I've looked through several posts asking about this issue, but I have not been able to resolve it - and the error message I'm now getting makes no sense to me.
I have TinyMCE added to a text area as follows:
tinyMCE.init({
theme : "advanced",
mode : "textareas",
relative_urls: true,
plugins : "inlinepopups",
theme_advanced_statusbar_location : 'bottom',
theme_advanced_resizing : true,
theme_advanced_path : false,
theme_advanced_resizing_min_width : 600,
theme_advanced_resizing_max_width : 800
});
When I open the page, it gives me the following error:
Unsafe JavaScript attempt to access frame with URL http://www.mysite.com/mypage from frame with URL http://www.mysite.com/js/tiny_mce/themes/advanced/link.htm. Domains, protocols and ports must match.
From what I can tell, this error is caused if you try to access JavaScript across domains. However, the domains appear to be the same (the only thing I changed was the actual site name and the actual page - the rest is copied letter for letter).
In the file tiny_mce_popup.js I have added document.domain = 'www.mysite.com'; as per some suggestions, but it does not seem to help. If I add it to tiny_mce.js, I get an error that I have an invalid document.domain value.
Any suggestions or ideas would be appreciated.
EDIT
The script tag where I include TinyMCE is:
<script type="text/javascript" src="http://www.mysite.com/js/tiny_mce/tiny_mce.js"></script>
This might allply to you too: Tiny MCE popups blank in Django admin
Athother reason for your issue might be that your webserver (e.g.: Apache) is not configured be configured to serve static media files from your media_url.
Related
We're using Piranha CMS with the following setting:
<prefixlessPermalinks value="true" />
However this breaks individual posts urls generated using the Permalink helper e.g.
#UI.Permalink(post.PermalinkId)
With prefixlessPermalinks set to False this would normally be the url that is generated: /home/1st-test-blog-entry
With prefixlessPermalinks set to True the url generated becomes:
/1st-test-blog-entry (the "home" has been removed as it's prefixless)
Following a prefixless url generates the following exception:
System.Web.HttpException: Cannot use a leading .. to exit above the
top directory.
Any ideas how to circumnavigate this issue?
Attempted workarounds:
I manually prefix "/post" to the permalink generated then I added the following route mapping which catches the request:
routes.MapRoute(
name: "Post",
url: "post/{permalink}",
defaults: new { controller = "Post", action = "Index", permalink = UrlParameter.Optional },
namespaces: new[] { "Maps.Portal.Controllers" }
).DataTokens["UseNamespaceFallback"] = false;
The following controller catches the request:
public ActionResult Index(string permalink)
{
var model = GetModel(permalink);
return View(model.GetView(), model);
}
But fails as the readonly SinglePostController.CurrentPermalink property isn't being populated and so causes Piranha CMS to throw an exception. It may be interesting to note that this controller fires correctly when the draft version of the post is being viewed as the CurrentPermalink is being populated by the CMS.
After experimentation I can confirm that the issue isn't with Piranha CMS, but with the MVC shared layout. Still trying to track it down, but stripping out everything apart from the CMS content allows the post page to be shown.
Update:
I finally tracked it down to multiple uses of #Url.Content(url). Very bizarre as all seem to be valid urls e.g. #Url.Content("~/Content/images/ios/57x57iOS.png"). Once these were all removed then the page would render correctly!?
Discovery:
This issue turned out to be a development environment only issue for me...
Running the site in Visual Studio Development Server from VS2012 results in this error, but once the web application was deployed to IIS8 the issue disappeared.
I can't reproduce your error with either MVC or Web Pages, in fact we use prefixless permalinks in almost all live installations I've deployed. I started up the MVC template, installed a fresh database and added a post with your specified title/permalink and it shows up without issues with prefixless permalinks.
How have you set up your installation?
Regards
/Håkan
The piece of code for a firefox pagemod here doesn't work on every facebook page:
var pageMod = require("sdk/page-mod");
pageMod.PageMod({
include: /.*facebook.*/ ,
contentScript: "window.alert('Page matches ruleset');",
contentScriptWhen: 'end'
});
I s there any misinterpretation I have about the include part?
