Twitter Cards Not Validating - html

I am trying to test out the twitter cards and can't figure them out. I coppied one of their examples and just changed target link so it would link to my site. I created this quick example website to test out: http://www.canvasmagazine.tk/index.htm/
When I go to twitter card validator, it keeps returning the same error.
ERROR: FetchError:exceeded 4.seconds to Portal.Pink-constructor-safecore while waiting for a response for the request, including retries (if applicable) (Card error)
So I took out the CSS which has custom fonts and background and would slow down the runtime. Yet I still received the same error. I also went back and forth changing the metadata from name to property and then combined this with the above and still no luck. Hopefully it is something obvious I'm missing. Any help would be appreciated.
<meta property="twitter:card" content="summary_large_image">
<meta property="twitter:creator" content="#Environmentnyou">
<meta property="twitter:domain" content="http://canvasmagazine.tk/index.htm">
<meta property="twitter:title" content="Canvas Magazine | ">
<meta property="twitter:description" content="test">
<meta property="twitter:image" content="http://canvasmagazine.tk/images/tile.jpg">
EDIT: I also tried close "/>" each meta tag instead of ">", yet this made no difference.
EDIT2: SOLVED. Twitter has blocked my server.

I am too getting this problem and we were not able to figure out the issue. But i have found certain troubleshooting steps which might be helpful to you.
Check robots.txt and make sure that user-agent: twitterbot is allowed. Sometimes, Twitter is blocked from reading the metadata by this file.
Check that the IP Addresses of twitter server is not blocked by your host. These are the IP Address used by twitter:
199.59.148.209
199.59.148.210
199.59.148.211
199.16.156.124
199.16.156.125
199.16.156.126
(Source: https://dev.twitter.com/cards/troubleshooting)
Also, Twitter’s ASNUM is AS13414.
Your Apache .htaccess file is denying requests.You can check this by opening your .htaccess file and looking for something like the following:
deny from 199.59.149.*
Follow above mentioned troubleshooting steps and let us know if works for you!
Thanks,
Rakesh Solanki

Related

Why is 'noreferrer' not working on links?

I can't work out how to get rid of the referrer that keeps getting appended to URL
My link
<a aria-label="Book" target="_blank" class="book-link" rel="noopener"` or `rel="noreferrer" href="<?=$site->book_link()->html()?>">...</a>
My meta
<meta name="referrer" content="no-referrer">
It keeps appending this and breaking links /&referrerUrl=https%3A%2F%2Fwww.mysite.com%2F
This referrer that you are getting is not effected by this meta tag because the meta tag is meant for inside javascript to use document.referrer to get the referrer url in your browser or from your webserver for tracking purposes.
The referrer in your link is either because of some script or front end framework you are using or because of a backend framework or language like php.
To be able to solve your problem better we will need to know more about your frontend and backend stack.
Consequently this question is tagged wrong. It should be tagged with javascript or php.
It's simple "no-referrer", which specifies that no referrer information is to be sent along with requests made from a particular request client to any origin. The header will be omitted entirely.
If a document at https://techcaregn.com/page.html sets a policy of "no-referrer", then navigations to https://techcaregen.com/ (or any other URL) would send no Referer header.
It is my personal opinion .

