I'm trying to display a graph using Google Charts API:
http://chart.apis.google.com/chart?chd=t:2,5,1,2,69,68,30,178,2,63,10,18,6&chl=Vercelli (2)|Torino+(ex+Pinerolo) (5)|Torino (1)|Milano (2)|Mantova (69)|Ivrea (68)|Genova+(ex+Chiavari) (30)|Genova (178)|Cuneo (2)|Brescia (63)|Bergamo (10)|Asti+(ex+Alba) (18)|Asti (6)&cht=p&chds=0,20&chs=400x200
This URL is working in all browsers except IE11. IE is complaining about the security certificate emitted for another site.
Try using the more recent URL http://chart.googleapis.com/chart instead, which certificate is trusted by IE (see https://trac-hacks.org/ticket/10279 ).
Related
How can you disable cookies set on youtube.com when using the YouTube IFrame Player API with privacy-enhanced mode videos played from the www.youtube-nocookie.com domain?
In the "Turn on privacy-enhanced mode" section in https://support.google.com/youtube/answer/171780?hl=en, it recommends using the www.youtube-nocookie.com domain to:
embed YouTube videos without using cookies that track viewing behavior.
This works well and doesn't set cookies as expected.
However, we use the IFrame Player API (with enablejsapi=1 on the embed params) which does set cookies. We see the following cookies set on the .youtube.com domain:
YSC
VISITOR_INFO1_LIVE
These get set as HTTP cookies from the Iframe Player API script at https://www.youtube.com/iframe_api (open a Chrome incognito window and view that script URL directly and inspect the cookies and you'll see the 2 above cookies set). I'm unsure what these cookies are exactly, but they look suspiciously like tracking cookies.
So, the fact that these are set before a user interacts with the video or takes any consenting action, means we can't use the IFrame Player API whilst still being GDPR compliant when it comes to the EU cookie directive.
So the question is, how can we use the IFrame Player API without it setting cookies?
Note: I've posted this with the tag youtube-iframe-api in the hope that Google with answer this as:
We support the YouTube IFrame API on Stack Overflow. Google engineers monitor and answer questions with the youtube-iframe-api tag.
(from https://developers.google.com/youtube/players/support)
I had a similar issue and decided to try using this script instead. However, so far, it doesn't seem clear from their docs how to achieve this without any cookies. Simply replacing https://www.youtube.com/iframe_api with https://www.youtube-nocookie.com/iframe_api results in a 404 error.
Based on this, I tried the below. This code creates a video player programatically and sets https://www.youtube-nocookie.com as the host. It does load the video and if you inspect it, you can see that no cookies get created initially; but if you start to play the video, https://www.youtube-nocookie.com sets a cookie called NID. In terms of setting cookies, this is the same result as loading a video via an iframe using www.youtube.com.
<div id="js-player"></div>
<script src="https://www.youtube.com/player_api"></script>
window.onYouTubePlayerAPIReady = function() {
new YT.Player(document.getElementById("js-player"), {
height: '315',
width: '560',
host: 'https://www.youtube-nocookie.com',
videoId: 'M7lc1UVf-VE'
})
};
https://jsfiddle.net/c9Lbksx6/
So it appears that no matter what you do, you will end up with at least 1 cookie when using the YouTube player API with JavaScript controls. Unfortunately, there doesn't seem to be an ideal solution to this at the moment.
I'm using powerbi-service-js to embed reports in my Angular 8 application. Until October 3rd, everything worked fine. I would log in to the url (https://login.microsoftonline.com/common/oauth2/token) and then make a request to the powerbi API to get the report token. But now, when using pbiService's embed function, I get the following error. I'm using DirectQuery to construct the report and Deploying the Application in Nginx.
That's the error on Chrome console:
Refused to display 'https://app.powerbi.com/tokenRefresh?ver=1570487269987' in a frame because it set 'X-Frame-Options' to 'sameorigin'.
