I notice in the head section of www.youtube.com that the meta property="og:image" content is not a valid URL...
There I read: //s.ytimg.com/yts/img/youtube_logo_stacked-vfl225ZTx.png
A good one and the one which is readable by my browser is:
http://s.ytimg.com/yts/img/youtube_logo_stacked-vfl225ZTx.png
I am interesting to know why Google did this choice?
Thanks from France!
The url that Google chose is called a protocol-less url. Depending on which protocol you are accessing youtube.com (i.e. http or https), the protocol of the image will change. So if you check you can actually access the image both by http or https.
More interestingly even though facebook linter gives error, when you share the youtube.com home page on facebook, it actually picks the correct image.
Hope this helps.
Related
The following Chinese social media post links have been constructed in the correct format, but neither of them is working:
http://v.t.qq.com/share/share.php?url=https://hejuu.com/bonus/0/tencent&title=hejuu.com整套出租,单间出租,出售房产&pic=http://hejuu.com/pages/images/social.png
http://tieba.baidu.com/f/commit/share/openShareApi?url=https://hejuu.com/bonus/0/tieba&title=hejuu.com整套出租,单间出租,出售房产&desc=&pic=http://hejuu.com/pages/images/social.png
I've tried:
Encoding the query string parameters
Changing the submission URL to use HTTP instead of HTTPS
Getting someone in China to test the URL inside the firewall
Any help appreciated!
Tencent QQ resolves to 0.0.0.1 (even inside mainland-China), so the feature is deliberately broken.
The Baidu links appears to work now, however.
This is a website which is relevant to the topic that I am researching - getting an IFrame's current URL address from another domain.
Here it is: http://hidemyipaddress.org/ (to use it simply go to the bottom, enter a website address and click "go").
You can surf any website through their website - and the amazing thing is that they can keep track of your current location, and even show it to you. (Here is a picture to illustrate: http://img199.imageshack.us/img199/6343/image2eb.jpg)
The reason I am asking is because I am trying to do the same thing.
How is this possible, isn't that XSS or something? Thanks for taking your time on this.
This is web based proxy. When you enter an address into the proxy address input and hit search, you are requesting that the proxy server retrieves the website for you. The proxy server requests the page you have asked for, parses the HTML so that all URIs are "proxied URIs", adds any additional HTML such as banners and then returns the page in the http response.
If there were an iframe, the current URL of the iframe would actually be on the same domain. It's a proxy, so the server at hidemyaddress.org is actually returning the html to your client. Furthermore the address of an iframe would be irrelevant. The uri in that address box would just displays the address that you requested. It would not reflect on the src of an iframe or the current location of that frame.
When I attempt to load an embedded video onto my page, using the following:
<embed src="http://www.youtube.com/v/BzC135ql_wA?version=3&enablejsapi=1"></embed>
the request is automatically redirected from HTTP to HTTPS- as a result the API is inaccessible, because of browser security limitations.
This appears to be related to my Google account, as it doesn't redirect if I try from an incognito window. However, this worries me- some users of my site won't be able to use the page as I intended, and as far as I can see I will have no way of knowing.
Is there any way to force HTTP, or anything else I can do here, short of hosting my own site on HTTPS?
There are a number of browser extensions that automatically translate http:// URLs into https:// for a specific set of domains. I'd imagine that you're using one such extension, which would explain why you don't see that behavior in an Incognito window. I can't tell you which extension you might be using—I know that HTTPS Everywhere is popular on Firefox, but not sure which are commonly used on Chrome—but take a look at chrome://extensions/ for any likely culprits.
I'm seeking for solution how to isolate widget included by partial to main site. Issue appear when user access site with https. Ie 6,7 shows security confirmation dialog (part of website resources are not in secure zone).
First of all I download twitter widget on our side, also I download all CSS and pictures. Then I patched widget JS to point onto downloaded resources. But still has not luck with security warning :( I guess the reason of this issue is AJAX request to twitter, but there is no idea how to sole it. (Just to create some kind of proxy on our side).
Thank you for attention.
You just need to host the .js file on your server, and link to that. That is all.
The script auto detects SSL and will make requests to https://twitter-widgets.s3.amazonaws.com/ instead of http//widgets.twimg.com/ dynamically depending on your scenario.
