Iframe on Iphone - url query params isn't working - iphone

I have multiple domains (ex. https://example1.com https://example2.com and so on.. ) that uses iframe from domain "https://iframedomain.com/controller-function". In this framed domain there is only few functionalities like change language and input number for finding things. iframe url is like this - <iframe src="https://iframedomain.com/controller-function/find?type=typeLv&lang=lv&id=11111111" sandbox="allow-scripts allow-forms"></iframe>
When I open on Chrome, Edge, Opera, everything works fine and iframe loads all the data with correct language but if I open via Iphone then it opens only iframedomain.com form with language selector and IMPORTANT - no data and language selected is US instead of provided LV in url param. Its like safari ignores url params because when I want to switch between languages it throws me on base domain https://iframedomain.com(without /controller-function)
I am using PHP8.1, Yii2 latest version and Nginx
Nginx config I added - add_header Content-Security-Policy "frame-ancestors self https://iframedomain.com";
location / {
try_files $uri $uri/ /index.php?$query_string;
}
Can anyone help me with this?

Related

nginx wildcard redirection configuration

I have a web application that is running on myhost.com
When a user clicks on any of the buttons on the page I want to redirect them to the same page hosted on a different server. So for example I want myhost.com/x/happy to redirect to uathost.com/x/happy
I am trying to use wild card so that every /x/* page is redirected appropriately.
I tried to use the below configuration but I still get a 404 from myhost.com when clicking on any of the buttons since myhost.com is not configured with those pages, thus my need for a redirect.
location ^~/r/ {
proxy_pass https://uathost.com/$1;
}
Well are you redirecting or proxying? The code you are showing is for a proxy to uathost.com not redirect.
For a redirect all should have to do is:
location /x {
return 301 https://uathost.com$request_uri;
}

The SoundCloud WordPress plugin generates mixed-content errors when viewing pages over HTTPS

Hello SoundCloud Team :)
When embedding SoundCloud items into WordPress via the SoundCloud Shortcode plugin, the iframe's src is set to w.soundcloud.com/player?url=.... Apparently, the correct URL is w.soundcloud.com/player/?url=... (with a trailing slash).
When the page is served over HTTPS, the iframe's non-trailing-slashed src's scheme is correctly set to https. However, the non-traling-slashed https URL is redirected to a trailing-slashed http URL, which causes a mixed-content error and prevents the embed from loading.
$ curl -IL 'https://w.soundcloud.com/player?url=https%3A//api.soundcloud.com/tracks/142702630&auto_play=false&hide_related=false&visual=true'
HTTP/1.1 301 Moved Permanently
Location: http://w.soundcloud.com/player/?url=https%3A//api.soundcloud.com/tracks/142702630&auto_play=false&hide_related=false&visual=true
...
HTTP/1.1 302 Found
Location: https://w.soundcloud.com/player/?url=https%3A//api.soundcloud.com/tracks/142702630&auto_play=false&hide_related=false&visual=true
...
HTTP/1.1 200 OK
...
One (or both) of the following would solve the issue.
Change the redirect to go to an https URL.
Update the plugin to point to the correct URL.
I dug around a bit and had found effectively the same answer on:
https://wordpress.org/support/topic/shortcode-does-not-work-with-website-ssl
I can say that if you are having an issue with SoundCloud on WordPress over SSL, add the '/' character as recommended and the problem simply goes away. That is, alter the URL in the soundcloud_iframe_widget() function to add '/' prior to the trailing '?' in
// Build URL
$url = 'https://w.soundcloud.com/player/?' . http_build_query($options['params']);
in the file
$WORDPRESS_HOME/wp-content/plugins/soundcloud-shortcode/soundcloud-shortcode.php
It worked fine for me.
add the '/' character as recommended and the problem simply goes away. That is, alter the URL in the soundcloud_iframe_widget() function to add '/' prior to the trailing '?
Thanks! that worked perfectly with chrome and safari, but I still have the issue with firefox. But doing that did the trick :
$url = 'https://w.soundcloud.com/player/' . '?' . http_build_query($options['params']);