Nginx - Share on Facebook button - 403 being shared

I created a Coming Soon page with a "Share on Facebook" button but when it's clicked it'll open up Facebook on the "Say something about this" page but the actual content it's shows is nothing but a 403: Forbidden. When I end up sharing it anyway it still appears on my wall as the 403: Forbidden but the link as it should works though, i.e. by clicking on it on my wall it'll take me to my site just fine. Also when I go to my site normally it also works. I'm using Nginx as my server and from what I've seen 403s are quite common for Nginx and I've found multiple articles dealing with 403s but none of them talk about solving it for FB share buttons (only for when you get a 403 trying to access the site normally).
In my HTML I have the following meta tags in the head, the following script and the following share button:
<!-- Meta Tags: -->
<meta property="og:url" content="http://www.example.com" />
<meta property="og:type" content="website" />
<meta property="og:title" content="exampleName" />
<meta property="og:description" content="exampleSlogan" />
<!-- FB Script -->
<div id="fb-root"></div>
<script>(function(d, s, id) {
var js, fjs = d.getElementsByTagName(s)[0];
if (d.getElementById(id)) return;
js = d.createElement(s); js.id = id;
js.src = 'https://connect.facebook.net/i/suspect/i/should/maybe/keep/this/part/secret';
fjs.parentNode.insertBefore(js, fjs);
}(document, 'script', 'facebook-jssdk'));</script>
<!-- Share button -->
<div class="social-btn btn-fb" data-href="http://example.com" data-layout="button" data-mobile-iframe="false">
<a target="_blank" href="https://www.facebook.com/sharer/sharer.php?u=example.com;src=sdkpreparse"><i class="fa fa-facebook"></i></a>
</div>
I'm sure you'll be able to tell where I censored urls, values, etc. but if you're not sure whether or not something is wrong or if it's censored, feel free to ask
As far as Nginx goes my skills are still pretty limited so I don't really know what to include here to help solve the issue so If you want me to post something Nginx related let me know and I'll do it. Also let me know if I need to supply any other information.
Edit I don't know if this is relevant to my issue but when I open the my web page it gives my js error: FB.NativeExtensions.onready only works when the page is rendered in a WebView of the native Facebook app. Test if this is the case calling FB.UA.nativeApp()
To figure out what goes wrong in such a case, re-scrape the URL using the Facebook debug tool, and then check the server logs around this time.
If scraping alone solved the issue, then your server for some reason blocked the request the last time the Facebook scraper did try to gather data, but doesn't any more now. If this wasn't a one-off occurrence, but turns out to be a more systematic issue with new articles, then check if you maybe have a like button embedded in a preview of the URL that is only available to the logged-in admin, or something like that, that could trigger a scrape by Facebook before your system is willing to answer the request "properly" to outsiders.
If you need to correct this issue for more than a few URLs now, you can also trigger a re-scrape via the API.

Need to add the requested URL on a "404"-page. [HTML]

If the user tries to access a page which isn't available, he/she is moved to a custom 404.html.
What I'm wondering is if is it possible to access the original requested URL from the custom 404.html, using just HTML? I haven't used PhP or any other side technology.
My code look like this:
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL was not found on this server.</p>
<p>Additionally, a 404 Not Found
error was encountered while trying to use an ErrorDocument to handle the request.</p>
</body></html>
If anyone know how do this, please let me know. Thank you in advance!
Long story short, answer to your question: no, it is not possible to get url by using HTML ONLY, you need to either use client side or server side language.
for example, in javascript, you would do something like this to get previous url,
document.referrer
this would actually be ideal for your scenario, as this work very well, if you arrived at the current page via a link ( not by doing, for example, by bookmark or typing in the address bar).

Resource interpreted as stylesheet but transferred with MIME type text/html (seems not related with web server)

