I am pretty new to ngrok and web dev but I am trying to host a apache2 server on my raspi4 and i wanted to make it public to the outside using Ngrok but whenever anyone goes on the link they are prompted with the browser warning page --browser warning. I want to remove it by setting ngrok-skip-browser-warning =1 into the request header, yet I don't now where I find that on my apache2 server. How to I edit the request header?
Related
HTTPS conflicts with HTTP
I make my first full-stack project on React and NODEjs and deployed it on netlify.
My backend server runs on HTTP localhost.
And here is a problem:
My app works on my Mac in Chrome but doesn't work properly on other browsers and computers.
Other computers can download index.js (display sign-up and sign-in pages) and it seems there is no problem with CORS but authentication doesn't work.
Safari logs mistakes:
[blocked] The page at https://MYAPP.netlify.appwas not allowed to display insecure content from http://localhost:3500/register.
Not allowed to request resource
XMLHttpRequest cannot load http://localhost:3500/register due to access control checks.
I don't understand why the app works on my MAC but
doesn't on other computers and can't find an answer on how to solve this HTTPS - HTTP conflict
I have tried to find a problem in CORS but it looks like CORS is ok. Also, I tried rewriting the server with HTPPS but it didn't work.
I've never worked with Netlify, so I could be wrong, but I suspect your problem isn't directly related to Netlify.
The Safari error message indicates that your frontend is trying to talk directly to localhost. localhost is an alias for "the computer that is making the connection attempt" under normal circumstances. This means that when someone runs your frontend, the browser tries to talk to the backend running on the same computer that the browser is running on.
This works on your computer in Chrome because you probably have the backend running on your computer for testing. Safari is only complaining that the frontend was loaded via HTTPS but is trying to talk to non-HTTPS servers. It is not stating that it can't talk to the backend, it's stating that it won't even try.
If I'm right and you shut down the back end on your computer, it will start to fail on your computer as well, even on Chrome.
If this is the problem, the solution can be one of two things: You can either run the backend somewhere where it has a domain name/ip address that everyone can connect to, or you need to run a proxy for your backend somewhere where it also meets those conditions, and has a way to pass the request on to where your full backend does run.
You need to find a way to run your backend somewhere other than your own computer or have something somewhere else proxy requests to your computer which then gets relayed to the localhost address. How you go about that will depend on things you didn't specify in the original question.
bhaskarhindi.com id an angualr8 front end and Nginx server hosted in AWS instance using nodejs Redis API call to fetch data.
But after deploying and using hash the first time in the browser it is not opening showing 404 error.
But after a hard refresh or multiple time click it's opeing.
Any solution i have tried index.html aot and hashed build but not working.
404 is shown by the server itself, when it tries to find the route you have passed in the URL (as the server doesn't have access to that route, but Angular has).
You need to make sure that the server redirects all the 404 requests to the index.html of the Angular application. Only then Angular can pick up and show the pages accordingly.
Read through this: https://angular.io/guide/deployment#server-configuration for more information.
Created a simple PWA, made the manifest file and service worker and it works great in Chrome on my iMac. Looking at the console, I can see that the service worker is registered and running and it recognizes the manifest file. Simulate network loss and it still runs just fine like it's supposed to. All good, right?
When I serve it from an HTTPS it opens in the browser on the phone just fine and adds to the home screen just as it should but when I try to run it from the icon on the home screen, all I get is a blank white screen.
If I delete the icon and then serve it from an HTTP connection and save it to the home screen, it does everything just as it should, runs from the icon you place on the home screen (when done from http) but of course won't run offline.
What am I doing wrong? Not even sure where to start looking!
the problem could be the CROS access origin for HTTPS requests between your PWA and your API server . had the same issue with my PWA. it worked fine in chrome or desktop and run fine the first time I was opening it in mobile chrome but when the services worker get registered it return CROS access origin.
to debug this problem I recommend using chrome inspect on your mobile device.
you can find the guide here
check
Access-Control-Allow-Origin
between API and PWA servers.
you must allow your PWA URL to access to API server . you can either use the PWA URL or * to access all URLs.
check
Access-Control-Allow-Headers
in your API server.
if you are sending authentication or cache-control header with your requests you must add them to Access-Control-Allow-Headers.
and your PWA and API URL must have a valid SSL certificate.
also, check start_url in manifest.json
you have to set the full URL including protocol in start_url, index.html is not necessary.
