I am trying to use a Web API to get some mapping data. To enable this I have to register my domain name with the supplier, they issue me with a unique key for the domain name and then check that calls from the domain use the key.
When the API is called to return mapping data, the supplier is expecting something like:
<please-send-maps-to www.mydomainname.com, key="whatevermykeyis">
however, I am using new Google Sites to build my website and the supplier is actually receiving something like:
<please-send-maps-to 1841824776-atari-embeds.googleusercontent.com, key="whatevermykeyis">
So my API calls are always rejected. My domain provider tells me this is because my transactions are going through Google security layers and so translate my calls to a different domain name.
Anyway, does anyone know how I can make the API calls with my true domain name and make the API work?
Here is the embed code I use to make the api call to return the mapping details:
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta content="width=device-width, initial-scale=1.0" name="viewport">
<meta content="authenticity_token" name="csrf-param" />
<title>Navionics Web API v2</title>
<link rel="stylesheet" href="https://webapiv2.navionics.com/dist/webapi/webapi.min.css">
<script type="text/javascript" src="https://webapiv2.navionics.com/dist/webapi/webapi.min.no-dep.js"></script>
<style type="text/css">
html, body, .test_map_div {
margin: 0;
width: 100%;
height: 100%;
}
</style>
</head>
<body data-root="https://webapiv2.navionics.com/dist/webapi/images" >
<div class="test_map_div" ></div>
<script>
var webapi = new JNC.Views.BoatingNavionicsMap({
tagId: '.test_map_div',
center: [ 12.0, 46.0 ],
navKey: 'Navionics_webapi_mynavkey'
});
webapi.showSonarControl(false);
</script>
</body>
</html>
Related
Here is a sample url that returns JSON of the instagram user's data: https://www.instagram.com/therock/?__a=1
And it returns JSON like this:
{
"logging_page_id":"profilePage_232192182",
"show_suggested_profiles":true,
"show_follow_dialog":false,
"graphql":{
"user":{
"biography":"founder",
"blocked_by_viewer":false,
"business_email":null,
"restricted_by_viewer":false,
"country_block":false,
"external_url":"https://projectrock.online/7ad",
"external_url_linkshimmed":"https://l.instagram.com/?u=https%3A%2F%2Fprojectrock.online%2F7ad&e=ATMKh6M0eOgq-_jVoR3-xJ0Q2wwVSenYemMoYM0A0nWrW9Y5P7mDXX1dkk2dDLidhEuV1Wees7Z3teLJqp7vB2k&s=1",
"edge_followed_by":{
"count":199139001
},
"followed_by_viewer":false,
"edge_follow":{
"count":406
},
"follows_viewer":false,
"full_name":"therock",
"has_ar_effects":false
I am working on an ASP.NET Core API and have an endpoint that takes in instagram handle and parses the JSON. It works fine locally, but when I hit the same endpoint on the Azure-deployed API, I get the log in page instead:
<!DOCTYPE html>
<html lang="en" class="no-js not-logged-in client-root">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<title>
Login • Instagram
</title>
<meta name="robots" content="noimageindex, noarchive">
<meta name="apple-mobile-web-app-status-bar-style" content="default">
<meta name="mobile-web-app-capable" content="yes">
<meta name="theme-color" content="#ffffff">
<meta id="viewport" name="viewport" content="width=device-width, initial-scale=1, minimum-scale=1, maximum-scale=1, viewport-fit=cover">
<link rel="manifest" href="/data/manifest.json">
I tried by using a third party browser-as-service (PhantomJsCloud) but returns the same log in page. I thought it was the CORS policy, but fixing it didn't work, and also setting the cookie returned, but to no avail. I am really lost here, I'd be really thankful if anyone can point to why this is happening. Thank you!
probably instagram don't want you to fetch it like that and has some mechanism to identify that your request is done programmatically. I assume when you call it in the browser it is working. You can try to cypress or puppeteer to still make it work or probably use the official api with tokens etc.
EDIT:
okay.. I played a little bit around and could make it somehow work, but not sure how reliable this is:
first I started with the following: https://codelike.pro/fetch-instagram-posts-from-profile-without-__a-parameter/
after having the parsed JSON object I searched for entry_data.ProfilePage[0].graphql.user.edge_owner_to_timeline_media.page_info.end_cursor --> used end_cursor for the following request:
https://www.instagram.com/graphql/query/?query_id=17888483320059182&id=928659671&first=100&after= where you need to used the end_cursor for the &after query param. query_id is for Media in the instagram account, id is the id of the instagram account (you can get the id of the instagram account from the parsedObject)
query_id is some kind of hardcoded thing from instagram, other ids can be found here: https://gist.github.com/Carlos-Henreis/2df27431fa5d7a84b7a5e57ee1bf6ae2#file-query_id-csv
Edit 2:
Realized this will only work when your ip is also not detected by instagram or you send a cookie of a logged-in session, otherwise you wont get the ProfilePage but a LoginAndSignupPage instead unfortunately
for more info, see here: https://stackoverflow.com/a/57722553/5195852
I developed a Outlook Web Add-in using Visual Studio 2017, and so far all my testing is based on hosting the Add-in from localhost, and I had no issues with that, everything worked fine. Now, I moved my Add-in to a shared folder on my Sharepoint server, so that others can test my Add-in.