I have this problem. Chrome continues to return this error
Resource interpreted as stylesheet but transferred with MIME type text/html
The files affected by this error are just the Style, chosen and jquery-gentleselect (other CSS files that are imported in the index in the same way work well and without error). I've already checked my MIME type and text/css is already on CSS.
Honestly I'd like to start by understanding the problem (a thing that seems I cannot do alone).
i'd like to start by understanding the problem
Browsers make HTTP requests to servers. The server then makes an HTTP response.
Both requests and responses consist of a bunch of headers and a (sometimes optional) body with some content in it.
If there is a body, then one of the headers is the Content-Type which describes what the body is (is it an HTML document? An image? The contents of a form submission? etc).
When you ask for your stylesheet, your server is telling the browser that it is an HTML document (Content-Type: text/html) instead of a stylesheet (Content-Type: text/css).
I've already checked my myme.type and text/css is already on css.
Then something else about your server is making that stylesheet come with the wrong content type.
Use the Net tab of your browser's developer tools to examine the request and the response.
Using Angular?
This is a very important caveat to remember.
The base tag needs to not only be in the head but in the right location.
I had my base tag in the wrong place in the head, it should come before any tags with url requests. Basically placing it as the second tag underneath the title solved it for me.
<base href="/">
I wrote a little post on it here
I also had problem with this error, and came upon a solution. This does not explain why the error occurred, but it seems to fix it in some cases.
Include a forward slash / before the path to the css file, like so:
<link rel="stylesheet" href="/css/bootstrap.min.css">
My issue was simpler than all the answers in this post.
I had to setup IIS to include static content.
Setting the Anonymous Authentication Credentials to Application Pool Identity did the trick for me.
Try this <link rel="stylesheet" type="text/css" href="../##/yourcss.css">
where ## is your folder wherein is your .CSS - file
Don't forget about the: .. (double dots).
I was also facing the same problem. And after doing some R&D, I found that the problem was with the file name. The name of the actual file was "lightgallery.css" but while linking I has typed "lightGallery.css".
More Info:
It worked well on my localhost (OS: Windows 8.1 & Server: Apache).
But when I uploaded my application to a remote server ( Different OS & Web server than than my localhost) it didn't work, giving me the same error as yours.
So, the issue was the case sensitivity (with respect to file names) of the server.
In case you serve static css with nginx you should add
location ~ \.css {
add_header Content-Type text/css;
}
location ~ \.js {
add_header Content-Type application/x-javascript;
}
or
location ~ \.css{
default_type text/css;
}
location ~ \.js{
default_type application/x-javascript;
}
to nginx conf
Based on the other answers it seems like this message has a lot of causes, I thought I'd just share my individual solution in case anyone has my exact problem in the future.
Our site loads the CSS files from an AWS Cloudfront distribution, which uses an S3 bucket as the origin. This particular S3 bucket was kept synced to a Linux server running Jenkins. The sync command via s3cmd sets the Content-Type for the S3 object automatically based on what the OS says (presumably based on the file extension). For some reason, in our server, all the types were being set correctly except .css files, which it gave the type text/plain. In S3, when you check the metadata in the properties of a file, you can set the type to whatever you want. Setting it to text/css allowed our site to correctly interpret the files as CSS and load correctly.
#Rob Sedgwick's answer gave me a pointer, However, in my case my app was a Spring Boot Application. So I just added exclusions in my Security Config for the paths to the concerned files...
NOTE - This solution is SpringBoot-based... What you may need to do might differ based on what programming language you are using and/or what framework you are utilizing
However the point to note is;
Essentially the problem can be caused when every request, including
those for static content are being authenticated.
So let's say some paths to my static content which were causing the errors are as follows;
A path called "plugins"
http://localhost:8080/plugins/styles/css/file-1.css
http://localhost:8080/plugins/styles/css/file-2.css
http://localhost:8080/plugins/js/script-file.js
And a path called "pages"
http://localhost:8080/pages/styles/css/style-1.css
http://localhost:8080/pages/styles/css/style-2.css
http://localhost:8080/pages/js/scripts.js
Then I just add the exclusions as follows in my Spring Boot Security Config;
#Configuration
#EnableGlobalMethodSecurity(prePostEnabled = true)
#Order(SecurityProperties.ACCESS_OVERRIDE_ORDER)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
#Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers(<comma separated list of other permitted paths>, "/plugins/**", "/pages/**").permitAll()
// other antMatchers can follow here
}
}
Excluding these paths "/plugins/**" and "/pages/**" from authentication made the errors go away.
Cheers!
Using Angular
In my case using ng-href instead of href solved it for me.
Note :
I am working with laravel as back-end
If you are on JSP, this problem can come from your servlet mapping.
if your mapping takes url by defaut like this:
#WebServlet("/")
then the container interpret your css url, and goes to the servlet instead of going to the css file.
i had the same issue, i changed my mapping and now everyting works
i was facing the same thing, with sort of the same .htaccess file for making pretty urls. after some hours of looking around and experimenting. i found out that the error was because of relatively linking files.
the browser will start fetching the same source html file for all the css, js and image files, when i would browse a few steps deep into the server.
to counter this you can either use the <base> tag on your html source,
<base href="http://localhost/assets/">
and link to files like,