Hope that helps!
geedubb
I got the Twitter Widget to work over HTTPS (SSL) by doing the following:
Save every image, css, and javescript file on my local webserver
Changed every "http" to "https" in the javascript AND in the css
The last piece was tricky. https://twitter.com/statuses/user_timeline.json brings back data that already includes "http"; namely avatars and the profile image. So, I found about four places in widjet.js that used the user_timeline.json data. I hardcoded an image url where ever that "http" data was used. Searching "src" will located all of those places.
It's an ugly fix, but it worked.
You can use a sniffer like HttpWatch to debug this--watch the requests going by and see which ones start with http instead of https. It may be possible to just change the urls you use to point to https://twitter.com, not sure about how your widget works.
thanks Keshar, worked for me. I came to the same conclusion that all http requests had to be https to prevent the IE security warning and also display the twitter feed. I used the live HTTP headers firefox plugin which helps for showing any non-secure http requests, such as the JSON requests.
Jon
If you look through the script there are calls to a https site. If you simply replace the protocol/domain with
https://twitter-widgets.s3.amazonaws.com/
instead of
http//widgets.twimg.com/
it works and you don't have to do anything else.
I faced a problem some time back on a particular website. It has given many hyperlinks on it to other sites. e.g. of one such URL is:
http://http//example.com/a9noaa.asp
It is clearly incorrect (http comes twice) URL so when one clicks on it there is a page error like "Address not found".
But when one copies the link location and pastes it in the browser’s location bar, it loads that new page correctly. So it’s the problem of incorrect URL being mentioned in the hyperlink.
Will it be possible to make browser check for basic sanity of the URL being accessed like checking that:
word http is present only once,
colon is typed correct,
no unusual character at beginning of URL,
double backlashes are correctly present, etc.
Or that the URL being typed in the address bar and automatically correct the errors in it?
Can any client side code be present to make a internet browser achieve this functionality? Is it possible?
Or are there any plugins for popular browsers (Firefox, IE) already available to achieve this?
Thank you.
-AD.
First of all, http://http//example.com/a9noaa.asp is a valid URI with http as the scheme, the second http as the host name and //example.com/a9noaa.asp as the path. So if it’s not invalid, the browser has no need to correct it.
Now let’s look at the location bar. Most user friendly browsers do some error correction if the location that has been entered is invalid. One of that correction measures is to prepend the string with http:// if that’s not present. So you just have to type example.com to request http://example.com.
Another correction measure is to complete unknown host names with http://www. and and .com before and after the entered string. So you just have to type example, hit enter and you request http://www.example.com.
But any error correction outside the location bar can especially in hyperlinks can be crucial. Take this for example: A guest enters his/her website URI in a guestbook entry but ommits the http://. Now that value is used in a hyperlink but the missing http:// is not prefixed. So the link might look like this:
Website
If you click on such a link, the relative URI of that link would be resolved to an absolute URI using the current document’s URI as the base. So the link might be expanded to http://some.example/guestbook/example.com. Who hasn’t experienced that?
But correcting that missing http:// in the browser is fatal. Because the auther might have intended to reference http://some.example/guestbook/example.com instead of http://example.com that the browser would expect.
So to round it up: Correcting the user’s location bar input suitable when there is something missing (e.g. the http://). But doing that on every link is not.
The URL you posted is not "incorrect", it is valid. Hostnames can take many forms, such as http://localhost/ or http://http/ as well as the more common http://example.com
If you don't include http:// or another protocol in a web link, then the browser assumes you are using a relative link. For example...
link
...will link to http://yoursite.com/www.example.com, because this is a perfectly valid URL - you can name a file www.example.com.
I would recommend contacting the website in question to fix their error. No browsers will correct this automatically.
It really shouldn't be up to the browser to correct mal-formed URLs. A URL is supposed to be a unique identifier of some page. The one doing the linking to the page should take care to link to the correct page. There must be no guesswork involved in opening a URL.
That said, some browsers are better than others. Of the top of my head I think IE won't understand "localhost:8888/test" (no protocol given and not standard port 80), but Firefox will at least try to access it via "http://localhost:8888/test". This kind of best-guess filling-in-the-blanks is fine I think, any further auto-correction would be doing too much.
Safari for example will try to auto-guess domain names for you. If "apple/safari" yields a DNS error, it'll automatically try to complete the address to "apple.com/safari". With your URL it might try to complete it to "http://http.com//example.com/a9noaa.asp", which might yield a page if http.com exists. There's just no one way of doing it, therefore it shouldn't be done at all.