How can I fix cross-origin error from Klarna iframe - cross-domain

I have a Klarna Payments integration and in checkout when I load the Klarna iframe with
Klarna.Payments.load({
container: '#klarna-payments-pay-over-time',
payment_method_category: 'pay_over_time'
},
function (res) {
console.debug(res);
});
I get a Cross-Origin Error:
"Quellübergreifende (Cross-Origin) Anfrage blockiert: Die Gleiche-Quelle-Regel verbietet das Lesen der externen Ressource auf https://sentry.io/api/85212/envelope/?sentry_key=.. "
I tried to add in Plesk Obsidian under additional headers this:
Access-Control-Allow-Origin: * or for better security (sentry.io),
but I still get this error. How can I fix this error?

I guess you have to contact Klrana merchant support and request from them to add cross-origin permission to your domain and then maybe use a proxy mocking your domain for development

Related

Specify self signed certificate in pact provider testing

I am currently testing my pact contracts using the below provider options
let opts = {
provider: "api",
providerBaseUrl: "https://my-domain.com",
pactUrls: [
path.resolve(
process.cwd(),
"./pacts/pact-api.json"
),
],
validateSSL: false,
changeOrigin: true,
providerVersion: "1.0.0"
}
return new Verifier(opts).verifyProvider().then(output => {
console.log("Pact Verification Complete!")
console.log(output)
})
When I give the base url as https I get the below error:
Uncaught Error: write EPROTO 140574248376192:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:../deps/openssl/openssl/ssl/record/ssl3_record.c:332:
at WriteWrap.onWriteComplete [as oncomplete] (internal/stream_base_commons.js:92:16)
If I change the url to have http: it does a redirect (I get redirect status code 308).
The https url is a self signed url, and the self signed certificate is present in all our servers. I have no issues accessing the url from any browser or curl or via express.js.
But if I provide the url directly in provider options, I get the error. I went through the pact documentation and I was not able to find any additional arguments.
Any help to overcome this issue is highly appreciated.
Thanks.
Update:
The issue was running pact inside a docker container. The requests from the container were being blocked by an internal proxy. Once the proxy was bypassed, it worked.
Under the hood, pact-js uses the "pact-ruby-standalone". You can set the certificate for the pact-ruby-standalone using the environment variables SSL_CERT_FILE as documented here: https://github.com/pact-foundation/pact-ruby-standalone/releases#pact-provider-verifier
UPDATE:
The issue was due to VPN/proxy settings on the host which was intercepting the request and presenting an invalid certificate.
ORIGINAL POST:
Whilst Beth is correct in that we do use that Ruby library under the hood, Pact JS actually spins up a proxy which the Ruby standalone actually interacts with - i.e. Ruby talks to a local JS server running http, and the proxy re-issues the request to the service. So the issue is most likely in the Pact JS framework.
There could be a few things happening here:
There is an issue in the library somewhere
There is a configuration issue somewhere we need to get to the bottom of
There is something special about the TLS certificate
Could you please update the bug report at https://github.com/pact-foundation/pact-js/issues/429 ?
We're going to need logs and other information to get to the bottom of it (see https://github.com/pact-foundation/pact-js/blob/master/.github/issue_template.md for how to help us help you).