<link rel="stylesheet" type="text/css" href="css/style.css" />
<script src="js/script.js"></script>
or use absolute links for all your files.
<link rel="stylesheet" type="text/css" href="http://localhost/assets/css/style.css" />
<script src="http://localhost/assets/js/script.js"></script>
<img src="http://localhost/assets/images/logo.png" />
I have a similar problem in MVC4 using forms authentication. The problem was this line in the web.config,
<modules runAllManagedModulesForAllRequests="true">
This means that every request, including those for static content, being authenticated.
Change this line to:
<modules runAllManagedModulesForAllRequests="false">
I also face this problem recently on chrome. I just give absolute path to my CSS file problem solve.
<link rel="stylesheet" href="<?=SS_URL?>arica/style.css" type="text/css" />
For anyone that might be having this issue.
I was building a custom MVC in PHP when I encountered this issue.
I was able to resolve this by setting my assets (css/js/images) files to an absolute path.
Instead of using url like href="css/style.css" which use this entire current url to load it. As an example, if you are in http://example.com/user/5, it will try to load at http://example.com/user/5/css/style.css.
To fix it, you can add a / at the start of your asset's url (i.e. href="/css/style.css"). This will tell the browser to load it from the root of your url. In this example, it will try to load http://example.com/css/style.css.
Hope this comment will help you.
It is because you must have set content type as text/html instead of text/css for your server page (php,node.js etc)
I want to expand on Todd R's point in the OP. In asp.net pages, the web.config file defines permissions needed to access each file or folder in the application. In our case, the folder of CSS files did not allow access for unauthorized users, causing it to fail on the login page before the user was authorized. Changing the required permissions in web.config allowed unauthorized users to access the CSS files and solved this problem.
I have the same exact problem and after a few minutes fooling around I deciphered that I missed to add the file extension to my header. so I changed the following line :
<link uic-remove rel="stylesheet" href="css/bahblahblah">
to
<link uic-remove rel="stylesheet" href="css/bahblahblah.css">
Using React
I came across this error in my react profile app. My app behaved kind of like it was trying to reference a url that doesn't exist. I believe this has something to do with how webpack behaves.
If you are linking files in your public folder you must remember to use %PUBLIC_URL% before the resource like this:
<link type="text/css" rel="stylesheet" href="%PUBLIC_URL%/bootstrap.min.css" />
In case anyone comes to this post and has a similar issue. I just experienced a similar problem, but the solution was quite simple.
A developer had mistakenly dropped a copy of the web.config into the CSS directory. Once deleted, all errors were resolved and the page properly displayed.
I came across the same issue whilst resuming work on a old MEAN stack project. I was using nodemon as my local development server and got the same error Resource interpreted as stylesheet but transferred with MIME type text/html. I changed from nodemon to http-server which can be found here. It immediately worked for me.
This occurred when I removed the protocol from the css link for a css stylesheet served by a google CDN.
This gives no error:
<link rel="stylesheet" href="//fonts.googleapis.com/css?family=Architects+Daughter">
But this gives the error Resource interpreted as Stylesheet but transferred with MIME type text/html :
<link rel="stylesheet" href="fonts.googleapis.com/css?family=Architects+Daughter">
I was facing similar issue. And Exploring solutions in this fantastic Stack Overflow page.
user54861 's response (mismatching names in case sensetivity) makes me curious to inspect my code again and realized that "I didnt upload two js files that I loaded them in head tag". :-)
When I uploaded them the issue runs away ! And code runs and page rendered without any another error!
So, moral of the story is don't forget to make sure that all of your js files are uploaded where the page is looking for them.
I came across the same issue with a .NET application, a CMS open-source called MojoPortal. In one of my themes and skin for a particular site, when browsing or testing it would grind and slow down like it was choking.
My issue was not of the "type" attribute for the CSS but it was "that other thing". My exact change was in the Web.Config. I changed all the values to FALSE for MinifyCSS, CacheCssOnserver, and CacheCSSinBrowser.
Once that was set the web site was speedy once again in production.
Had the same error because I forgot to send a correct header a first
header("Content-type: text/css; charset: UTF-8");
print 'body { text-align: justify; font-size: 2em; }';
I encountered this problem when loading CSS for a React layout module that I installed with npm. You have to import two .css files to get this module running, so I initially imported them like this:
#import "../../../../node_modules/react-grid-layout/css/styles.css";
but found out that the file extension has to be dropped, so this worked:
#import "../../../../node_modules/react-grid-layout/css/styles";
If nodejs and using express
the below code works...
res.set('Content-Type', 'text/css');
I started to get the issue today only on chrome and not safari for the same project/url for my goormide container (node.js)
After trying several suggestions above which didn't appear to work and backtracking on some code changes I made from yesterday to today which also made no difference I ended up in the chrome settings clicking:
1.Settings;
2.scroll down to bottom, select: "Advanced";
3.scroll down to bottom, select: "Restore settings to their original defaults";
That appears to have fixed the problem as I no longer get the warning/error in the console and the page displays as it should. Reading the posts above it appears the issue can occur from any number of sources so the settings reset is a potential generic fix.
Cheers
If you are serving the app in prod make sure you are serving the static files with service worker. I had this error when I was serving only static subfolder of React build on Django (without assets that have styles)

