We Keep Coding

Is someone also getting this error in Chrome 87.0.4280.88?

"The information you’re about to submit is not secure
Because the site is using a connection that’s not completely secure, your information will be visible to others."
We have started receiving this error today. I thought that this is a certificate problem, but it's secure
[]
Also there no warnings and errors in console page
What do you advise to do?

Same problem from today on chrome 87.0.4280.88.
Cert is ok and all assets are loaded over https.
My login forms are triggering this warning message, the form action url is relative so it's supposed to be sent over https too, don't know why this message is triggered...
Maybe try with absolute https action url.
[edit]
Check this tread -> https://support.google.com/chrome/thread/88331714?hl=en
For me it was the scheme on the location header when redirecting after successful login that was misconfigured on the reverse proxy, the app was sending back on http.
Fixed by adding these headers on reverse proxy conf on Nginx :
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port 443;
Make sur that your app is aware of these headers too.
For example in a symfony app -> https://symfony.com/doc/current/deployment/proxies.html

This problem disappeared. I think they solved this problem, and now we don't have it)

PayPal integration with OpenShift Online -- SSL IPN Issue

I built an app on OpenShift Online and now I'm trying to integrate with PayPal. I'm running into SSL cURL errors that I don't know how to address. I've looked through SO, OpenShift Online, PayPal and elsewhere but can't get this issue worked through.
Background:
PHP-based app running on OpenShift Online v2
Setup as
https://*******.rhcloud.com/test/test_IPN.php --- so I can use their
*.rhcloud.com wildcard certificate
Using PayPal "Buy Now" button with PayPal Payments Standard, testing in their sandbox
Using IPN sample code found at
https://github.com/paypal/ipn-code-samples/blob/master/paypal_ipn.php
Here is the portion of the code that seems to be at the root of my problem:
// CONFIG: Please download 'cacert.pem' from "http://curl.haxx.se/docs/caextract.html" and set the directory path
// of the certificate as shown below. Ensure the file is readable by the webserver.
// This is mandatory for some environments.
//$cert = __DIR__ . "./cacert.pem";
//curl_setopt($ch, CURLOPT_CAINFO, $cert);
Problem:
[1] using code "as is" (lines 79-80 commented out) throws curl error: "SSL connect error"
[2] using lines 79-80 uncommented out (and cacert.pem placed in same dir as php script) throws curl error: "Problem with the SSL CA cert (path? access rights?)"
It's likely I'm missing something simple here. Any help getting this to work properly on OpenShift Online is greatly appreciated. Thanks!

This line is pretty suspect:
$cert = __DIR__ . "./cacert.pem";
Basically you would end up with something like $cert equaling /home/path./cacert.pem, which I am pretty sure is not what you want, and why you are getting the ssl error, it can't find the certificate.
That could be corrected to:
$cert = __DIR__ . "/cacert.pem";
It also might be better to store the cacert.pem in your $OPENSHIFT_DATA_DIR and reference it as such:
$cert = getenv("OPENSHIFT_DATA_DIR")."cacert.pem";
And make sure that the permissions on the cacert.pem are at least 0644
chmod 0644 $OPENSHIFT_DATA_DIR/cacert.pem

Solution:
Force the use of TLS 1.2
Commenting out lines 79-80 and adding
curl_setopt($ch, CURLOPT_SSLVERSION, 6); // Force TLS 1.2
did the trick for me. Hope this helps someone else.
P.S. The need for TLS 1.2 came from this PayPal article https://www.paypal-knowledge.com/infocenter/index?page=content&widgetview=true&id=FAQ1914&viewlocale=en_US

ejabberd contribution mod_apns does not work

I have added mod_apns to my ejabberd server. You can find this module here.
my ejabberd.yml configuration is like this:
mod_apns:
address: "gateway.sandbox.push.apple.com"
port: 2195
certfile: "/Applications/ejabberd-15.10/conf/cert.pem"
keyfile: "/Applications/ejabberd-15.10/conf/key.pem"
password: "myPassword"
the address is sandbox since I am still in development phase. And I have tested my cert.pem and key.pem and they are valid and working.
I send my device token to ejabberd server like this:
<iq type="set" to="myEjabberdServer.com">
<register xmlns="https://apple.com/push">
<token>myDeviceTokenWithoutAnySpace</token>
</register>
</iq>
I can see my device token is saved in apns_users database.
But I still do not get notifications when my user is offline.
Am I doing anything wrong?
Does it work with gateway.sandbox.push.apple.com?
should my device token be without space and only characters?
I appreciate your help..

You have asked for an alternate approach. This alternate approach takes the process of triggering push notifications by the ejabberd server.
1. Use the mod_interact library. This will provide you an ability to transfer your messages to another url.
2. From there on you can use the direct HTTP call for push notifications

What can cause Chrome to give an net::ERR_FAILED on cached content against a server on localhost?

