To support usage of SharedArrayBuffer in our web app we had to add the response headers:
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
We have also tried:
Cross-Origin-Embedder-Policy: credentialless
Cross-Origin-Opener-Policy: same-origin
The problem with either of these sets of values is that the google drive picker integrated in our application quits working and the google picker panel displays:
docs.google.com refused to connect
If we don't provide a Cross-Origin-Embedder-Policy then the google drive picker works as expected.
Related
I have a simple html file saved in my desktop. This html file needs to send the link to a json file(stored in azure blob) to the app included in this webpage.
Script part of the webpage
<script>
var zbc = "https://blobtempdemo.blob.core.windows.net/path/to_required_file.json";
require(['scripts/SampleApp/App'], function(App)
{
App.start(abc);
});
The json file is stored in microsoft azure blob. When i run the webpage in Mozilla Firefox, it gives a warning saying
Warning
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://blobtempdemo.blob.core.windows.net/path/to_required_file.json. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing).
The app/ web page works perfectly when all the files are saved in my desktop.
When i paste the url in the firefox, it can get the file and ask me if i want to download it. But it does not work when the file is in the blob and i open this webpage.
Any Help?
Just allow CORS from all the domains (just to test) in the target storage account. That should do it. Use * as the value for allowed domains.
Reference:
https://learn.microsoft.com/en-us/rest/api/storageservices/fileservices/cross-origin-resource-sharing--cors--support-for-the-azure-storage-services
I am trying to enable push notifications on my website using VAPID keys.
When i include the gcm_sender_id and remove the applicationServerKey from the pushManager.subscribe method, it runs fine.
Only when i enable VAPID keys and remove the gcm_sender_id from manifest.json file. i get the foloowing error.
DOMException: Registration failed - push service error
I am using Chrome browser.
I encountered this error in Brave browser. By default, Google Services for push messaging are disabled in Brave. To enable this, open the following URL in brave:
brave://settings/privacy
After this, enable the flag "Use Google services for push messaging":
Source:
https://github.com/firebase/firebase-js-sdk/issues/3195#issuecomment-848036637
The applicationServerKey that i was using in the pushManager.subscribe method was somehow incorrect.
It worked when i regenerated the keys in node using the following module.
const webpush = require('web-push');
const vapidKeys = webpush.generateVAPIDKeys()
In my case,I was trying to run firebase messaging on a flutter web.
My Browser was BRAVE.
It always failed with an exception of firebase fcm registration push servic error.
I followed #Nicodemuz answer, but it didn't solve the issue. I get the same error.
The only solution was setting Google chrome as my executable.
Anyhow the issue is not with firebase or flutter, it's with the brave browser itself.
I am trying to talk to mysql from my Google Hangout app and the test code works fine from an HTML page, but gets blocked when I run it in the app .XML wrapper in a hangout.
There I get this in the console (I had to replace the URLs due to me being new here) :
<<<<<>>>>>
XMLHttpRequest cannot load XXXXXX MY file URL XXXXX. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https XXXXXX GOOGLE USER CONTENT XXXXX' is therefore not allowed access. ifr?url=app%3A%2F%2F609528936436%2Fhangout&container=hangout&view=default&lang=all&country=ALL&debu…:1
GET XXXXXX MY file URL again only with https XXXXX net::ERR_CONNECTION_REFUSED ifr?url=app%3A%2F%2F609528936436%2Fhangout&container=hangout&view=default&lang=all&country=ALL&debu…:1199
XMLHttpRequest cannot load XXXXXX MY file URL XXXXX. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https XXXXXX GOOGLE USER CONTENT XXXXX' is therefore not allowed access. ifr?url=app%3A%2F%2F609528936436%2Fhangout&container=hangout&view=default&lang=all&country=ALL&debu…:1
<<<<<>>>>>
What am I doing wrong? Thank you!
ANSWER Thanks to Gerwin Sturm:
Your problem seems to be that with the Hangout App running inside of an iframe hosted on Google servers your server refuses to send content to this different domain.
Two possible solution:
1) Set the headers on your server to allow cross-origin request. In your php script you should be able to do this by calling
header("Access-Control-Allow-Origin: *");
2) Use https://hangoutiframer.appspot.com, which allows you to run the hangout app on your own server, preventing CORS problems that way.
I'm having a hard time connecting to the Google Maps API via the Heatmap demo app (https://github.com/googlemaps/android-maps-utils). I followed the instructions at https://developers.google.com/maps/documentation/android/utility/heatmap to set up my project and it runs, but the problem is the map doesn't show up on the screen and I get these errors in logcat:
I/Google Maps Android API(31950): Failed to contact Google servers. Another attempt will be made when connectivity is established.
E/Google Maps Android API(31950): Failed to load map. Error contacting Google servers. This is probably an authentication issue (but could be due to network errors).
I added the following to my Manifest (<MY_API_KEY> is the value I got from https://code.google.com/apis/console, had to upload my SHA1 key followed by a semicolon
";" and the package name "com.google.maps.android.utils.demo"):
<meta-data
android:name="com.google.android.gms.version"
android:value="#integer/google_play_services_version" />
<meta-data
android:name="com.google.android.maps.v2.API_KEY"
android:value="<MY_API_KEY>"/>
Any ideas on how to get the authentication working? (assuming that's the problem)
I am trying to write a use-anywhere (web, air, mobile) OAuth library for AS3 that is flexible enough to use with any OAuth site or near OAuth.
My sample app I am writing authenticates with Google and I want to write an app that uses google drive.
At the moment the Air and mobile apps work fine but the web flash player app keeps giving me this error:
Error #2044: Unhandled securityError:. text=Error #2048: Security sandbox violation: http://localhost:81/OAuthWebExample.swf cannot load data from https://accounts.google.com/o/oauth2/token.
(I get the same error when on a non-localhost domain on port 80)
I have looked at https://accounts.google.com/crossdomain.xml which has:
<site-control permitted-cross-domain-policies="by-content-type" />
I am not sure what that means...
I am pretty sure that it is possible to get flash to talk to these google APIs. What can I do to get this to work?
(I'm not interested in the "work round" where you use feedburner or something similar to proxy these calls thanks).
I have looked at https://accounts.google.com/crossdomain.xml
It's the master policy file and it doesn't grant permissions to the content of accounts.google.com domain (there isn't allow-access-from nodes withing it), so flash player fires securityError
I am not sure what that means...
It means:
by-content-type: [HTTP/HTTPS only] Only policy files served with
Content-Type: text/x-cross-domain-policy are allowed
So it seems it's designed for sub-domain services and child crossdomain.xml files so you can't load data directly from accounts.google.com. I found the same issue with Google OAuth for flash Google Oauth crossdomain.xml problem with Flex and they have to use old AuthSub (it uses accounts.googleapis.com with proper crossdomain.xml) to solve the auth problem and it seem nothing were changed for the past two years.
Check the Flash player security on compile, local or external.
The AIR applications can connect to external and local files, but a embedded swf can't do it
https://www.adobe.com/security/flashplayer/articles/localcontent/