server side redirect in classic ASP on IIS7

I'm trying to implement a simple 301 redirect from mydomain.com/page1.asp to mydomain.com/page2.asp. These are dynamically generated product pages of an ecommerce store, so they don't physically exist as files.
In Apache it's simple to do with .htaccess but all I found are ways to redirect static pages, that actually exist on the server, such as placing the code below in at the top of the existent file:
<%#LANGUAGE="VBSCRIPT"%>
<%
' Redirect to the new location with the correct 301 Moved Permanently status
Response.Status = "301 Moved Permanently"
Response.AddHeader "Location", "http://www.example.com/new-page.php"
%>
Is there a way to redirect a dynamically generated page in IIS7 using classic asp?
UPDATE
Based on the comments received, I need an URL rewrite module. #ZippyV suggested this one
You want to rewrite your URL requests instead of redirecting them.
IIS has a URL Rewrite module which you can download here. Another nice feature is that it can transform your outgoing html too.
More articles on how to use the IIS URL Rewrite Module: http://www.iis.net/learn/extensions/url-rewrite-module

Response.Redirect() vs Response.RedirectPermanent()

I am new to ASP.Net 4.0, and have seen a new feature called Response.RedirectPermanent(). I have checked a few articles, but I'm unable to understand clearly the actual meaning and difference of Response.RedirectPermanent() over Response.Redirect().
According to Gunnar Peipman,
Response.Redirect() returns 302 to browser meaning that asked resource is temporarily moved to other location. Permanent redirect means that browser gets 301 as response from server. In this case browser doesn’t ask the same resource from old URL anymore – it uses URL given by Location header.
Why do I need to check the server response such as 301, 302? And how does it get permanently redirected the page to the server?
301 response (RedirectPermanent) is very useful for SEO purposes. For example, you had a site implemented in ASP.NET WebForms and redesigned using ASP.NET MVC. You'd like to inform search engines that page /Catalog/ProductName.aspx becomes /products/product-name. Then you set 301 redirect from /Catalog/ProductName.aspx to /products/product-name and links in search engines' indices will be replaced. 302 (Redirect) is mostly for internal purposes. For example, the redirect after login (if returnUrl was set in URL).

Facebook desktop app (on browser) - login without hosting on a webserver

I am trying to develop a Facebook desktop app that runs on a browser (but not on a webserver). So strictly speaking, I am running a standalone webpage that is not in any domain. I am in need to find a suitable login solution for this.
Currently, Facebook authentication has to be redirected to another URI - the problem for me is that I am unable to get the access token from this redirected page (dialog/poup) because of cross-domain access issues. Is there a way across it?
Also, since I am running the page on a filepath (c:/wamp/www/facebook.html) rather than on a webserver, the "auth.login" events are not fired after authentication is done in the dialog. Is this expected behaviour as well?
Any help would be appreciated. Thanks!
Read up on FB Auth: http://developers.facebook.com/docs/authentication/
If your app is able to read iframe URLs (such as an AIR based app) then you can rely on using the Desktop App Auth Flow and reading the credentials from the response URL that Facebook hosts: https://www.facebook.com/connect/login_success.html#access_token=...
Use local web server and server it from http://localhost... There is planty of lightweight one for Windows (Abyss) as well as Unix (thttpd).
EDIT: It seems it is not possible using file:// urls. I tried this page:
<html>
<head>
<script>
function fbLogin() {
if (window.location.hash) {
alert("Access token is: "+window.location.hash);
} else {
window.location.href = "https://www.facebook.com/dialog/oauth?"
+ "client_id=54715426813&redirect_uri=file:///D:/Herby/Desktop/page.html&response_type=token";
}
}
</script>
</head>
<body onLoad="fbLogin();">
</body>
</html>
and oath dialog said
API Error Code: 191
API Error Description: The specified URL is not owned by the application
Error Message: Invalid redirect_uri: Given URL is not permitted by the application configuration.
which means, you must fill in the file:/// type url in you app config. I tried that, but it said me the protocol used must be http or https. So, bye-bye to facebook on file://
The only possibility for true desktop apps is to include web control that uses true http urls and somehow (through tiny embedded server or by some kind of hook and mocking) is able to use such an URL (or, as was pointed in other answer, you can use no redirection url and get redirected to default facebook result page). But that is not something you can do in a browser only.