|
Well, based on the information provided, there's no way you should be violating the same-origin policy. The protocol, domain, and port all match; the only difference is the path.
Same-origin policy - Web security | MDN[^]
Have you tried a different browser, in case there's a problem with the one you're using or one of its plugins?
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
Agreed, I do not believe it should be a CORS request... with one exception to that thought... But yes, different browsers and computers. I even tried accessing it with a Super Nintendo from WAY back in the day and that turned out exactly as you'd expect! I went so far as to try VM Kubuntu also running firefox and same thing.
So this is probably affecting it, but the iframe is in Sandbox mode, with scripts allowed, so I think its *possible* I may need to use CORS anyway due to the IFrame being Sandboxed. CSP appears to work perfectly as expected.
I am trying something from an inverse approach. Put it on "full lockdown", then open up for things that are needed. And I cant quite figure out how to "open it back up" without completely unlocking it.
My concept is to do something "super" stupid as far as security pros will say. Users get to upload their own scripts to interact with a Canvas Object that other users can view and interact with. Everything else needs to be in full on lockdown mode. So I know I am asking for things that conflict. Most things work so far. Browsers shouldnt have access to Http Only cookies, this particular IFrame should. This is the only thing I want to work differently that doesnt work. CSP did a great job of only allowing open data connections to scripts and sources specified in the CSP headers from PHP / Apache.
Perhaps a safer idea would be to figure out how to make this a CORS request and do that properly?
---
Edit:
Yay! I have a NEW error! It is different than the OLD error so the fact that I have a NEW error is wonderful news to me!
Firefox Error: (Ambiguous) Error: TypeError: NetworkError when attempting to fetch resource.
Chrome Error: POST https://www.webucate.me/cors_csp/jsondata.php net::ERR_BLOCKED_BY_RESPONSE
fetchData @ iframe.php:76
So now it is between my fetch call and probably PHP headers:
const fetchData = async function(data = {}) {
let url = 'https://www.webucate.me:443/cors_csp/jsondata.php';
const response = await fetch(url, {
method: 'POST',
mode: 'no-cors',
cache: 'no-cache',
credentials: 'include',
headers: {
'Content-Type': 'application/x-www-form-urlencoded',
},
redirect: 'follow',
referrerPolicy: 'same-origin',
body: JSON.stringify(data)
})
.then(response => response.json())
.then(result => {
console.log('Success:', result);
})
.catch(error => {
console.warn('Error:', error);
return;
});
return response.json();
}
<?php
header("Content-Type: application/json; charset=utf-8");
header('Access-Control-Allow-Credentials: true', false);
header('Access-Control-Allow-Methods: POST', false);
header('X-Frame-Options: same-origin' );
header('Cross-Origin-Resource-Policy: same-origin', false);
$cookie = (isset($_COOKIE['TestCookie'])) ? $_COOKIE['TestCookie'] : 'No Cookies';
$time = time();
$msg = array("time" => $time, "cookie" => $cookie);
echo json_encode($msg);
setrawcookie('TestCookie','123456', time() + 86400, '/', 'www.webucate.me', true, 'None');
?>
What is my next step?
modified 15-Mar-21 18:52pm.
|
|
|
|
|
I assume you've tried adding allow-same-origin to the sandbox attribute?
<iframe>: The Inline Frame element - HTML: HyperText Markup Language | MDN[^]
Without it, the content is "treated as being from a special origin that always fails the same-origin policy".
The ERR_BLOCKED_BY_RESPONSE seems to be related to the X-Frame-Options header. The value needs to be SAMEORIGIN , not same-origin :
X-Frame-Options - HTTP | MDN[^]
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
I looked at that allow-same-origin iframe attribute and I believe it wont work for what I have it intended for, as the IFrame would be an include on other peoples sites, not my own, I believe it would not be appropriate for that header. ... (?)
Well, I got it "sort of" talking. Im now getting back Opaque responses but no data! Im so confuzzled, and kind of frustrated. I feel like all I am doing is throwing headers at it and hoping something sticks and each header fixes something some other header does! Hour of reading, 2 minutes of code, go back to reading, and very little success... I did take your advice and used fetch instead of XMLHttpRequest, which seems more flexibler! Is that a word?
