allow you to filter those warnings by unchecking Warnings within the Security menu inside the Console panel:
Besides that I created bug 1170476 asking to reduce the messages to a minimum.
Update:
Firebug development is discontinued. Instead, there is a Firebug theme available within the Firefox DevTools starting from Firefox 48. Bug 1170476 is fixed since Firefox 42, so you will only see one message logged with a counter showing how often the message occurred.
you can get rid of the message, but you have to modify firebugs code.
Sorry forgot to mention you need to convert the .xpi to .zip and extract the files first. You can leave the folder as is when done or zip it and convert it to an xpi again. You will need to restart Firefox.
locate the pluggin in your firefox profile dirctor and go to this file "\extensions\firebug#software.joehewitt.com\content\firebug\console\errors.js".
search for "logScriptError: function(context, object, isWarning)".
After the code "var error = new ErrorMessageObj(object.errorMessage, object.sourceName, object.lineNumber, object.sourceLine, category, context, null);".
input the following code:
if(error.message.indexOf('SHA-1') != -1 || error.message.indexOf('Security Policy') != -1){
return false;
}
should be about line 330.
Select the Console tab and, keeping pressed Ctrl on the keyboard, click on Errors, Info, Debug Info, Cookies.
Bear in mind that this will disable the output of all the warnings logged in Firebug and not only the ones generated by googleapis.
Remove HTTPS from the URL or keep all resources local.
I use Firebug for web development. Since version Firefox 37 I see the following annoying message in my console:
This site makes use of a SHA-1 Certificate; it's recommended you use certificates with signature algorithms that use hash functions stronger than SHA-1"
I understand that it is an important message, but it is duplicated many times and makes my work almost impossible.
Moreover, it appears every time my page communicates with other pages, for example with Google Analytics and other counters. So if I were to update my certificate, this message would still appear because these sites would have SHA-1.
So any site with GA gives me trouble.
How can I disable or filter this message?
As stated in the Firebug discussion group, Firebug's Console panel currently (Firebug 2.x) cannot filter single messages out. You can only filter by messages matching a specific text using the search field.
There are enhancement requests like issue #4507 reported to add such a filter, though it is unlikely that this will get implemented in Firebug, especially not in version 2.x, directly.
Firebug 3 will integrate into the built-in DevTools, which allow you to filter those warnings by unchecking Warnings within the Security menu inside the Console panel:
Besides that I created bug 1170476 asking to reduce the messages to a minimum.
Update:
Firebug development is discontinued. Instead, there is a Firebug theme available within the Firefox DevTools starting from Firefox 48. Bug 1170476 is fixed since Firefox 42, so you will only see one message logged with a counter showing how often the message occurred.
you can get rid of the message, but you have to modify firebugs code.
Sorry forgot to mention you need to convert the .xpi to .zip and extract the files first. You can leave the folder as is when done or zip it and convert it to an xpi again. You will need to restart Firefox.
locate the pluggin in your firefox profile dirctor and go to this file "\extensions\firebug#software.joehewitt.com\content\firebug\console\errors.js".
search for "logScriptError: function(context, object, isWarning)".
After the code "var error = new ErrorMessageObj(object.errorMessage, object.sourceName, object.lineNumber, object.sourceLine, category, context, null);".
input the following code:
if(error.message.indexOf('SHA-1') != -1 || error.message.indexOf('Security Policy') != -1){
return false;
}
should be about line 330.
Select the Console tab and, keeping pressed Ctrl on the keyboard, click on Errors, Info, Debug Info, Cookies.
Bear in mind that this will disable the output of all the warnings logged in Firebug and not only the ones generated by googleapis.
Remove HTTPS from the URL or keep all resources local.
I'm looking at the download page for ckeditor and I see that the ASP.NET control was last released in 2014. The version string is 3.6.6.2. Does this mean that the control is deprecated? It seems to work properly w/ 4.4.x, but I'm chasing down some weird ckeditor control issues and I wanted to make sure this isn't somehow the cause.
Some of the weird issues I've been chasing
Sometimes when I'm doing a save via form submit, I'll get an exception thrown by the guts of ckeditor: Uncaught IndexSizeError: Failed to execute 'extend' on 'Selection': 1 is larger than the given node's length.
