I am getting the same error again and again from shopify, I tried multiple solutions and did some google work also but can't find the exact solution.
embedded app with Next.js
Please add this code top of your core files. for security header
Header('Content-Security-Policy', 'frame-ancestors ${shop} https://admin.shopify.com;');
Related
I am setting up a web api for the first time and I have another project for reference. It is a .NET framework project that will have a React frontend. I am running it using Visual Studio and IIS Express.
I have no build errors when I start the api project. It has swagger added so I can test database calls, so I know the api itself is working. But I am missing adding something as I am looking to add more security to it.
I am trying to verify authentication and I want to use integrated Windows authentication. When I set a break point, the user in the HttpContext.Current is never set and is never authenticated, so I can't add any authorization filters.
I went back to just the basic empty api project that has the frontend web pages removed to see if I removed something and it shows the same issue. So I either removed it again or I am actually missing adding something.
I am not sure where to look for what is missing, so any pointers would be appreciated.
The left browser is what I am expecting and the right browser is what I am seeing.
I don't need the directory browse turned on, so seeing a 403.14 - Forbidden is fine. But I am clearly missing something to get to that point. Is there a better way to figure out which resource/dependency is causing this error?
I can also see the working version requested url is what I am expecting, but the other is just a /.
Is there a way to resolve that if this is the error?
I can add code snippets if needed, but I haven't yet as I am not sure where the issue is.
I ended up finding the answer using blank test web apis to see what I may have left in that wasn't needed. The project was set up using this option:
After removing the views, etc., to make it strictly an api project. I started removing references (and clearing the associated errors) and seeing what happened with the build after each change.
Under the App_Start folder, there were some additional files that weren't present in the project I had for comparison - FilterConfig, and RouteConfig - which were also called in the Global.asax.
I removed the call in Global.asax for all three and I was able to see the expected http error page.
I dont have enough reputation for a comment, but you got 404 error, which, as you know, means there is nothing on that url. So check the route config and startup.cs Edit: I am on the phone so I didnt saw you already solved it. Good :)
I've developed a SPA using VueJS, Quasar, and Firebase. Currently, the app is hosted on Firebase and makes use of the Storage and the Firestore Database features. I've encountered an issue regarding a simple yet very useful feature, Facebook/Twitter/Linkedin social share buttons(html 'a' tags that pass the URL to be shared). After much reading into the matter, I've come to understand these social platforms use crawlers to subtract certain open graph 'meta' tags from the served HTML to form a cohesive post that includes Images, Title, Description.
The obstacle I'm facing is that this being a SPA, the same static HTML is always served from the hosting service(Firebase). This means that the meta tags that would need to be unique per different route can't be changed, for example, injected using javascript. I've reached this conclusion after hours of painstakingly trying to find a work-around using different injection methods and libraries even trying to see if NuxtJs would somehow be of help. Now I understand that logically this cannot work since the same HTML file will always be served in a SPA.
Based on my current understanding, which might be wrong, I will need to implement Cloud Functions(sort of a server provided by google) in order to intercept the HTML requests from these crawlers and somehow serve a server-rendered HTML file containing these meta tags.
My questions for anyone that has stumbled upon something similar would be:
First of all is there something I'm missing and there is a way of serving a rendered HTML file with the current setup?
Is there a way of implementing Cloud Functions to intercept requests from these crawlers or otherwise continue the current SPA flow?
I have a problem when placing an App module(v 8.4.8) on a page. When I placed an App module on a page I got a pop up saying "Had an error talking to the server (status 404). if you are an advanced user you can learn more about what went wrong - discover how on 2sxc.org/help?tag=debug".
This error happens on whatever action I try to do: trying to add and app, refresh page etc.
I checked a communication to the server using Firebug and seems that one of APIs are missing:
~/desktopmodules/2sxc/api/view/Module/GetSelectableApps
Referer: ~/desktopmodules/tosic_sexycontent/dist/dnn/ui.html?sxcver=8.4.8.19191
Did I missed something? Should I make some configuration after SexyContent module install (v 8.4.8)?
I just checked a video by Daniel Mettler where he showed how to install a module and seems that process is simple. Nothing to worry about.
Does anybody has any idea what might went wrong here?
The same actually happens when I install and Content module: Error about missing APIs:
~/desktopmodules/2sxc/api/view/Module/GetSelectableContentTypes
~/desktopmodules/2sxc/api/view/Module/GetSelectableTemplates
Thanks a lot for your time
My best guess is that it's an issue with the dnn domain/path configuration. So basically my guess is that
you have multiple domains, and if this is configured incorrectly, the paths in the js-calls won't fully match the original one
you have sub-portal (with paths like /products/) or something, and this isn't configured correctly in dnn
languages in portal-paths are causing similar issues.
So please compare EXACTLY the full base path and see if that's the issue.
I have been working on a project which requires large files to be uploaded (high res images, and videos etc). Windows website on IIS6 and dev on IIS7.
I am used to using Intelligencia.UrlRewriter for URL rewriting and this has worked brilliantly for me in on other projects.
I created a small test website to test NeatUpload and this worked really well, and once I'd figured out how to add some jQuery and more interesting formatting worked well.
However, once I copied the new code into the real web site the page failed with a HTTP Error:
HTTP Error 404.13 - Not Found
The request filtering module is configured to deny a request that exceeds the request content length.
I read the manual and tried the suggested fixes to I did not get any joy.
Has anyone come across this conflict before, or found a work around or solution?
Or if it is a non-starter, are there any other (non-flash) based 3rd party solutions I can use for uploading large files? I have wasted 3 days so far and I am starting to lose patience. :-(
Cheers
Toby
This link has the solution to the problem:
http://deepeshsomani.wordpress.com/2011/08/16/how-to-resolve-file-size-error-for-files-whose-size-is-larger-than-specified-in-web-config/
Faced the same issue and resolved it using the same approach after a week spent like hell for a solution.
I'm embedding the Google Maps Flash API in Flex and it runs fine locally with the watermark on it, etc. When I upload it to the server (flex.mydomain.com) I get a sandbox security error listed below:
SecurityError: Error #2121: Security sandbox violation: Loader.content: http://mydomain.com/main.swf?Fri, 12 Sep 2008 21:46:03 UTC cannot access http://maps.googleapis.com/maps/lib/map_1_6.swf. This may be worked around by calling Security.allowDomain.
at flash.display::Loader/get content()
at com.google.maps::ClientBootstrap/createFactory()
at com.google.maps::ClientBootstrap/executeNextFrameCalls()
Does anyone have any experience with embedding the Google Maps Flash API into Flex components and specifically settings security settings to make this work? I did get a new API key that is registered to my domain and am using that when it's published.
I've tried doing the following in the main application as well as the component:
Security.allowDomain('*')
Security.allowDomain('maps.googleapis.com')
Security.allowDomain('mydomain.com')
This sounds like a crossdomain.xml related problem. I did a quick search and there seems to be many people with the same issue. Some proxy requests through XMLHttpRequest etc..
Issue 406: Add crossdomain.xml for Google Accounts
Thanks for the help. Apparently this has something to do with including the Flex app on an ASP.NET page. When I moved it over to a flat HTML file, it worked fine. I don't have time to fully investigate right now, but that seems to have fixed it.