How to get filepicker and turbolinks to play well together? - filepicker.io

I develop a web app with rails 3.2, turbolinks and Filepicker.io
I loade the API key like this (coffeescript). I think $(document).ready is enough, as the filepicker script get loaded once on the first request.
$(document).ready ->
filepicker.setKey "MY_KEY"
I load Filepicker with the following (coffeescript).
I should note that I use the jquery-turbolinks gem, which builds the support for turbolinks right into jquery.
jQuery ->
$("#publications_bulk-new #upload-button").on "click", ->
form = $(this).closest('form')
filepicker.pickAndStore
When I visit the page directly, filepicker works as expected.
However, when I visit the page using a turbolink request I cant upload any file.
I can open the form, browse in Dropbox etc.
But When Uploading, I see the following error message in red:
Cannot send results to the applicaiton. Sorry about this, it's our fault. Please close this window and try again.
Trying again does not help.
I checked the console of Chrome 28.0 for any error messages and found this:
Blocked a frame with origin "https://www.filepicker.io" from accessing a frame with origin "http://placeholder.library.dev". The frame requesting access has a protocol of "https", the frame being accessed has a protocol of "http". Protocols must match.
main.js:7
u main.js:7
l main.js:7
i.uploadFiles main.js:7
v.onFileDrop main.js:7
r lodash.min.js:6
(anonymous function) main.js:7
Uncaught Communication iframe not found main.js:7
u main.js:7
l main.js:7
i.uploadFiles main.js:7
v.onFileDrop main.js:7
r lodash.min.js:6
(anonymous function)
Update 2013-07-29 "Protocols, domains, and ports must match"
I pushed the current code to my production environment, as the message suggests this depends on the missing SSL encryption of my (development) page.
Unfortunately, this is not the only problem
Blocked a frame with origin "https://www.filepicker.io" from accessing a frame with origin "https://jkreutz.mylibrar.io". Protocols, domains, and ports must match. main.js:7
u main.js:7
l main.js:7
i.uploadFiles main.js:7
v.onFileDrop main.js:7
r lodash.min.js:6
(anonymous function) main.js:7
Uncaught Communication iframe not found main.js:7
u main.js:7
l main.js:7
i.uploadFiles main.js:7
v.onFileDrop main.js:7
r lodash.min.js:6
(anonymous function)

TL;DR - Workaround: Use traditional javascript file inclusion in the body, and be careful about when you call filepicker.setKey(...).
I'm working with a Rails 4 app with Turbolinks enabled, and I'm encountering similar problems with Filepicker when the page containing the filepicker is loaded a second (or more) time via turbolinks. I've tried both traditional and async js, and each has its own way of breaking.
When using the "advanced" (async js) method, the failure is the nasty message:
Cannot send results to the application. Sorry about this, it's our
fault. Please close this window and try again.
And javascript console errors of Blocked a frame with origin ... and Uncaught Communication iframe not found (in Chrome).
I'm pretty sure this is caused by the iframe that gets added to the body by the js when it is first loaded being clobbered when the page body is changed (by turbolinks) and never added again on the second turbolinks page load.
With the traditional js approach, the order of things is very finicky. If I just have the traditional js included on the page, and then the filepicker.setKey(...) afterwards on the page, the second page load results in Uncaught FilepickerException: API Key not found. However, if I'm sure to call .setKey() later on (like when the picker is invoked), it seems to work. (The communication iframe appears to be created again on the page with the traditional js method.)
I've written to the Filepicker support about this, and hopefully the come out with a recommended / documented approach for this (as they appear to be keen on rails...).

I could not get stevo's answer to work. I thought that maybe using data-turbolinks-permanent on the communication iframe would work, but alas Turbolinks expects the incoming page body to also have said iframe elements.
The solution we ended up using was this:
// Filepicker.js does not play well with Turbolinks. It needs a communication
// iframe loaded on every page load. Unfortunately there is no accessible API for
// removing Filepicker's iframes. This solution copies the iframes over to the
// incoming body for filepicker to continue using on each new page request.
document.addEventListener("turbolinks:before-render", function(event) {
event.data.newBody.appendChild(document.querySelector('#filepicker_comm_iframe'));
event.data.newBody.appendChild(document.querySelector('#fpapi_comm_iframe'));
});