What do I need to do for me to get data back from the cookie in php and not just an Opaque response?
|
|
|
|
|
Hi All, Hope all is well well. I have a coding question I cant seem to figure out. I have a form in HTML5 which has columns that I want to sum and show in a totals box. The totals are summed when a button that calls the sum() function when clicked. From the code below I'm just trying to sum two boxes which represent a value for each hour total. My problem is that when I click on the button with only a value in the first box, then i get a NaN in the results box...no matter how many times i click it...but when i enter a value in the second box the sum is completed and the correct total is displayed. Could someone explain please why this only works with 2 values and not just 1....hope this is clear. Thanks to all who try
regards
<pre><script type="text/javascript" ></script>
<script type="text/javascript">
function sum() {
var result= 0;
var txtFirstNo = document.getElementById('Text1').value;
var txtSecondNo = document.getElementById('Text6').value;
if (!isNaN(txtFirstNo)){
result = parseInt(txtFirstNo);
document.getElementById('Tar').value = parseInt(result);
}
if (!isNaN(txtSecondNo)){
result = parseInt(txtFirstNo) + parseInt(txtSecondNo);
document.getElementById('Tar').value = result;
}
if (!isNaN(result)) {
document.getElementById('Tar').value = result;
}
}
</script>
|
|
|
|
|
All you have to do is debug your code and you'll figure it out. Note, isNaN('') returns false because '' gets converted to a number first (0).
But all you have to do is debug. Very easy.
|
|
|
|
|
NaN means "Not a Number" and that's telling you something of the problem.
What is the value of what's in the empty box? If you parseInt() something that is in possibly not a number did you look up what parseInt() gives back[^]?
OK - so you add the value from the box you typed in (a number) to the value in the box that has something that is almost certainly not a number: how can it give you any sort of result except that it is not a number (NaN) ? What do you get if you type your name in the box (instead of a number)? Or even with a number in the other?
One solution is to check the value and if parseInt() give you something that is not an INT then you set it to 0 . Are you doing that with in any way with your isNaN() test?
Ravings en masse^ |
---|
"The difference between genius and stupidity is that genius has its limits." - Albert Einstein | "If you are searching for perfection in others, then you seek disappointment. If you seek perfection in yourself, then you will find failure." - Balboos HaGadol Mar 2010 |
|
|
|
|
|
hi
W∴ Balboos , thanks for the reply. Ive rethought the condition of the if statement and the following code seems to work. The only issue being if one of the text boxes is left empty then a NaN is given in the result . Just have to make sure the user puts a zero in for that hour just now to prevent that until i think of something else
regards
<pre> function sum() {
var txtFirstNo = document.getElementById('Text1').value;
var txtSecondNo = document.getElementById('Text6').value;
var txtThirdNo = document.getElementById('Text11').value;
var txtFourthNo = document.getElementById('Text16').value;
if(!(document.getElementById('Text1').value).length==0){
result = parseInt(txtFirstNo);
document.getElementById('Tar').value = result;
}
if(!(document.getElementById('Text6').value).length==0){
result = parseInt(txtFirstNo) + parseInt(txtSecondNo);
document.getElementById('Tar').value = result;
}
if(!(document.getElementById('Text11').value).length==0){
result = parseInt(txtFirstNo) + parseInt(txtSecondNo) + parseInt(txtThirdNo);
document.getElementById('Tar').value = result;
}
if(!(document.getElementById('Text16').value).length==0){
result = parseInt(txtFirstNo) + parseInt(txtSecondNo) + parseInt(txtThirdNo) + parseInt(txtFourthNo);
document.getElementById('Tar').value = result;
}
}
</script>
|
|
|
|
|
Two things I think you need to focus on learning: Console Log, and Typeof.
Javascript has a few primitive types of variables. It looks like you started going back and forth with int coming up as strings. I saw you put in parseInt which is what you need. What else may help is instead of putting things out to a browser element, you can access them with the Console.
Console = press F12 and look at the "Console". (Except IE because IE still sucks)
So you can try your first one with this:
console.log("Hello World")
This is rather important as next thing to try to see if a value is an Integer or not is this:
console.log(typeof myVar)
That should tell you Integer or String or Array. If you try to add a String to an Integer you get a hybrid and the Int is converted to a string.
var myVar = "Hello" + 12345;
console.log(myVar);
The output of that will be "Hello12345" Happens with Numbers also, which is when you end up with NaN or "Not a Number" which can be checked with "isNaN(var)".
So lets say you have this:
var varA = 10;
var varB = "20";
var sum = varA + varB;
Did you notice the quotes on varB? It means that although there are numeric characters in it, the variable is treated like a String, which causes varA to be typecast to a String. Your output there would be "1020" not the 30 like you expect.
Back to the console for just a moment. If you need to check the value of a variable or object or something in your code without jumping thru a thousand hoops to even see what that is, you can "LOG" that. In the console you can type your variable name. Simply type "varA" without the quotes and the console will output whatever the VALUE of varA is. You can also try putting in "typeof varA" (again, no quotes) and see if the VALUE is an integer or string, which is where I think you have the most trouble!
