Firefox SDK: Redirect to ressource HTML denied - redirect

I'm trying to write a Firefox Addon with the Addon SDK to redirect some websites based on their URL. I have created a HTML page and put it in the data directory. I get the path with:
var data = require("sdk/self").data;
var myWebsite = data.url("myWebsite.html");
I'm using PageMod to start a script given an array of URLs:
pageMod.PageMod({
include: ArrayOfUrls,
contentScriptFile: "./myScript.js",
contentScriptOptions: {"myWebsite" : myWebsite}
});
In myScript.js I'm checking if some requirements are fulfilled and if so I try to redirect to my local website with:
window.location.replace(self.options.myWebsite);
But I always get the following error message in the console:
Object
- _errorType = Error
- message = Access to 'resource://myAddon/data/myWebsite.html' from script denied
If I enter the path to the local website (resource://myAddon/...) manually in the adress bar of the browser it works. If I redirect to another website (e.g. http://example.com/) it works as well.
So I guess there's a security setting or so I need to change to make the local redirect possible, but I can't find anything in the documentation or on the web. I hope somebody here can tell me what I'm doing wrong.

In package.json I had to add the following line to make it work:
"permissions": {"cross-domain-content": ["resource://myAddon/data/"]}
Further documentation can be read in link Noitidart provided in his comment.

Related

Troubleshooting QuickBooks Web Connector issue

Try to troubleshooting QuickBook's Web Connector by following helping URL: Click Me. When I try to Add an application into Web connector getting following error: "QBWC1048: QuickBooks Web Connector could not verify the web application server certificate. QBWC1051: The new application was not added"
QuickBook throws the 1048 error because it is unable to complete a GET request at the AppURL that specified QBFS.qwc file. This is because test.developer.intuit.com restricts GET requests via the SOAP API.
To get around this, include a parameter in the .qwc file, and set it to the same value as your AppURL without the URL path.
For example, if your AppURL is https://mycompany.cs1.force.com/services/Soap/class/myApiClass, then set CertURL to https://mycompany.cs1.force.com.
This is the solution suggested by the QBWC log file, and it worked for me.
Reference URL
I found I had this problem because my software was trying to load the file
http://developer.intuit.com/uploadedFiles/Support/QBWebConnectorSvc.wsdl
which no longer exists. :(
So I got a WSDL from
https://test.developer.intuit.com/QBWC/TroubleshootWebServiceFS/Service.asmx?wsdl
and put it in my Site's root directory, then changed my code to point there, and it worked.

How to load local files from user selected directory in chrome app

I am developing chrome app , in my app user can download external content to their local directory , to access user's file system i am using chrome.FileSystem API ,i can access user's local directory and i am also able to write downloaded content to their directory by keeping user selected directory to localStorage.
My problem is i want to open these files in main html file using either webview / iframe , it will be better if its possible with iframe but i am getting error in both cases -
to get full path i am using below code -
chrome.fileSystem.getDisplayPath(chosenEntry, function(path) {
console.log("path"+path);
// for now i am adding static path to it for testing purpose
var finalPath = path+'/folder/index.html'; //Here finalPath is a valid path , can be accessible from browser
});
if i load it using iFrame -
Refused to frame 'path' because it violates the following Content Security Policy directive: "frame-src 'self' blob: filesystem: data: chrome-extension-resource:".
When i tried using webview -
: The load has aborted with error -301: ERR_DISALLOWED_URL_SCHEME.
I have also tried by giving permission in manifest.json file -
"permissions": [
"file:///*"
]
Note : user may have number of downloaded content each with their own folder , so i have to open any of these according to user action.
It's not the most elegant solution, but running a web server inside chrome your chrome app and pointing the webview at the web server URL will work.

How to prevent access to the Hidden Directories like Scripts, Contents, aspnet_client from browser in a asp.net mvc application?

I want to prevent the user from accessing the Hidden Directories like Scripts, Contents, aspnet_client directly from the browser in a asp.net mvc 2 application. Currently whenever I try to access the above mentioned Hidden Directories it is returning the following error message:
403 - Forbidden: Access is denied.
You do not have permission to view this directory or page using the credentials that you supplied.
I want to show "404 Not Found" error page whenever one tries to access the above mentioned hidden directories.
Can anyone help me with to resolve this issue?
When attacker try to access the file with some random name, if given file name not exists then it will give error like "404 File not exists". if file name exists but don't have access to file then it will return error like "403 Forbidden" error. so attacker get idea of the file and file directory.
So the application should be capable of handling this issue
Solution is to show the return response in different way, recommended to show as 404 error.
To do this in IIS we can add customerError configuration in the web.config file.
Please check the below article for the details of issue and solution.
https://www.c-sharpcorner.com/UploadFile/092589/custom-error-page-in-Asp-Net/
You may want to add custom handler - something like this - http://forums.asp.net/post/4152906.aspx

CakePHP Facebook plugin error in HTTPS not in HTTP

I have set up the facebook plugin like the instructions.
Downloaded package and installed in app/plugins/facebook
Created app/config/facebook.php with my app's id, key and secret numbers, based on the example config file
Included $helpers = array('Facebook.Facebook') in my app_controller.php
Echoed the $this->Facebook->html() function in my layout (replcing the default html tag)
Echoed the $this->Facebook->init() function at the bottom of the layout, before
I run this code:
echo $this->Facebook->share('link');
If I go to: http://myhomepage.com it works but if I go to the same with HTTPS I just get a text share. In IE 10 and Chrome I get a Not safe content error. If I accept it it works.
How do I run it over SSL? I have bought the certificate, so it is valid and not a home-made self-signed one. I am running Cake PHP version 2.
I have tried to search the web, but I just find problems with the login function and not with the share button.
Please follow the below links for reference.
http://www.afbtemplates.com/tutorials/common-problems-facebook-secure-connections
http://developers.facebook.com/blog/post/497/
Do I need to support ssl on my site that allows login through facebook connect

MVC JavaScript Form posting issue

I Have an issue where the following code works when run in Visual Studio however I get a "The resource cannot be found." error when I deploy to the test server.
The JavaScript:
var form = document.forms[0];
form.action = '/NCR/CreateSaveNCR';
form.submit();
The Controller Code:
[HttpPost]
public ActionResult CreateSaveNCR(viewModels.NCRCreateViewModel model)
I have no idea what the issue is. Thanks..
if the resource cannot be found, and the code is identical, then it might be a path issue, is the web address http://yourdomain.com/NCR/CreateSaveNCR? or is it in a folder underneath that? You also might (uncommonly) have to restart the IIS process to get it to take in new routing info (rerun global.asax's app_start).
If you deploy to a virtual directory it will need to be included as part of the mvc url path.
Another possibility is that the file exists in the directory in dev but is not included as a project file and is left out of the "publish" deployment method if you push changes to your staging environment using that mechanism.
Never hardcode urls. Always use url helpers when dealing with urls:
form.action = '<%= Url.Action("CreateSaveNCR", "NCR") %>';