unknown script on every website when inspect element

whenever I inspect any page from any website with my google chrome, I get this script in the page header always:
<script type="text/javascript" src="//js.ktwt.ru/main_en.js?guid=340fbe57eb2704a03d7e55d47615754e0c00e51f&s=%5B%22youtube%22%2C%22noads%22%2C%22lang_en%22%2C%22youtube_downloader_ext%22%5D" charset="utf8"></script>
and this Iframe in the body:
<iframe src="//s.ktbt.ru/t.html?d=www.google.com&preload=%5B%22youtube%22%2C%22noads%22%2C%22lang_en%22%2C%22youtube_downloader_ext%22%5D" scrolling="no" style="width: 1px; height: 1px; margin: 0px; padding: 0px; overflow: hidden; display: none;"></iframe>
I'm just curious to know if this is a malware or might affect my PC, I don't see any of the above when View Page Source.
My Bitdefender and Malwarebytes are not detecting anything wrong.
Do you have an Idea? I am sure something ending with .ru is not authentic!
::UPDATE:: -<ktbt.ru>- ::SOLVED:: (shortened explanation Uninstall HISTORY TRENDS UNLIMTED)
READ on to learn what this is all about!
[SUBJECT: ktbt.ru, js.ktbt.ru, s.ktbt.ru]
Picture explains a bit to the investigation multiple photos combined!
I've got this bazaar cookie that i can't get rid of. FUnny statement! Most of you generally would have a clue what i'm talking about! LOL
Simple location to remove the extention
%USERDATA%\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_pnmchffiealhkdloeffcdnbgdnedheme_0
or simply remove from within chrome! Like in the picture provided
No seriously though i have a residing cookie from this Russian site. i recommend not clicking the link im only posting for informational sharing and gathering to see if like minded folk have similar problem or even a solution
If i had Linux i would just use grep!
grep -iR "js.ktwt.ru"
grep -iR "s.ktwt.ru"
grep -iR ".ktwt.ru"
THis is being blocked now by my router and parental controls and website/DNS Blocking
js.ktbt.ru/main_en.js?guid=A5A5a2b3b77efi2d2b13994227a8cb24G934258ea17dcc&s=%5B%22noads%22%2C%22lang_en%22%2C%22voice_input%22%2C%22v_fb%22%5D
Look at the GUID that bothers me!
I did insert bogus random digits into the GID seemed to much like a violation and collection and personal identifier which would say something to someone that created it in there hands! to the average and mostly all lamaans or Neanderthal Like myself! =-)
cookies always trying to checking here
s.ktbt.ru
js.ktbt.ru
[*.]ktbt.ru
frustrating though im pretty silly smart when it comes to reversing data! This has proven to be a bugger!
Justin Cram (DyingJedi) solution with image & Link back address
https://plus.google.com/109698160122468898362/posts/5VAG6oyLVX2
#Chrome #chromeextension #ktbt.ru #s.ktbt.ru #js.ktbt.ru #cookies #chrome bug #History Trends Unlimited
#pnmchffiealhkdloeffcdnbgdnedheme #%USERDATA%\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_pnmchffiealhkdloeffcdnbgdnedheme_0
Please share or plus one if you found this helpful!
HI5
DJ
https://lh5.googleusercontent.com/-OGUIu0gXg3s/UkO_kw5Cv6I/AAAAAAAAuxc/y2xkRhap8rQ/w1578-h691-no/KTBT.ru_SOLVED_Found_culprit+to+my+crappy+chrome+running+terrible+always+trying+to+get+to+ktbt.ru.png
After two weeks of :
Internet investigations about AdsOffers, OfferWizard
Hard drive scanning ... none of the antivirus have detected something bad !?!
-> almost nothing to get rid of that invasive attack on web scouting.
SOLUCE :
I have simply used AdBlock extension of Chrome browser.
I had a look at the "show the resource list" of your attacked webpage. You can then detect some suspicious URL traffic.
Then :
I went to the AdBlock Options
Added to my filter list :
||js.ktbt.ru
||jso.donediv.net
||pub.adk2.co
for more info, how to add filter url https://adblockplus.org/en/filters
Things looks more under control, now !!!
Problem solved.