Selecting text in the control prior to save makes it go away
Only happens in Chrome from what I can tell
If I remove the divarea plugin, that makes it go away
I feel like sometimes I'm getting weird errors with it complaining that jquery is missing when I use the asp.net control -- they don't seem to happen under the markup / script based method. I haven't pinned this down yet.
The overall build is the 3.6.6.2 of the asp.net control. The ckeditor build is 4.4.7. There are custom config.js files used in some places and in some places the control is configured by markup in the asp.net control.
We're having a very peculiar problem with a site that is using mod-pagespeed. Here's the link in question -
http://www.microsemi.com/applications/
If you try to expand one of the sections by clicking on the '+' sign you need to click twice to open.
However if you disable pagespeed using http://www.microsemi.com/applications/?ModPagespeed=off
The link works correctly.
What is the best way to debug this ? Is is possible to selectively disable javascripts from being processed by mod-pagespeed ?
I'd start first of all with looking at the errors that are thrown up on the page in chrome console:
Uncaught ReferenceError: Tips is not defined www.microsemi.com:43
Failed to load resource http://www.microsemi.com/media/system/js/mootools-more.js.pagespeed.ce.BqakF5Rbjl.js
These are presumably related as the errors vanish on the second link without page-speed. I'd assume the second one must be the reason why two clicks is needed - for some reason there is a javascript file missing using mod_pagespeed - also presumably containing jQuery UI.
I should probably add that it says here mod-pagespeed only seems to be of use for badly written sites. Joomla is well written so as long as you have well functioning extensions there should be negligible difference on your site!
What Firefox add-ons do you use that are useful for programmers?
I guess it's silly to mention Firebug -- doubt any of us could live without it. Other than that I use the following (only listing dev-related):
Console2: next-generation error console
DOM inspector: as the title might indicate, allows you to browse the DOM
Edit Cookies: change cookies on the fly
Execute JS: ad-hoc Javascript execution
IE Tab: render a page in IE
Inspect This: brings the selected object into the DOM inspector
JSView: display linked javascript and CSS
LORI (Life of Request Info): shows how long it takes to render a page
Measure IT: a popup ruler.
URL Params: shows GET and POST variables
Web Developer: a myriad of tools for the web developer
Here are mine (developer centric):
FireBug - a myriad of productivity enhancing tools, includes javascript debugger, DOM inspector, allows you to edit the CSS/HTML on the fly which is highly valuable for troubleshooing layout and display problems.
Web Developer - again another great developer productivity tool. I mostly use it for quickly validating pages, disabling javascript (yes I disable javascript sometimes, don't you?), viewing cookies, etc.
Tamper Data - lets you tamper with http headers, form values, cookies, etc. prior to posting back to a page, or getting a page. Incredibly valuable for poking and prodding your pages, and seeing how your web app responds when used with slightly malicious intent.
JavaScript Debugger - has a few more features than javascript debugger provided by firebug. Although I must admit, I sparingly use this one since firebug has largely won me over.
Live HTTP Headers - invaluable for troubleshooting, use it frequently. Lets you spy on all HTTP headers communicated back and forth between client and server. It has helped me track down nefarious problems, especially when debugging issues when deploying your web app between environments.
Header Spy - nice addon for the geeky types, shows you the web server and platform a web site runs on in the status bar.
MeasureIt - I don't use this all too frequently, but I've still found it valuable from time to time.
ColorZilla - again, not something I use all that frequently, but when I need it, I need it. Valuable when you want to know a color and you don't want to dig through a CSS file, or open up a graphics editing app to get a color embedded in some image.
Add N Edit Cookies - this has been a great debugging tool in web farms where the load balancer writes a cookie, and uses the cookie value to keep your session "sticky". It allowed me to switch at will between servers to track down problems on specific machine. Also a good tool if you want to try to mess with a site that uses cookies to track your login status/account, and you want to see how your code responds to malformed or hacked info.
Yellowpipe Lynx Viewer Tool - yeah I know what your thinking, lynx, who needs it, its so 1994. But if you are developing a site that needs to take web accessibility into account (meaning accessible to users with visual impairments who use screen readers), or if you need to get a sense of how a web spider/indexer "sees" your site, this tool is invaluable. Granted, you could always just go out and grab Lynx for yourselfhere's the windows xp port that I use.