ERROR DOMException: Blocked a frame with origin "https://app.powerbi.com" from accessing a cross-origin frame.
at e.retryTokenRefresh (https://app.powerbi.com/13.0.10956.175/scripts/reportEmbed.min.js:1:2245948)
at e.onTokenRefreshLoad (https://app.powerbi.com/13.0.10956.175/scripts/reportEmbed.min.js:1:2245770)
at HTMLIFrameElement.document.getElementById.onload [as __zone_symbol__ON_PROPERTYload] (https://app.powerbi.com/13.0.10956.175/scripts/reportEmbed.min.js:1:2245299)
And probably you are viewing this using Google Chrome browser? Because since the date you mentioned, it blocks mixed content. So check your URLs and make sure you do not use HTTP, but all of them are HTTPS. You can confirm this theory by viewing your app in another browser.
I am using AWS codestar to deploy by react application using serverless nodejs template. This is the url that is given by codestar after successfully completion of all the stages https://xxxxx.execute-api.us-east-1.amazonaws.com/Prod . This url displayed all the components in my app correctly. In navbar of my app i have items like this a ,b,c. where clicking on each one of them will redirect to a new component.(i.e.https://xxxxx.execute-api.us-east-1.amazonaws.com/a,https://xxxxx.execute-api.us-east-1.amazonaws.com/b etc. But when i refresh the page which is having a url like this https://xxxxx.execute-api.us-east-1.amazonaws.com/b i am getting a error like {"message":"Forbidden"} and in my console it is showing like this favicon.ico:1 GET https://xxxx.execute-api.us-east-1.amazonaws.com/favicon.ico 403
It seems the chrome is fetching the favicon based on the https link, which fails because there is no such favicon at the location. I tried to remove favicon.ico link in index.html but even then the chrome is using the same url to fetch the favicon which eventually fails. I followed max number of suggestions in SO to acheive this but no luck. Is there any way to say api-gateway to exclude these favicon get requests and display my app rather than showing message forbidden.
And i am pretty sure that i had enabled logs for both the agi-gateway and lambda where i didnt find any forbidden errors(i.e.403) which is weird because i can see those 403 errors in my console.
Thanks
Any help is highly appreciated.
The https://xxxxx.execute-api.us-east-1.amazonaws.com/Prod url provided by API Gateway is the base url for your site, so those paths would have to be /Prod/a instead of /a.
One way to get around that is to register your own domain and connect it to API Gateway via a custom domain. That would allow you to have https://example.com as your base url, and your paths could stay /a, /b, etc.
We have created a website which is served right now on Heroku. This website has a search bar in the navbar and I wanted to use Freefind search service for the backend. The search result I receive from it are all over the HTTP server and Heroku server will not load it.
I want them to work fine just as they work on localhost. What can I do?
The app is Django based and I tried to google custom search but it didn't work for me.
You can't load most HTTP content on HTTPS domains. Loading HTTP images is fine, but is still discouraged. This is called mixed content blocking, which is a browser's feature.
The only thing you can do is to find out if freefind's search service supports HTTPS. You can try changing the URL to https://search.freefind.com/... and see if it works. Or contact freefind and ask them if they support HTTPS. If they don't support HTTPS, you have to find a different company's search service.
Using the facebook graph you can get photo information as follows:
https://graph.facebook.com/20531316728
However the link they provide to actually grab the photos are not secure and use http:
http://profile.ak.fbcdn.net/hprofile-ak-snc4/174597_20531316728_2866555_s.jpg
Replacing http with https doesn't do the trick because you get a security warning:
https://profile.ak.fbcdn.net/hprofile-ak-snc4/174597_20531316728_2866555_s.jpg
Facebook is insisting that all apps use secure browsing and use https. However my app uses facebook photos, which cannot be accessed because they begin with http.
Does anyone know how to get around this problem?
I found the answer to my own question. You can add a parameter to get a the ssl parameter:
https://graph.facebook.com/20531316728&return_ssl_resources=1
I've never come across a way to ask the API for valid https versions of the images other than for profile pictures. That is done by https://graph.facebook.com/{userId/Name}/picture
Here's Zuck: https://graph.facebook.com/4/picture and https://graph.facebook.com/zuck/picture
If you're using the PHP SDK, this was a F***ing life-saver (where $album['cover_photo'] is the id of a photo):
$this->facebook->api($album['cover_photo'],'GET',array('return_ssl_resources'=>1));
Whenever i would simply add &return_ssl_resources=1 to the end of the query itself my server would throw a 500 error. I found another thread that showed that you can pass this argument in an array.