Related

TYPO3 Core exception: "Id was out of domain" instead of Error 404

because of some alterings in the page structure many of our pages changed the pid. It does not matter in SEO terms because of speaking urls but there are a bunch of third party links with wrong pids, e. g.:
https://www.myDomain.de/index.php?id=46&no_cache=1&sword_list[0]=someWord
The page with uid 46 exists but is not the meant one, and it now resides under a different domain. So the result is the following exception:
Core: Exception handler (WEB): Uncaught TYPO3 Exception: #1518472189:
ID was outside the domain | TYPO3\CMS\Core\Error\Http\PageNotFoundException
thrown in file typo3/sysext/frontend/Classes/Controller/ErrorController.php
in line 80. Requested URL:
https://www.myDomain.de/index.php?id=46&no_cache=1&sword_list[0]=someWord
My question:
Can i tell TYPO3 not to throw an exception but to treat all Outside Domain Events simply as 404 with a redirect to the error page?
thanks!
Should be possible by ading an 404 error handling in Site Management module:
Site Management -> Sites -> Yoursite -> Tab "Error hanling" -> Create new
Showing your 404-page with the correct status code in that case is in my experience unfortunately not too obvious.
The simplest for ?id=... with deleted/moved pages (which because of that do not map to the correct site) is to do redirects to useful pages with EXT:redirect or on the webserver level.
That's an example with EXT:redirect:
If there's nothing comparable in the new content that you could redirect to, you can show your 404-page, e.g. by a passthrough ([PT] with Apache mod_rewrite https://httpd.apache.org/docs/2.4/mod/mod_rewrite.html). You should make sure to send a 404 status in that case. (E.g. through .htaccess, a userFunc on the 404-page, ...).
I hope somebody else has a simpler idea.

FlowRouter Reload Doesn't Route

I'm using FlowRouter. If I start on the homepage everything works well. I can work through the routes (change the pages) without problem. However, if I hit refresh in the browser, I get a series of errors. My url looks like this:
/story/586d536e34821281735b53a4
The ID is being returned in console under the following method:
Tracker.nonreactive(function(){
I think the subscription is being completed, so I'm a little confused as to why reloading a url is different than loading from the home page.
What am I not understanding here?
Reloading a url will make a HTTP request to server to get all the application source. Whereas navigating to a route from another one does not make any HTTP requests to get the application source because they are already available (they were loaded from the previous route), in this case the router will just get the appropriate content and render on the page. This is normal behaviour for Meteor apps and all other single-page apps
The error you encounter is because your data is not yet available on client, to fix it you could simple use a placeholder if the value is undefined.

The channel file and CDN

My main javascript (and so all the static content) is included from https://static.anuary.com. The URL that user is browsing is https://dev.anuary.com/somepath/.
Where does the channel file need to be, dev.anuary.com or static.anuary.com? At the moment it is http://static.anuary.com/channel.html.
I am asking because I am still getting the error that says:
Unsafe JavaScript attempt to access frame with URL
https://www.facebook.com/dialog/oauth?access_token=[..]&api_key=[..]&app_id=[..]&client_id=[..]&display=popup&domain=dev.anuary.com&locale=en_US&origin=1&redirect_uri=http%3A%2F%2Fstatic.ak.facebook.com%2Fconnect%2Fxd_arbiter.php%3Fversion%3D6%23cb%3Df3ac7a0544%26origin%3Dhttp%253A%252F%252Fdev.anuary.com%252Ff373e908a8%26domain%3Ddev.anuary.com%26relation%3Dopener%26frame%3Df312def42c&response_type=token%2Csigned_request&scope=email%2Cuser_birthday%2Cuser_likes%2Cuser_interests%2Cpublish_stream&sdk=joey
from frame with URL
http://dev.anuary.com/658fe23c24564ac978c31d167549c4ce8b36686d65a78ad99bfb38765d46e232/.
Domains, protocols and ports must match.
In response to #dtbarne:
Well, that's the thing – I still don't know, because I've tried bowth ways and any in case it produces the same error:
Unsafe JavaScript attempt to access frame with URL
https://www.facebook.com/dialog/oauth?access_token=[..]&api_key=[..]&app_id=[..]&client_id=[..]&display=popup&domain=dev.anuary.com&locale=en_US&origin=1&redirect_uri=http%3A%2F%2Fstatic.ak.facebook.com%2Fconnect%2Fxd_arbiter.php%3Fversion%3D6%23cb%3Df1ee31b93%26origin%3Dhttp%253A%252F%252Fdev.anuary.com%252Ff9359b2f%26domain%3Ddev.anuary.com%26relation%3Dopener%26frame%3Df18e94f9c4&response_type=token%2Csigned_request&scope=email%2Cuser_birthday%2Cuser_likes%2Cuser_interests%2Cpublish_stream&sdk=joey
from frame with URL
http://dev.anuary.com/658fe23c24564ac978c31d167549c4ce8b36686d65a78ad99bfb38765d46e232/.
Domains, protocols and ports must match.
As you said yourself, this error is not fatal, and is meant is a warning to the user that something fishy might be happening.
Facebook also marked this issue as By Design in their bugs system: Bugs > Unsafe JavaScript attempt to access frame with URL....
Also, there are plenty of threads here on stack overflow about this, for example: Facebook Authentication - Unsafe JavaScript attempt to access frame with URL.
Now that we know that this "error message" is unavoidable, use the channel as you wish, as long as everything works for you.
You don't even need to use the channel, as it states in the documentation:
The channelUrl parameter is optional, but recommended. Providing a
channel file can help address three specific known issues. First,
pages that include code to communicate across frames may cause Social
Plugins to show up as blank without a channelUrl. Second, if no
channelUrl is provided and a page includes auto-playing audio or
video, the user may hear two streams of audio because the page has
been loaded a second time in the background for cross domain
communication. Third, a channel file will prevent inclusion of extra
hits in your server-side logs. If you do not specify a channelUrl, you
can remove page views containing fb_xd_bust or fb_xd_fragment
parameters from your logs to ensure proper counts.
But it also states that:
The channel file addresses some issues with cross domain communication
in certain browsers.
So it's up to you to decide.
I personally recommend to use the channel and to serve the file from your regular server and not from the static servers.
You should however set the output to have a long caching expiration date so that your server won't get a lot of requests for this file, as they mention in the JS SDK documentation page:
<?php
$cache_expire = 60*60*24*365;
header("Pragma: public");
header("Cache-Control: max-age=".$cache_expire);
header('Expires: ' . gmdate('D, d M Y H:i:s', time()+$cache_expire) . ' GMT');
?>
<script src="//connect.facebook.net/en_US/all.js"></script>
(php example, but can be done with any language).
Hope this answers clarifies things for you.
Sounds like you know the answer already. It has to be on dev.anuary.com. The purpose is to allow for communication between FB and the URL the user accessed.
The channel file should be places on the server / address the user visits, as the channel file is used to fix some cross-site javascript errors. If the user is always accessing your website using HTTPS, then you should reference the channel file using HTTPS as well as any other content.
The channel file itself should stay as <script src="//connect.[..], but make sure all your static content and JS Includes all have https in them.