Within my manifest file, I changed the line which defines the URL of my function file to point to where it is hosted:
<FunctionFile resid="FunctionFile.Url" />
I also added in a line under
<AppDomain>https://<My URL Domain></AppDomain>
The image of my add-in icon loads find, however when I click on my add-in icon from my OWA page, I get the following error:
SEC7120: [CORS] The origin 'https://' failed to allow a cross-origin document resource at 'ms-appx-web:///assets/errorpages/forbidframingedge.htm#https:///Functions/FunctionFile.html?et='.
Is there any way to allow my add-in to run? I'm currently doing my testing on the Edge Browser.
Thanks!
Update:
Here's my function file html code:
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8" />
<meta http-equiv="X-UA-Compatible" content="IE=Edge" />
<title></title>
<script src="../Scripts/jquery-3.3.1.min.js" type="text/javascript">
</script>
<script src="../Scripts/Office/MicrosoftAjax.js" type="text/javascript">
</script>
<script src="../Scripts/Office/1/office.js" type="text/javascript">
</script>
<script src="FunctionFile.js" type="text/javascript"></script>
</head>
<body>
<!-- NOTE: The body is empty on purpose. Since this is invoked via a button, there is no UI to render. -->
</body>
</html>
I have a custom HTML file set up for B2C's sign in / sign up user flow that looks like this:
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" href="css/sign_up.css">
<title>My Sign up</title>
</head>
<body>
<div id="api">
</div>
</body>
</html>
I've hosted this in my web app service and placed the url into the Custom Page URI field in the flow. Screenshot here.
However, when I hit "Run User Flow" the default Microsoft selfAsserted page is still loaded. Is there anything that would cause this to happen?
To clarify: I have hit save after entering the URI and the Custom Page column says "Yes" for Local account sign up page.
You should check again, make sure the custom page status is Yes. But in your screenshot, the status is No for the custom page.
It turned out to be a CORS issue. Adding https://<resourcegroup>.b2clogin.com to my app service's CORS whitelist resolved the problem.
I have:
Web application with configured Azure authentication (Javascript with adal.js)
Second application that is embedded into the first one as an iFrame (Javascript)
Second application must be able to call another WebAPI with Azure Authentication deployed to Azure (possibly to another domain).
Question: is it possible to get an AAD authorization token (from the first (container) app into the second one? If yes, any guides/examples would be greatly appreciated.
We can communicate two windows from local using Window.postMessage method. Below is a simple sample to simulate the process to acquire the token from parent page. You can modify it to verify the domain based on the security consideration:
ContainnerPage1.Html
<!DOCTYPE html>
<html lang="en" xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta charset="utf-8" />
<title></title>
</head>
<body>
<iframe src="InnerPage.html"></iframe>
<script>
var token = "abc";
window.addEventListener("message", receiveMessage, false);
function receiveMessage(event) {
if (event.data === "accquireToken")
event.source.postMessage(token,"*");
}
</script>
</body>
</html>
InnerPage.Html
<!DOCTYPE html>
<html lang="en" xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta charset="utf-8" />
<title></title>
</head>
<body>
<script>
window.addEventListener("message", receiveMessage, false);
function receiveMessage(event) {
alert(event.data)
}
function accquireToken() {
window.parent.postMessage("accquireToken","*");
}
</script>
<input id="Button1" type="button" value="Accquire Token" onclick="accquireToken()" />
</body>
</html>
I have a website (just for my own references, nothing interesting for the public.)
When I load my page (Test Page) inside IE9 and view the source of the page - I can see the HTML as expected.
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta charset="utf-8">
<title>Test Page</title>
</head>
<body>
<div id="body">
Simple test page, with an image. <br />
<img src="http://www.w3.org/2008/site/images/logo-w3c-mobile-lg" alt="WC3 logo" />
</div>
</body>
</html>
But when I look at the developers toolbar (by pressing f12) the HTML appears in a <framset> tag.
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Marrowbrook.com </title>
</head>
<frameset rows="100%,*" border="0">
<frame src="http://217.118.128.188/wotney//TestFiles/testpage.htm" frameborder="0" />
<frame frameborder="0" noresize />
</frameset>
<!-- pageok -->
<!-- 02 -->
<!-- ->
</html>
Using Chrome, if I right click and View Source, I see the above <frameset> code, but I can also right click and select View Frame Source where I can see the HTML as expected.
Can anyone tell me why I'm seeing this ?
Thanks.
This could happen because your host name was bought with one provider, but you are hosting it on another - and you got a frame based redirect setup.
What platform is your site hosted on? It looks like the server is doing something, because the src of the frame in the frameset points to your page. It could be some kind of 'preview mode' or something of the server/cms. So it looks like the server is using a default page with a frameset on it, that pulls your actual page into it after you deploy it
It also happens when the domain you are using to get to the site is set as "Masked" Forwarding.
Check with the domain manager on your hosting and remove masked forwarding.