https://www.facebook.com/apps/application.php?id=212108875466071
As far as I can tell, we are doing everything right, and FB's new new mini-feed App browser seems to be injecting ONE or TWO insecure resources from time to time.... NOT all the time.
How can I be positive it's FB's fault, so I can file a bug? We are only showing broken https with the new iframe.... and most of what is being is supplied by that setup IS secure, but they have stupid little things like an insecure 'credits' ikon, which breaks the whole damn thing.
If it's our fault, I need to fix it. If it's FB's, I need to stop wasting so much time debugging their platform for them.
Look at chrome's javascript console, it show warnings when an insecure resource is loaded on a secure page.
See the warning before the syntax error.
See also http://googleonlinesecurity.blogspot.com/2011/06/trying-to-end-mixed-scripting.html (where this image come from).
Related
The title pretty much says it all. When I'm running HTTP(S) Test Script Recorder, one particular page becomes unresponsive - when I click on something it just reloads. The recorder itself is working fine, it is recording every step. And the problem is not proxy related. I've successfully recorded other pages of the same website. When I'm not recording, there are no problems.
It's a .NET 3.5 project.
The page itself has a lot of forms, file uploads, etc, but as far as I know, it should not interfere with recording or even more - with browsing the page. When debugging the project, no breakpoints are hit, so I assume that something gets lost before reaching the server.
Browsers that I've tried: tried FF, Chrome, Edge, IE.
Tried recording the web locally and online. Same thing.
Played around (reinstalled and whatnot) with certificates, didn't help.
Has anyone encountered such a problem? What could be done to fix this? I'm more interested in finding the solution, than a way around (blazemeter, badboy). Any help would be very appreciated.
EDIT: I tried recording with blazemeter and it worked. But when looking at view results tree I noticed that the request path and parameters don't change, even when in the HTTP Request Sampler they are different. So there's no solution yet
This often happens to me and what I've found is that JMeter changes the root certificate in the bin folder every week. So usually the HTTP traffic is fine but certain HTTPS traffic won't work. So make sure that your browsers are seeing the latest JMeter certificate and not using an old one that doesn't exist anymore. On Windows, Chrome and IE use the certificates in Internet Options, while Firefox needs to have it added to it manually.
It turns out that in Test Script Recorder HTTP Sampler Settings choosing Type: Java was all that was needed. I suspect that the issue was related to file upload being involved.
I am encountering a strange issue which is only affecting several users from an over 7000 user-base. Having searched the web for several hours to no avail, I'm hoping someone here can help!
I have an ASP.NET 2.0 website and when certain users try to access the home page (Default.aspx) they receive a white screen with no content loaded. This issue is occurring both in production environment and if I run the solution against a copy of production data. So I am able to replicate the exact same issue when I pseudo the problematic users.
When debugging the application in VS2005 and set a breakpoint in the code behind in the Default.aspx, the breakpoints are fired/hit so I know the request is working. The problem seems to be once the server has finished serving the request, the response back to the client/browser is empty.
Here's another strange thing I've noticed. If I alter the HTML in Default.aspx by adding a new white line or whitespace, the page will load fine for the same set of users. I thought I had resolved the issue with this fix but unfortunately the white screen issue just manifests itself once again.
Within Default.aspx, there's some AJAX requests using jQuery .load function but this can't be the issue because this functionality exists for every user of the site. The only variable is the amount of content returned within this request can vary depending on the user. But why would it resolve itself when I put a whitespace or whiteline in the page and then manifest itself hours later?
Another thing to note is it's only Default.aspx that is encountering this issue. If I browse to another page by typing in a page in the address bar, the page is served OK.
Hope someone can point me in the right direction on how I can debug or even resolve the issue.
It sounds like your ajax is the cause but without seeing some code, it's difficult to know why.
It could be a timeout, or an error that is preventing the ajax from completing it's function.
You need to use a tool like Charles or Fiddler to debug what is happening whilst the page loads whilst logged in as these users. In a nutshell, a tool like Charles will display all the detail surrounding requests made and responses served to the browser, including any failed responses.
I think it has to do with http headers, caching or encoding. But I cannot tell more without code.
Is output caching enabled for this page?
Can you give us the raw http headers for both the request and response?
If a white screen appears, will it be fixed by pressing ctrl+f5?
I wish I had a more generic way of asking this question but I really can't figure out what could be going on.
Using dev-channel Chrome 26 (and IE 10) I'm hitting a simple html site in my public dropbox here
In my browser Handlebars.js (from cdnjs.com) never loads and I get an error. Heck, according to the Network tab it never even tries to load it. Yet click through the source and the script file - it is definitely a live link. Why handlebars? Additionally, running the same exact site with a local server loads just fine.
I'm at a loss here what could possibly have this effect. You'd think the issue would be running the server in dropbox but it seems to be the actual browser misbehaving. And why on earth does it not make any request at all?
My repo by the way is on github on the preformance-tuning branch
It looks like Chrome is throwing an insecure content warning on your scripts. Most likely because you are trying to access content hosted over HTTP while your site is being served from dropbox using ssl. Most likely a Chrome security setting silently block scripts it considers "insecure"
Ok, this might be more of a networking question than programming but I'm not really sure what is going on here:
I'm having intermittent problems with my site where I am only partially downloading javascript documents. By intermittent, I mean that on the same browser (Safari in this case) I can view that javascript file in my browser and refresh the page and still only see the file partially downloaded, but another browser (Chrome) I see the file correctly downloaded. Clearing the browser cache has no effect either.
The odd thing is that it appears to be location specific, as when I check the site from home, still using Safari, I have zero issues. The problem also seems to be machine independent, as I also occasionally get the same javascript errors on my iPad (when at work on the same network).
I'm 100% sure it isn't a syntax error or anything with the javascript, as the file that fails most often is a minified copy of jQuery (downloaded from their site, though hosted on my site's server)
I have tried turning off mod_deflate on the idea that it might be compression that was causing the issue, but this had no effect.
I have spoken to the network admins at both my end, and the hosting server end and they claim that it isn't anything wrong with their network, though they are possibly just deflecting a complex issue.
Any ideas on how I can narrow down the issue?
I'm creating an ASP.NET application which uses Facebook Connect and fbml tags. It also uses the LinkedIn widget. When I run this app in any browser, there are no warnings and everything works. However, in IE, a message like this comes up:
Security Warning:
The current webpage is trying to open a site in your Trusted sites list. Do you want to allow this?
Current site:http://www.facebook.com
Trusted site:http://localhost
(same for LinkedIn.com). I know how to fix this from a client perspective and to stop the security warning showing up. However, is it possible to ensure this message doesn't come up as it could be off putting for users who don't know how to suppress this warning? I haven't tried uploading it to my webhost, so not sure if this message will appear for everyone in production. However, I always get it on my local machine.
(None of my pages use SSL, so I don't think that's the issue. I tried using FB's HTTPS urls but that didn't make a difference).
Thanks
I have come across the IE message many times. Whilst this might not be the case here I always check in Firebug to see if any requests are going to Https (using Net tab). If may be the case that something you are referencing is itself making a call to something else.
Often you get that message if you are serving an https page and then going to fetch an image over http.
Might not help but is the first thing I do in this situation.