Request Dialog CRASHED?

Recently, Facebook has updated the component "request dialog" assigning responsibility to the exclusion of requests to the developers (http://developers.facebook.com/docs/reference/dialogs/requests#deleting). He also made other adjustments to the format of the request id. Thus added configuration option "request 2.0 efficient" on menu of the application developer.
The problem started after this change , the component "request dialog Multi - Friend- Selector" is in serious trouble. The component is crashed while trying to load friends. Sometimes friends loads, but the component does not resize height.
See the image of the errors:
Crashed before load friends:
http://postimage.org/image/glk2mf3bb/
Resize fail
http://postimage.org/image/iobduhn41/
In chrome browser component generates the following error:
s-static.ak.facebook.com/rsrc.php/v1/yS/r/syXGEAW5WYH.js:36 Uncaught TypeError: Cannot read property 'origin' of undefined
In firefox generates following error:
Erro: Permission denied to access property 'DocRPC'Arquivo-fonte: https://s-static.ak.facebook.com/rsrc.php/v1/yS/r/syXGEAW5WYH.js Linha: 36
Can you reproduce the error with the code itself Documentation
http://developers.facebook.com/docs/reference/dialogs/requests
Help please.
Seeing same errors here, but I can add some info:
It does seem to work if you use the basic example in https://developers.facebook.com/docs/reference/dialogs/requests, which opens up the dialog in a new browser window.
In Chrome, I found an additional error message to the one you posted:
"Unsafe JavaScript attempt to access frame with URL [...] from frame with URL [...]facebook.com/dialog/apprequests. Domains, protocols and ports must match."
From all that I guess the error may be related to the dialog display mode (read https://developers.facebook.com/docs/reference/dialogs). Within my app, I am getting this error exactly as you do, unless I set display to something like 'popup', in which case everything works (but a new borwser window is opened). The docs do state that "Because of the risk of clickjacking, [iframe] is only allowed for some certain dialogs, and requires you to pass a valid access_token." Well, passing access tokens did no good for me.
Little question: are you using some toolkit like GWT?

GWT - gwt.codesvr= tag being removed

I'm working on a GWT application.
I wish to debug the client side Java code.
I start up the application from Eclipse in debug mode.
The app starts in the browser with the gwt.codesvr= set correctly.
I can debug at this stage.
The app then redirects to the a different jsp page.
The gwt.codesvr= parameter in the URL is dropped.
The app uses History.newItem("xx") quite a bit (as described in http://code.google.com/webtoolkit/articles/mvp-architecture.html#history)
The problem is that I can't now debug the client side code.. as the
gwt.codesvr= parameter has been dropped from the URL.
When I attempt to add it back in, the app History handling code runs,
and the parametes is immediately dropped again.
I checked this on another PC and the same behaviour occurs.
I checked in Chrome and IE8 and the same..
What is the solution ?
Thanks A million,
Fergal.
History.newItem() keeps the query string intact (in this case, the ?gwt.codesvr=... part), so these calls shouldn't be the problem here.
You say, that the app redirects to a different jsp page. Find out, how it does that - it may use something like Window.Location.replace(newURL). Make sure, that newURL contains the gwt.codesvr=... part in its query string.
If the server performs a redirect itself (e.g. if it redirects after a POST request), then make sure, that the server adds the query string in the redirect URL. (You will probably have to submit your codeserver URL with the POST parameters in this case - because this is a client-side concept, and the server cannot simply guess it.)