I am injecting some script tags in a website, with source such as http:localhost:3000/css/my-page-css.css . While its working on almost all sites, there's this particular website that is somehow sending all my http requests as https. How do I handle such a case?
I have configured an https server also on my nodejs app which listens to port 8443 and http listens to 3000. But, when I inject my script tags, they have src URLS which point to port 3000. So even if I have an https configured on my nodejs app, it won't work since it would be listening to a different port.
You are using HTTP Strict Transport Security (HSTS)
Using the securityheader.com website on your URL, or Chrome Developer tools we see the following HTTP Header is sent back by your site:
Strict-Transport-Security max-age=7889238
This HTTP Header will be configured in your webserver and is a way of your webserver telling the browser "For the next 7889238 seconds only use HTTPS on this domain. If someone tries to use HTTP (either by typing or by clicking on a link) then automatically switch HTTP to HTTPS before you send it on to the server."
This is a security feature as currently the default (if a scheme is not explicitly given) is HTTP. This allows website owners to switch the default and, even strong that that, prevents it being able to be switched back.
HSTS is set at a domain level and it is not possible to have it on for one port (e.g. 443) but not for another (e.g. 3000) - it's either on for that domain or off.
If you really want to use HTTP then you need to remove this header and remove the remembered value of this header from your browser. While chrome allows you to do this by typing chrome://net-internals/#hsts in the URL and using the delete option, the easiest way to do this is to change the max age from 7889238 to 0, and then load the website again. And then remove the header completely.
This can be especially annoying for sites like localhost where you proxy requests and inadvertently set it for that dummy host name. You should see if your node proxy server allows you to strip off that HTTP header. Some might say it would be better if browser makers ignored HSTS for localhost, however I think it would be better if developers just stopped fighting HTTPS and used that even for development environments using a self-signed certificate that is added to your local trust store. This was you can avoid problems like mixed content, and also use features that are HTTPS only (including Brotli, HTTP/2, Geo Location...etc.) while developing (though some browsers like Chrome still allow these on http://localhost).
Alternatively set up a local DNS alias for each of your dev sites and use that with or without HTTPS as appropriate for the site in question.
I am implementing instamojo payment method into my website. Can I use a localhost URL as Webhook URL in order to test the process?
I'm from Instamojo.
You can't use a local URL. This is because a webhook request is a POST request that is made from our server. Therefore, the only URLs that we can make these requests to would be URLs that are publicly available.
For testing purposes, I would recommend using RequestBin. You can create a new bin and paste the URL for that bin in the webhook URL field of your Instamojo link. This will give you a link that is accessible by our server and you can inspect the POST requests to this link by appending ?inspect at the end of the URL.
It is possible to forward Instamojo's webhooks to your local machine using tools like localtunnel.
npm is required to install localtunnel. [How to install node and npm]
Install
localtunnel
Suppose you are running your local server at port 8000, in a new terminal window, execute this:
lt --port 8000
It will show you output like:
your url is: https://whawgpctcs.localtunnel.me
This is a temporary webhook URL that will forward every HTTPS request sent to https://whawgpctcs.localtunnel.me to your local server running on port 8000.
Paste this temporary url into Instamojo's webhook field and continue testing.
Remember to remove the temporary webhook URL from Instamojo once you are done testing
The temporary webhook URL is valid as long as the lt --port 8000 command (and your Internet connection) is active.
I doubt if you can use local host URL
but instead you can create new links, as below
https://www.instamojo.com/api/1.1/links/
We can't use localhost or as Webhook URL.If it is used the following error will show "Domain name should not be "localhost" or "127.0.0.1" ". So it must be a live URL.
You cannot use the localhost URL as a webhook URL in order to test the process. But you can simply bypass it, open hosts file from C:\Windows\System32\Drivers\etc\hosts
At the end of the line write
127.0.0.1 yourname.com
And access localhost using yourname.com.
Just change localhost/your-location url with yourname.com/your-location in the PHP file.