This question already has an answer here:
SecurityError from Facebook and Cross Domain Messaging
(1 answer)
Closed 5 years ago.
I'm seeing a security error on my site.
SecurityError: Blocked a frame with origin "https://www.my-site.com" from accessing a frame with origin "https://www.google.com". Protocols, domains, and ports must match.
This is strange for two reasons -
1 - 100% of occurrences are in Chrome for iOS.
2 - all of the similar errors on Stack Overflow I see of this type are the reverse situation; the iframe attempting to access the enclosing page.
Any insight into what's going on here?
This appears to be duplicated by
SecurityError from Facebook and Cross Domain Messaging
as well as
Facebook iFrame security error (document.domain) raised by hasPasswordField_
Related
This question already has answers here:
SecurityError: Blocked a frame with origin from accessing a cross-origin frame
(9 answers)
Closed 3 months ago.
When some javascript trys to load an iframe when a popup is fired, it gives the error
Blocked a frame with origin "https://www3.example.com" from accessing a frame with origin "https://www.example.com". Protocols, domains, and ports must match.
I understand that is because of the security feature Same Origin Policy.
Can I allow this subdomain for dynamicly loaded by for eg setting .htacess headers? How? I've tried:
Header set Access-Control-Allow-Origin "*"
Content-Security-Policy: frame-ancestors 'self' https://www3.example.com;
Which have not solved it.
Update:
I'm not trying to "access" the iframe, just create it. I'm not sure if the suggested duplicate is the same thing.
This is due to the same origin policy, not content security policy. As the origin (scheme, host and port) differs, javascript is not able to access it. You must host both pages on the same subdomain for this to work.
This question already has an answer here:
Karate DSL: Getting connection timeout error
(1 answer)
Closed 2 years ago.
I have an endpoint that I use to get a token. I use content type as application/x-www-form-urlencoded. In body, I select "x-www-form-urlencoded" and provide 4 key values as seen in the picture. It works on postman, but I could not make it work in karate framework. I get connect time out error all the time. I tried to use form field for each key and one form field including all keys and values, but none of them worked. By the way, I did remove request section in the picture and try without request as well. it did not work, too.
Am I missing something? Thanks already and thanks for such a great tool for us!
Quite likely you have a corporate proxy in the picture. Do a search for other answers on SO, for e.g: https://stackoverflow.com/search?q=%5Bkarate%5D+postman+proxy
Here's how to set a proxy: https://github.com/intuit/karate#configure
karate.configure('proxy','http://myhost:80');
EDIT: for others landing here, besides the fact that an HTTP proxy may be in the picture - another place where Karate behaves a bit differently than Postman is that Karate does not auto-send an Accept header by default.
I have wasted several hours in vain. Some Stack Overflow answers elsewhere say that Google documentation is incorrect. However, their suggestions did not work for me. I still get this error:
Google Maps API error: RefererNotAllowedMapError
https://developers.google.com/maps/documentation/javascript/error-messages#referer-not-allowed-map-error
Your site URL to be authorized: http://localhost:3000/addresses/1
How am I supposed to do it on a Rails application in development mode?
I have tried various combinations of Application restrictions and I can not make it work. How do I correctly set up my API_KEY and it's restrictions? The UI has changed and the old answers do not help at all.
If you haven't already, make sure you add localhost:3000/* to the "Accept requests from these HTTP referrers (web sites)" field. It's a little awkward to get this to save if I remember correctly.
Here's a screen shot of my settings that are working:
Closed. This question needs debugging details. It is not currently accepting answers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Closed 6 years ago.
Improve this question
I'm hosting an ASP.NET MVC 4.6.2 application in Microsoft Azure in an App Service Plan and using it purely as an API (that is, I'm not using WebAPI but using standard Controllers and Actions as my API for a web UI that lives in a different project).
Everything was working fine until I started getting a generic 500 Internal Server Error returned from one of my Actions (also, all actions are configured to return JSON). Other Actions work fine.
I have Rollbar setup to log all Application exceptions and nothing was being reported.
What was causing this error?
A big clue was Rollbar exceptions being logged, therefore it was happening earlier in the pipeline before my application code was being executed.
I used the Postman extension for Chrome to test submitting to the API and it worked fine.
Thinking for a moment I concluded and confirmed that the AJAX request data being POSTed from the UI didn't conform to the method signature of the Action I was submitting to. In fact, it was a login form and I had incorrectly configured my front-end code to pass a text 'rememeber-me' to my boolean 'RememberMe' parameter instead of a true/false value. Fixing this fixed the issue.
What I need to investigate now is how to effectively produce details logs and alerts on this type of exception in production.
This question already has answers here:
Closed 10 years ago.
Possible Duplicate:
Rails 3 Sending errors to email
I want to add custom code that sends the Admin an email each time there is a system failure and the default error files 404 and 500 are rendered.
Please have a look at exception_notifier gem – it is capable of sending emails with exception details to the address you configure.
As for 404 errors – it might a bit tricky to catch, you have to setup a wildcard route for that. In addition to that, sending emails on every 404 might be a bad option (these happen quite a few times for live sites).