I've got a handful of other addons that I've used from time to time that I'll just quickly mention: FireFTP (one I installed wasn't stable and I've not tried a newer release), Html Validator (also found this one unstable, least back when I installed like a year ago), IE Tab (I usually just have both IE and FireFox open concurrently, but that is just me, I know many others that find this addon useful).
I'd also recommend the Web Developer extension by Chris Pederick.
As far as web development, especially for javascript, I find Firebug to be invaluable. Web developer toolbar is also very useful.
The ones I have are...
Y-SLow
Live Headers
Firebug
Dom Inspector
One that wasn't mentioned yet is this HTML Validator extension that I found very useful.
#Flávio Amieiro
MeasureIt is an unnecessary extension to have if you install the Web Developer Toolbar. Web Developer Toolbar includes a ruler as one of its features. Under the "Miscellaneous" category for Web Developer click the option "Display Ruler" to use a ruler identical to the MeasureIt one.
That will allow you reduce the number of extensions needed by at least one.
Firefox addons:
FireBug:helps web developers and designers test and inspect front-end code. It provides us with many useful features such as a console panel for logging information, a DOM inspector, detailed information about page elements, and much, much more.
Web Developer-gives you the power disable CSS, edit CSS on the fly, measure certain areas of a page and much more.
ColorZilla
Just click on the icon, hover over the area you'd like to know the hex color for, and click.
Window Resizer
to make sure the layout is displayed properly in the standard resolutions of today.
Total Validator
validating websites much easier by checking HTML, links, CSS and doing a lot more.
Web Developer for web development. Scribefire if you're a blogger-progammer
For web developing I use the Web Developer Toolbar, CSS Viewer and MeasureIt.
But I'm really not one of those who has a thousand of extensions to do everything. I like to keep things simple.
EDIT: Thanks to Dan's answer I don't need MeasureIt anymore. Can't believe I've never seen that! I guess I'll just have to pay more atention to this WebDeveloper toolbar.
Adding to everyones lists, Tamper Data is quite useful, lets you intercept requests and change the data in them.
It can be used to bypass javascript validation and check whether the server side is doing its thing.
I use Web Developer, it's a real time saver.
+1 for LORI ("life-of-request-info"). It's a very convenient alternative for rough measurements of the load time of a particular web page -- the kind of thing that you might otherwise use an external stopwatch for.
New Tab Homepage. Combined with a "speed dial"-type homepage (a personal, fast-loading page of links that you use frequently), helps you get where you're going faster when you open a new browser tab.
LastTab. Changes the behavior of Ctrl+Tab to let you navigate back and forth between your most-recently-used tabs with repeated presses of Ctrl+Tab, the same way that Alt+Tab works in Windows. Also provides a nice view of all open tabs while Ctrl is still being held down for easy navigation. (The resultant behavior is very similar to the Ctrl+Tab behavior in recent releases of Visual Studio.)
FireFTP is good for grabbing/uploading any necessary files.
I find Hackbar to be quite useful. Very useful if you want to edit the querystring part of the url, to test for vulnerabilities, or just general other types of testing where you might end up with complicated query string values.
I was learning DOM inspector, but I've switched to Firebug.
Some of which has been missed above are here
Load Time Analyzer – View detailed graphs of the loading time of web pages in firefox. The graphs display events like page requests, image loading times etc.
Poster – A must have tool for web developers enabling them to interact with web services and other web resources.
Aardvark – A cool extension for web developers and designers, allows them to view CSS attributes, id, class by highlighting page element individually.
Fiddler is a really great debugging proxy. Think of it as a more powerful version of the "Net" panel in Firebug or the Live HTTP headers.
It used to be an IE-only extension, now it also has hooks into Firefox.
Groundspeed, is useful for testing server side code. It was created for input validation tests during pentest, but can be useful for any test that require manipulating input (similar to TamperData).
It lets you control the form elements in the page, you can change their type and other attributes (size, lenght, javascript event handlers, etc). So for example you can change a hidden field or a select to a textbox and then enter any value to test the server response and stuff like that.