I successfully used map.locate() in my app.
Now I would like to customize the default popup of the browser, specifically sending my own message explaining to the user why the site is asking the permission to get the position.
I would like to avoid using another popup before asking the locate to explain that.
I didn't see that kind of setting in the API doc, Is it possible to pass a custom message?
thanks
As you said yourself, this message isn't coming from Mapbox, or Leaflet but straight from the browser. From the navigator.geolocation API to be specific. The docs for the API (on MDN) state:
Note: For security reasons, when a web page tries to access location information, the user is notified and asked to grant permission. Be aware that each browser has its own policies and methods for requesting this permission.
https://developer.mozilla.org/en-US/docs/Web/API/Navigator/geolocation
I'm fairly sure no browser will let you change their dialog. Securitywise it's best to be consistent towards users, so that everytime they get a dialog it looks familiar to them. Styling or changing the content of a dialog is confusing. If you want supply extra info about why you use geolocation you'll need to find another way to relay it towards your users.
Related
I am in the process of building a touch screen photobooth where users will take pictures, add graphics, etc in Adobe AIR. At the end of the process, they will get to email themselves the picture, share the picture on Facebook, and share it on Twitter.
I am using this tutorial: http://tv.adobe.com/watch/adc-presents/oauth-in-adobe-air-applications-built-with-flash-or-flex/ to figure out how to get oAuth to work in AIR. But it seems simple. Just load the authorization request URL into AIR's equivalent of an iFrame.
The tricky part is that there will be no physical keyboard on site. For all text input, we designed an onscreen keyboard. Programming an on screen keyboard in AS3 is pretty easy. But we don't have access to the text fields within the AIR HTML/Browser wrapper so we can't manually add characters to the input strings...
Is there any workaround we can implement for this? Adding a physical keyboard is unfortunately out of the question.
I realize this is 5 months old, but I was working on something similar for a client this evening and ran across your question. I also wanted to omit the need for a system level onscreen keyboard, or a physical real world keyboard, just wanted to use a Flash/AIR based keyboard completely under control of the app via the attached touch screen.
I came up with a hacky way to do this all in Flash/AIR and it works for any oAuth dialog (with some caveats). I've got it working as a test for Facebook and Twitter oAuth permission pages just this evening. It requires that you use a StageWebView for the display of the oAuth dialog and some JavaScript injection via loadUrl method of StageWebView. Using the stageWebView, setting up a listener for the Complete event on the load of the oauth permission page in your StageWebView is the first step.
Next step, is once its loaded and the complete event fires, in your complete handler, you can then inject javascript directly into the page via the StageWebView reference, and then via that function set up communication to populate the fields dynamically from your AS3 on screen keyboard or other function. For example, to populate the username field in Twitters oAuth permission page, you could do this:
webView.loadURL("javascript: form = document.forms[0]; form['username_or_email'].value='your_username';");
That populates the username field in Twitters oAuth permission page.
So you could inject a function into the page, which you could then call from ActionScript to pass in key presses from your virtual onscreen keyboard, or completed strings, to populate the proper fields. That is the only tricky part, identifying the form and field names in the source of the oAuth pages ahead of time. So far Twitter and Facebook look pretty straightforward to identify, but of course could break at anytime, a little regexp could help make sure they are correct. Only problem I see here beyond that would be if the field names changes dynamically for security purposes, but from a quick glance at twitter and facebook at least they don't appear to do that. Other oAuth pages may or may not, YMMV.
There is a useful library for working with StageWebView that might be helpful in doing some of this communication - take a look here: http://code.google.com/p/stagewebviewbridge/wiki/Communication
In any case, that is the overall approach, leverage StageWebView, and then dynamically inject your own JavaScript function to handle passing in the value to the fields from your onscreen keyboard, or simply populate the fields directly with code similar to the above. Hope this helps anyone out there attempting something similar.
Wanted to add that I came up with this approach because it was/is a requirement to allow a user to do this directly on the exhibit I am working on, but my personal preference would be to simply collect a users email address, or phone number, and have the interactive send them an email or SMS message to their own device, which they could then easily share more safely and securely. Another solution would be to display a QR code, a user could snap and quickly resolve to share more securely - I prefer those approaches, but the above will do the trick for users willing to enter in their credentials in a public place. Make sure you have time outs on the session and properly logout users credentials for subsequent users, otherwise bad things are guaranteed to occur.
I've recently installed the browser plugin Disconnect to keep Facebook, Twitter and Google from recording my browser history as I use the regular web while still letting me use those services when I choose to.
Can anyone explain how Disconnect works?