I have also tried "*fecebook.com" and still sometimes I don't get the alert command executed
Example:
for example for both the above solutions when i manually use the address bar to go to fecebook.com it works but when I use fecebook's home button which again goes to facebook.com it doesn't work
It doesn't hurt to be as precise as you can be with the regular expression you use:
var pageMod = require("sdk/page-mod");
pageMod.PageMod({
include: /^http[s]*\:\/\/.*facebook.com\/.*/,
contentScript: "window.alert('Page matches ruleset');",
contentScriptWhen: 'end'
});
The other factor I noticed when testing this on Facebook.com is that a lot of the time a change in the page url does not necessarily mean the page is being completely reloaded. The contentscript code in your example will only file when the page is initially loaded. If you want to react to changes in the url regardless of page loads, you might need to monitor the html5 history api in your content script and then react to those changes as well.
I'm trying to include a simple Like button on my page using HTML 5. I'm including the Javascript SDK on my page like mentioned in the docs but I get a 404 error on the URL. "//connect.facebook.net/en_US/all.js"
Here's my code : http://snipt.org/ujEg8
Here's the channel file code : http://snipt.org/ujEh4
I don't understand whats going on. Please help.
Thanks
smaira
You most likely just need to add the right protocal before the // call, for example:
http://connect.facebook.net/en_US/all.js
See here for more info on the real issue: Is it valid to replace http:// with // in a <script src="http://...">?
My main javascript (and so all the static content) is included from https://static.anuary.com. The URL that user is browsing is https://dev.anuary.com/somepath/.
Where does the channel file need to be, dev.anuary.com or static.anuary.com? At the moment it is http://static.anuary.com/channel.html.
I am asking because I am still getting the error that says:
Unsafe JavaScript attempt to access frame with URL
https://www.facebook.com/dialog/oauth?access_token=[..]&api_key=[..]&app_id=[..]&client_id=[..]&display=popup&domain=dev.anuary.com&locale=en_US&origin=1&redirect_uri=http%3A%2F%2Fstatic.ak.facebook.com%2Fconnect%2Fxd_arbiter.php%3Fversion%3D6%23cb%3Df3ac7a0544%26origin%3Dhttp%253A%252F%252Fdev.anuary.com%252Ff373e908a8%26domain%3Ddev.anuary.com%26relation%3Dopener%26frame%3Df312def42c&response_type=token%2Csigned_request&scope=email%2Cuser_birthday%2Cuser_likes%2Cuser_interests%2Cpublish_stream&sdk=joey
from frame with URL
http://dev.anuary.com/658fe23c24564ac978c31d167549c4ce8b36686d65a78ad99bfb38765d46e232/.
Domains, protocols and ports must match.
In response to #dtbarne:
Well, that's the thing – I still don't know, because I've tried bowth ways and any in case it produces the same error:
Unsafe JavaScript attempt to access frame with URL
https://www.facebook.com/dialog/oauth?access_token=[..]&api_key=[..]&app_id=[..]&client_id=[..]&display=popup&domain=dev.anuary.com&locale=en_US&origin=1&redirect_uri=http%3A%2F%2Fstatic.ak.facebook.com%2Fconnect%2Fxd_arbiter.php%3Fversion%3D6%23cb%3Df1ee31b93%26origin%3Dhttp%253A%252F%252Fdev.anuary.com%252Ff9359b2f%26domain%3Ddev.anuary.com%26relation%3Dopener%26frame%3Df18e94f9c4&response_type=token%2Csigned_request&scope=email%2Cuser_birthday%2Cuser_likes%2Cuser_interests%2Cpublish_stream&sdk=joey
from frame with URL
http://dev.anuary.com/658fe23c24564ac978c31d167549c4ce8b36686d65a78ad99bfb38765d46e232/.
Domains, protocols and ports must match.
As you said yourself, this error is not fatal, and is meant is a warning to the user that something fishy might be happening.
Facebook also marked this issue as By Design in their bugs system: Bugs > Unsafe JavaScript attempt to access frame with URL....
