I am given a URL - Swagger Ui for an applicaiton. I am able to open the url in my mobile but when I tried the same from my system, I am getting the below error.
"Fetch errorPossible cross-origin (CORS) issue? The URL origin (https://xxx.xxx.xxx) does not match the page (https://yyy.yyy.yyy). Check the server returns the correct 'Access-Control-Allow-' headers."*
Can somebody help me fix this error. Since I am able to access this from my mobile, I am not sure whether something needs to be done at server side or browser side.
Any pointers or help would be much helpful.
Related
I just move my website from Apache server to Litespeed server
I reconnect Zapier/integromat but it notices:
Error
401: Invalid response, response must be a XML. Parsed HTML response: 401 Unauthorized. 401. Unauthorized. Proper authorization is required to access this resource!. Proudly powered by Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.
Please help me what reason and how to fix this. Thank you all.
more look like a migration problem instead of the Web server. You should contact your hosting company for details. They can switch between Apache and LSWS, also check the error log for you. You may also need to provide detailed URL for your hosting company to take a look.
I have a software that was developed in delphi and that makes a http get request to a specific url that I want to redirect to another url.
I have the source code but I can't recompile it because it wasn't developed by me, so it would take too much effort and time, and right now I can't afford it.
Anyway, back to my problem.
I tried using fiddler 2. It worked, but only for when I try accessing the url via browser. When my application sends the requests, it doesn't get redirected to the new url.
Does anyone have any other suggestion of what I can do?
I have an APP written in Ruby. The authentication is made through Facebook-Graph_API.
I am using an SSL certificate which is validated through Globe SSL.
The connection is encrypted and almost everything is working fine. BUT!
The connection is insecure caused by mixed content. The pictures which the app is loading are coming through http. But I need this from an https source.
I found here:
Graph API for Facebook developers
that I have to use something like this:
return_ssl_resource => true
But I donĀ“t know at which Position I have to paste this!
Does anybody have an example or experience with this? I you need further Information please let me know.
Thx for your help!
When you're requesting the data from Facebook that contains the images you're going to display, append return_ssl_resource=true as a query parameter to the request you make.
https://graph.facebook.com/<UID>/picture?return_ssl_resources=true
We have realized that this URL http://Keyword:redacted#example.com/ redirects to http://example.com/ when copied and pasted into the browser's address bar.
As far as I understand this might be used in some ftp connections but we have no such use on our website. We are suspecting that we are targeted by an attack and have been warned by Google that we are passing PII (mostly email addresses) in our URL requests to their Google Adsense network. We have not been able to find the source, but we have been warned that the violation is in the form of http://Keyword:redacted#example.com/
How can we stop this from happening?
What URL redirect method we can use to not accept this and return an error message?
FYI I experienced a similar issue for a client website and followed up with Adsense support. The matter was escalated to a specialist team who investigated and determined that flagged violations with the format http://Keyword:redacted#example.com/ will be considered false positives. I'm not sure if this applies to all publishers or was specific to our case, but it might be worth following up with Adsense support.
There is nothing you can do. This is handled entirely by your browser long before it even thinks about "talking" to your server.
That's a strange URL for people to copy/paste into the browser's address bar unless they have been told/trained to do so. Your best bet is to tell them to STOP IT! :-)
I suppose you could look at the HTTP Authorization Headers and report an error if they come in populated... (This would $_SERVER['PHP_AUTH_USER'] in PHP.) I've never looked at these values when the header doesn't request them, so I'm not sure if it would work or not...
The syntax http://abc:def#something.com means you're sending userid='abc', password='def' as basic authentication parameters. Your browser will pull out the userid & password and send them along as authentication information, leaving the url without them.
As Peter Bowers mentioned, you could check the authorization headers and see if they're coming in that way, but you can't stop others from doing it if they want. If it happens a lot then I'd suspect that somewhere there's a web form asking users to enter their user/password and it's getting encoded that way. One way to sleuth it out would be to see if you can identify someone by the userid specified.
Having Keyword:redacted sounds odd. It's possible Google Adsense changed the values to avoid including confidential info.
I'm seeking for solution how to isolate widget included by partial to main site. Issue appear when user access site with https. Ie 6,7 shows security confirmation dialog (part of website resources are not in secure zone).
First of all I download twitter widget on our side, also I download all CSS and pictures. Then I patched widget JS to point onto downloaded resources. But still has not luck with security warning :( I guess the reason of this issue is AJAX request to twitter, but there is no idea how to sole it. (Just to create some kind of proxy on our side).
Thank you for attention.
You just need to host the .js file on your server, and link to that. That is all.
The script auto detects SSL and will make requests to https://twitter-widgets.s3.amazonaws.com/ instead of http//widgets.twimg.com/ dynamically depending on your scenario.
Hope that helps!
geedubb
I got the Twitter Widget to work over HTTPS (SSL) by doing the following:
Save every image, css, and javescript file on my local webserver
Changed every "http" to "https" in the javascript AND in the css
The last piece was tricky. https://twitter.com/statuses/user_timeline.json brings back data that already includes "http"; namely avatars and the profile image. So, I found about four places in widjet.js that used the user_timeline.json data. I hardcoded an image url where ever that "http" data was used. Searching "src" will located all of those places.
It's an ugly fix, but it worked.
You can use a sniffer like HttpWatch to debug this--watch the requests going by and see which ones start with http instead of https. It may be possible to just change the urls you use to point to https://twitter.com, not sure about how your widget works.
thanks Keshar, worked for me. I came to the same conclusion that all http requests had to be https to prevent the IE security warning and also display the twitter feed. I used the live HTTP headers firefox plugin which helps for showing any non-secure http requests, such as the JSON requests.
Jon
If you look through the script there are calls to a https site. If you simply replace the protocol/domain with
https://twitter-widgets.s3.amazonaws.com/
instead of
http//widgets.twimg.com/
it works and you don't have to do anything else.