It doesnt fix your problem, but I hope this helps to undestand what the problem is and some of the tools you have available to you!
|
|
|
|
|
15100276
Thanks alot for taking the time to reply in such a detailed way, its much appreciated. its a lot clearer now and the touchscreen project now sums the columns and ive added conditional formatting ...the coding would probably send shivers to your bones but tidying it up and making it more efficient is the next step. Again thanks for taking the time to reply.
|
|
|
|
|
Dear Concern,
I am a new learner of javascript. Please expert will suggest to me, which is a good beginning project for understanding.
|
|
|
|
|
|
Connecting to the question, I would be grateful for the answer
|
|
|
|
|
|
Just posting a link and not elaborating on your question is not a good way to get answers.
Describe the problem here, not on another site
|
|
|
|
|
Hi, I am trying to read a value from Table Cell, but even if I am using parseFloat, Number or any function its always returning me null value, hence total is coming as null from the below code of JavaScript, any help please?
if ((m.PaymentPlan.ViolationsUniquePenaltyApplied != null) && (m.PaymentPlan.ViolationsUniquePenaltyApplied != 'undefined'))
for (let i = 0; i < m.PaymentPlan.ViolationsUniquePenaltyApplied.length; i++) {
let t = '#' + 'td0' + i;
let a = parseFloat($(t).html());
let b = Number($(t).html());
console.log('a');
console.log(a);
console.log(b);
totalRemaining = parseFloat(totalRemaining) - a;
console.log('totalRemaining');
console.log(totalRemaining);
}
|
|
|
|
|
What is the actual text returned from $(t).html() ?
|
|
|
|
|
|
when I try the code I get NaN , most likely because totalRemaining is not defined before it is used in the final expression.
|
|
|
|
|
No totalRemaining is also printing as 5000.00, but when I am trying to add them its retuning NaN
My total function as below:
saveTotalPenalty: function (paramdata, id, indx) {
var m = this.get('model');
let totalRemaining = m.PaymentPlan.TotalAmount;
this.penaltyPerUnit = $(this.boxId).val() / paramdata.Cnt;
this.penaltyPerUnit = this.penaltyPerUnit.toFixed(2);
if ((m.PaymentPlan.ViolationsUniquePenaltyApplied != null) && (m.PaymentPlan.ViolationsUniquePenaltyApplied != 'undefined'))
for (let i = 0; i < m.PaymentPlan.ViolationsUniquePenaltyApplied.length; i++) {
let t = '#' + 'td0' + i;
let a = parseFloat($(t).html().valueOf());
console.log('a');
console.log(a);
totalRemaining = parseFloat(totalRemaining) - a;
console.log('totalRemaining');
console.log(totalRemaining);
}
if ((m.PaymentPlan.ViolationsUniquePenaltyNotApplied != null) && (m.PaymentPlan.ViolationsUniquePenaltyNotApplied != 'undefined'))
for (let i = 0; i < m.PaymentPlan.ViolationsUniquePenaltyNotApplied.length; i++) {
let t = '#' + 'txt' + i;
totalRemaining = totalRemaining - $(t).val();
}
totalRemaining = totalRemaining.toFixed(2);
$('#thTotalRemaining').html(totalRemaining)
if ((paramdata.PenaltyAssessed == null) || (paramdata.PenaltyAssessed == 0) || (paramdata.PenaltyAssessed == 'undefined') || isNaN(paramdata.PenaltyAssessed))
return;
$('#td' + indx).html(this.penaltyPerUnit);
var scope = this;
var data = {
violationPenaltyAdjustment: paramdata,
CaseId: id,
PenaltyAssessed: paramdata.PenaltyAssessed
};
scope.api('Paymentxxxn/AddTotalxxxx').post(data).then(function (response) {
toastr.success("Payment added");
}, function (error) {
Ember.set(payment, "isLoading", false);
toastr.error("Error adding payment plan item");
});
}
modified 18-Feb-21 5:06am.
|
|
|
|
|
I just tried with totalRemaining set to 5000, and the results are correct. There must be something else happening in your code.
|
|
|
|
|
No actually when I am printing as below:
console.log('$(t).html()');
console.log($(t).html());
let a = parseFloat($(t).html());
console.log('a');
console.log(a);
console.log($(t).html()); is printing 1000 but after doing this, it is printing a value as NaN, any help please?
|
|
|
|
|
Sorry, there is nothing more I can do. When I run those few lines of code I get the correct answer. But I cannot reproduce your problem since i do not have all the code.
|
|
|
|
|
So, I am experimenting with recordRTC. I can create the recording and produce a webm file.
Now I need to upload it from the client to the server so I can convert it to mp4.
Any ideas how i can achieve this efficiently?
Thanks,
Ray
|
|
|
|
|
I'm building an application with node.js, and I'm facing a problem connecting javascript or jquery with my node backend APIs. as an example: I can not do import to my controller APIs folder for the javascript or ajax, I tried to do ( type='modle') in config but it make it worse, show me errors for all my (require), so if there's an easy way to connect my scripts with my APIs I will be glad to you guys. even Axios (import axios from 'axios';) did not work with me. and I'm using pug template.
|
|
|
|