Also, there are plenty of threads here on stack overflow about this, for example: Facebook Authentication - Unsafe JavaScript attempt to access frame with URL.
Now that we know that this "error message" is unavoidable, use the channel as you wish, as long as everything works for you.
You don't even need to use the channel, as it states in the documentation:
The channelUrl parameter is optional, but recommended. Providing a
channel file can help address three specific known issues. First,
pages that include code to communicate across frames may cause Social
Plugins to show up as blank without a channelUrl. Second, if no
channelUrl is provided and a page includes auto-playing audio or
video, the user may hear two streams of audio because the page has
been loaded a second time in the background for cross domain
communication. Third, a channel file will prevent inclusion of extra
hits in your server-side logs. If you do not specify a channelUrl, you
can remove page views containing fb_xd_bust or fb_xd_fragment
parameters from your logs to ensure proper counts.
But it also states that:
The channel file addresses some issues with cross domain communication
in certain browsers.
So it's up to you to decide.
I personally recommend to use the channel and to serve the file from your regular server and not from the static servers.
You should however set the output to have a long caching expiration date so that your server won't get a lot of requests for this file, as they mention in the JS SDK documentation page:
<?php
$cache_expire = 60*60*24*365;
header("Pragma: public");
header("Cache-Control: max-age=".$cache_expire);
header('Expires: ' . gmdate('D, d M Y H:i:s', time()+$cache_expire) . ' GMT');
?>
<script src="//connect.facebook.net/en_US/all.js"></script>
(php example, but can be done with any language).
Hope this answers clarifies things for you.
Sounds like you know the answer already. It has to be on dev.anuary.com. The purpose is to allow for communication between FB and the URL the user accessed.
The channel file should be places on the server / address the user visits, as the channel file is used to fix some cross-site javascript errors. If the user is always accessing your website using HTTPS, then you should reference the channel file using HTTPS as well as any other content.
The channel file itself should stay as <script src="//connect.[..], but make sure all your static content and JS Includes all have https in them.
Recently, Facebook has updated the component "request dialog" assigning responsibility to the exclusion of requests to the developers (http://developers.facebook.com/docs/reference/dialogs/requests#deleting). He also made other adjustments to the format of the request id. Thus added configuration option "request 2.0 efficient" on menu of the application developer.
The problem started after this change , the component "request dialog Multi - Friend- Selector" is in serious trouble. The component is crashed while trying to load friends. Sometimes friends loads, but the component does not resize height.
See the image of the errors:
Crashed before load friends:
http://postimage.org/image/glk2mf3bb/
Resize fail
http://postimage.org/image/iobduhn41/
In chrome browser component generates the following error:
s-static.ak.facebook.com/rsrc.php/v1/yS/r/syXGEAW5WYH.js:36 Uncaught TypeError: Cannot read property 'origin' of undefined
In firefox generates following error:
Erro: Permission denied to access property 'DocRPC'Arquivo-fonte: https://s-static.ak.facebook.com/rsrc.php/v1/yS/r/syXGEAW5WYH.js Linha: 36
Can you reproduce the error with the code itself Documentation
http://developers.facebook.com/docs/reference/dialogs/requests
Help please.
Seeing same errors here, but I can add some info:
It does seem to work if you use the basic example in https://developers.facebook.com/docs/reference/dialogs/requests, which opens up the dialog in a new browser window.
In Chrome, I found an additional error message to the one you posted:
"Unsafe JavaScript attempt to access frame with URL [...] from frame with URL [...]facebook.com/dialog/apprequests. Domains, protocols and ports must match."
From all that I guess the error may be related to the dialog display mode (read https://developers.facebook.com/docs/reference/dialogs). Within my app, I am getting this error exactly as you do, unless I set display to something like 'popup', in which case everything works (but a new borwser window is opened). The docs do state that "Because of the risk of clickjacking, [iframe] is only allowed for some certain dialogs, and requires you to pass a valid access_token." Well, passing access tokens did no good for me.
Little question: are you using some toolkit like GWT?