I'm building a web server and trying to test things. The server is running on localhost:888, and the first time I load the web app, everything works. But if I try to reload the page, a bunch of XmlHttpRequest requests fail with net::ERR_FAILED. By putting breakpoints in the server code, I can verify that the requests are never actually coming in.
This isn't a connection failure, as the connection succeeds the first time. The fact that it succeeds once and then fails later implies that it might be caching-related, but there's nothing in the server code that sets the cache-control header. So I tested it by putting the server up on an actual web server. The first time, everything had to take its time loading; the second time, it all loaded instantly, so this is definitely cache-related
This is a custom server running on top of http.sys (no IIS), and it appears that things are getting cached by default and then failing to load from it on subsequent runs, but only when my server is running on localhost; on the Web, it works fine. As near as I can tell, net::ERR_FAILED is a generic "something went wrong and we've got no useful information for you" message in Chrome, so I'm kind of stuck here. Does anyone know what could be causing this?

I run into similar problem. I have copied request as fetch in Network tab in devtools.
Then I have run it in browser dev console. There I could read description of the error about CORS. After setting cors on the api server, it worked.
You have to paste the fetch command into the dev console of the same origin and NOT accidentally e.g. open it from stackoverflow.

Another cause is, when you use withCredentials: true (sending cross origin cookies) for XHR calls, you are not allowed to set Access-Control-Allow-Origin: *, but have to provide a specific domain!
Sadly, you cannot use a list of domains here, because no browser supports this official standard. But several frameworks, like Spring, allow you to set a whitelist configuration, which then is matched on request.
See also:
CORS: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true
Header in the response must not be the wildcard '*' when the request's credentials mode is 'include'
https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS/Errors/CORSNotSupportingCredentials

One very important and un-loved comment in this set of answers is, "Look at your CORS headers." I had a problem much like this, and it gave me this error with some prodding. No data in my Apache logs, but I noticed that we were calling a secondary URL and getting no response for that secondary URL.
Chrome didn't initially call it a CORS issue, but lack of response caused me to dig into our Apache settings and change the allowable CORS source header.
<Directory /var/www/>
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
Header set Access-Control-Allow-Origin "https://our-site.com"
Header add Access-Control-Allow-Headers "origin, x-requested-with, content-type"
Header add Access-Control-Allow-Methods "PUT, GET, POST, DELETE, OPTIONS"
</Directory>
This answer may not apply to YOUR situation, but it applied to my net::ERR_FAILED

There is only one way to get to the bottom of these types of error
In chrome use chrome://net-export/ in a tab, then record the session in another and debug with https://netlog-viewer.appspot.com/#import which allows you to view the output in a more readable format.
We recently found an ERR_FAILED down to the socket being closed because of a proxy authentication issue on the clients network.
This can also be useful reference once you've got the error code from the above
chrome://network-errors/

One possible reason is that you write your AppCache Manifest wrong.
For example: in you /a/b/cache.html file you refer the cache.appcache Manifest file, but in cache.appcache file you announce like:
CACHE:
/cache.html
which is wrong.
you should write:
CACHE:
/a/b/cache.html
hope this can help you.

In my case installing an SSL certificate fixed the issue.

Add "proxy": "http://localhost:port_number/" at the last line in package.json and mode: 'same-origin' in the request body at the client-side. For example,
fetch('login', {
method: 'post',
mode: 'same-origin',
headers: {
'Accept': 'application/json',
'Content-Type': 'application/json'
},
body: JSON.stringify({
username: username,
password: password,
})
})

I ran into this error on my localhost (on a monday morning) when requesting one of my virtual hosts. Turned out I still had a unfinished debugging action running (unfinished business from my friday afternoon :) ) on another virtual host which blocked Apache from serving the files for the other request. This resulted in the net::ERR_FAILED error in my browser console.
Hope this might be helpful for others ending up here.

Another potential cause is the request being handled by a service worker that runs into some sort of trouble. In this case it's worth checking the service worker console in the dev tools to see if there's an error message there.

If using node, make sure your CORS headers are added before the route. IE
app.use(function(req, res, next) {
res.header("Access-Control-Allow-Origin", "*");
res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
next();
});
app.get('/route.htm', function (req, res) {
res.sendFile( __dirname + "/" + "route.htm" );
});
Instead of the other way around putting app.use after.

This happened to someone on Mac OS / Chrome but not on Safari. And seems to have emerged recently (i.e. - likely not from a code deploy... Maybe a Chrome update?). I can't reproduce it on other computers with Chrome. Restarting Chrome and the computer didn't help.
I didn't notice anything strange in Extensions and they said they hadn't installed anything new.
Posting in case there is a newly emerging issue on Chrome.

SMTP mail error

Hello i have some problem when using SMTP mail using PHP.
when i am use mail function that time always it shows
errore Like "Unable to find the socket transport "http" - did you forget to enable it when you configured PHP?"
How can i slove this problem at (Project is on Cpanle)
Kindly help me

It would help to see a code snippet.
The error message suggests that you are using fsockopen() and passing it an http URL instead of an hostname.
You may also have an http url somewhere else (in your code or a config file) that is passed to fsockopen() at some point. Make sure your smtp server hostname doesn't start with http://.