I'm interested in how it works to understand where my web experience might be changed or compromised and as an intellectual curiosity about what these sites are doing and how it can be blocked.
There are detailed descriptions of what our extensions do in the extension galleries (and someday soon, our site), e.g.:
https://chrome.google.com/webstore/detail/jeoacafpbcihiomhlakheieifhpjdfeo
More technically, all our extension code is open source (and well commented and otherwise readable, if I do say so myself):
https://github.com/disconnectme
I'm only guessing, but to track you, google, facebook and twitter send you a cookie to identify you. Then if you browse the web a display page that contain an adsense banner, a g+1 button an analytic script, a facebook/twitter widget, google , facebook and tweeter access this cookie.
So to prevent them to record your browsing, maybe the addon filter the cookie sent in http request or filter google/fb/twitter script/iframe/url from the viewed page.
Hope this could give you a hint.
Regards
I've messed around with FBML (deprecated, I know) and the newer HTML5 code to no end, but so far I haven't found any way to do what I'm looking to do.
When using "apprequest" within an application on Facebook (within iframe), I can allow users to share requests to join the app, but those messages that get sent are very hidden away. They don't seem to appear in the newsfeed for shared recipients, and we're afraid users won't see the request from their friends.
Instead, we thought we'd allow users to alternatively share to their friends with the "send" button code that Facebook offers up. This allows us to specify a URL (we were thinking the app canvas URL or page tab it would live on).
So far, this is all I could generate...
Is there any way to have the send code let me specify that we want faces with checkboxes for uses to select their friends, instead of a sharing party needing to type out names of their friends by hand? There's got to be some easy way of doing this.
Stop me if you think I'm going in the wrong direction on this. Maybe there's a better way that I'm simply not thinking of.
Here's an example of the checkbox functionality I'm referring to...
This violates the browser security model and also Facebook's policies, you can include a to parameter with the send dialog to preselect one recipient, but you can't modify the browser DOM because the Facebook dialog is in an iframe
I'm attempting to develop my first Facebook app that is designed to allow clients of our website to sell tickets to their events from their Facebook page as well as from our website. So when the administrator of a Facebook page adds our app as a page tab, I need to be able to find out who they are so I can load the relevant event data. There also needs to be additional include/exclude configurations and various other options, which will affect the behaviour of the app.
So my question is how is this situation best handled? When playing around with a basic sandboxed app, I seem to be able to just add the app directly to a page; there is no prompt for configuration, and I can't see any way of defining custom properties.
Is the 'edit_url' property the only way to achieve this? If so, is there a way of automatically directing the page admin to this link upon initial use?
Decoding the signed request recieved in your page will give you more insight.
From this you can retrieve page admins' UID's.
You'll need to manage the rest on your side...
In order to get the user id the user will have to grant your application basic permissions.
I'm currently doing a somewhat similar app and, just like Lix said, I used the signed_request variable to detect the page where the tab is installed. Then, based on the page's ID, I retrieve the proper content.
To also give your users an admin page, add a Page Tab Edit URL in your app configuration where you can redirect your users to a custom panel where they can edit their app.
I'm trying to programmatically create an application in Facebook. I can do that with this:
https://www.facebook.com/connect/create_app.php?api_key=[key]&name=app_name
However, there's always a popup that says "Allow [Root App] to integrate Facebook functionality for you?" ... OK.
Is it possible for the "Root App" to create the application on the user's behalf without the popup via some previous permission which they have allowed, like stream_publish ...etc or maybe a session_token or ??
Someone said I can create child apps via "admin.setAppProperties" but couldn't get it working. I've also tried "FB.Connect.createApplication" and "Facebook.createApplication" but also failed.
Can anyone help? Maybe with some sample code.
There used to be an API for this but I think it has been discontinued. You can see if you can hack it together from the information available here:
http://blog.programmableweb.com/2009/10/15/facebook-lets-you-easily-integrate-into-sites-and-widgets-with-new-create-application-api/
Child applications (I believe they called them 'fourth party applications') intentionally need user interactions to create.
The documentation for https://www.facebook.com/connect/create_app.php?api_key=[key]&name=app_name is scarce to none. Are you able to access the API key of the newly created application somehow? Or set further app settings such as site-url?
I'm thinking you would need the user's permission to view /accounts then monitor before/after state to detect which one was created.
Is it possible for the "Root App" to create the application on the
user's behalf without the popup via some previous permission which
they have allowed, like stream_publish ...etc or maybe a session_token
or ??
If you create a Facebook application that only pulls someone's profile information, and then you add new functionality that allows it to automatically post on people's walls; you would have to require the user to re-authenticate themselves to give you those extra permissions.
It's hard to understand what you meant by that question.