Videogular2 gives cors error for Azure DRM protected content

I am using Videogular2 for azure content playback. The contents hosted on azure without DRM works perfectly. When I implement DRM protected content having token authentication gives CORS error. The error is thrown while fetching license from license server.
Following is my code
stream = {
source: 'http://xxxxx.streaming.mediaservices.windows.net/xxxxxxx/abc512kb.ism/manifest(format=mpd-time-csf)',
licenseServers: {
'com.widevine.alpha': {
serverURL: 'https://xxxxxx.keydelivery.westindia.media.azure.net/Widevine/?KID=xxxxx-ef40-87ed-b348-xxxxxx'
}
},
token: 'Bearer xxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
}
<video #media
[vgMedia]="media"
[vgDash]="stream.source"
[vgDRMLicenseServer]="stream.licenseServers"
[vgDRMToken]="stream.token"
id="singleVideo"
preload="auto" crossorigin
>
</video>
I got following error while fetching license from license server.
Response to preflight request doesn't pass access control check: The
value of the 'Access-Control-Allow-Origin' header in the response must
not be the wildcard '*' when the request's credentials mode is
'include'. Origin 'http://localhost:4300' is therefore not allowed
access. The credentials mode of requests initiated by the
XMLHttpRequest is controlled by the withCredentials attribute.
If I run it with disable-web-security of chrome then I call works perfectly.
Did any one face such issue while playing content from Azure Media.
Mandar -- Azure Media Services (AMS) origin sets the value of the 'Access-Control-Allow-Origin' header in preflight response as the wildcard ''. This works well with most players including our Azure Media Player, Roku and JW, and others. From the error, it seems Videogular2 does not work with AMS origin URL since, with credentials mode set to “include”, XMLHttpRequest in their dashjs does NOT allow wildcard “” as the value of “'Access-Control-Allow-Origin”.
Are you running the player from a single domain? If you are, we can set the request to include your incoming origin domain instead of the wildcard. Reach out to me at dwgeo at microsoft dot com and we can enable the feature on your account. Thanks.
I'm faced the same problem. Here is the Videogular2 source https://github.com/videogular/videogular2/blob/master/src/streaming/vg-dash/vg-dash.ts#L70
It work fine on same domain, but for different domain withCredentials=true is missing. after creating player on 70th line
this.dash = dashjs.MediaPlayer().create();
Should go this
this.dash.setXHRWithCredentials(true);
I hope it might help

"There was an error connecting to https://localhost:3443/users/login."

I'm attempting the final assignment for my course but not getting anywhere due to Oauth2 authentication difficulties. I'm having a great deal of difficulty resolving this! I think it may be due to the fact I'm using a work laptop which is SOE'd and pretty locked down.
I just don't know where to look to resolve this. Any suggestions?
Steps to replicate
1. I've set my Oauth2 application up in Facebook and with Site URL setting as https://localhost:3443/users/facebook/callback
2. When I attempt ANY method (get, post, put etc) on this url, I get the below.
I've tried:
1. bypassing my company's firewall and hotspotting my phone; note that this a workaround I use to install NPM packages as my company seems to block NPM
2. my course's forum\Stack exchange. It seems that I'm the only person in the galaxy that this has affected.
3. F12 in CHrome - there are no messages in the console
4. inserting debug clues in the user route, viz;
router.get('/facebook', passport.authenticate('facebook'),
function(req, res){
console.log('routergetfacebook');//------------------------debug
});
router.get('/facebook/callback', function(req,res,next){
console.log('router.get-facebook-callback');//------------------------debug
In Chrome
This site can’t be reached
In Postman:
Could not get any response
There was an error connecting to https://localhost:3443/users/login.
Why this might have happened:
The server couldn't send a response: Ensure that the backend is working properly
Self-signed SSL certificates are being blocked: Fix this by turning off 'SSL certificate verification' in Settings > General
Client certificates are required for this server: Fix this by adding client certificates in Settings > Certificates
Proxy configured incorrectly Ensure that proxy is configured correctly in Settings > Proxy
Request timeout: Change request timeout in Settings > General

Magento2 with WorldPay Payment Gateway, Getting error "Payment failed, please try again later EXT_67: Unexpected Error"

I am using WorldPay payment method on my Magento2 store. I have tested it in the test environment and it's working as expected(Redirecting me to Worldpay site).
Now, I have changed the mode/environment to live and it's not redirecting to the Worldpay site. I am getting this error on the checkout page as:
"Payment failed, please try again later EXT_67: Unexpected Error".
I am using WorldPay Paypal method.
Please share your views here if you guys have faced this type of problem too.
Thanks in advance!

why ejabberd denies generating token?

my problem is when i trying to generate token respond is 404 not found.
request url: http://localhost:5280/oauth/authorization_token?response_type=token&client_id=Client1&redirect_uri=http://localhost:5280&scope=get_roster+sasl_auth
respond url: http://localhost:5280/?error=access_denied&state=
in ouath errors list i found that access_denied will be returned if "The resource owner or authorization server denied the request".
please help me to solve this issue...
From your feedback, it seems you did not add a handler in ejabberd_http listener, as described in documentation: https://docs.ejabberd.im/developer/ejabberd-api/oauth/#toc_3
You should make sure ejabberd_oauth is declared for that listener and mapped to the path you expect.

Resources