My current understanding is that the only way to display external web pages in the WinJS app is to use iframes. This seems to be a limitation, since I am not able to embed youtube links or twitter search links.
eg. http://www.youtube.com/watch?v=diP-o_JxysA
How do I go about displaying these webpages? Are there any workarounds for this limitation other than the run your own proxy solutions.
You cannot without running your own proxy and modifying the headers, or modifying the headers directly on the host server.
Note that for other types of resources, like login pages that don't like to be iframed (e.g. Salesforce.com), you can use the WebAuthenticationBroker.
Related
I'm new to web development and i want to ask that why some website have the "/"?
for example https://www.roblox.com/home, notice the "/home" what does that called
I have tried to search on google and i can't find the answer
And some website have like "/login.php", "/index.html" it can also be html?
These are URLs (https://en.wikipedia.org/wiki/URL) and they identify the resource you are trying to reach. I would suggest reading more about how web pages works to get a better general overview of things(e.g.: https://developer.mozilla.org/en-US/docs/Learn/Getting_started_with_the_web/How_the_Web_works)
How these resources are actually interpreted depends on the server side implementation:
.php are usually processed by PHP web server
Other static files such as images (*.png , *.jpg, etc), html files, svgs, CSS, js, etc - Are usually located in the local server by the web server (httpd, tomcat, IIS, nodejs, and many many others) and the files as transmitted to the client 'as-is'
When using online tools to build websites, these complexities are usually abstracted away, and in the end URLs will just mean a resource identifier.
[domain]/[section]/[page(.html|.php)|resource(.js|.css)]
domain: the address of the website
section: a way to navigate inside the website itself
page: the user interface that might be rendered server side of client side hold the controls shown to user
resource: files that changes how the content in the pages looks and behaves like
Since iframes no longer work on my site since I secured it. What would be the best way to display external content on an https page. Is there an alternative or is there simply no way around the mixed content rule?
It is possible to display content in iframe, you just need to use https protocol when you embed your iframe.
This means of course that the source site you are embedding must support https.
Forgot to add as well, that the site you are embedding, could have some iframe/embed restrictions, like for example Facebook:
Refused to display 'https://www.facebook.com/' in a frame because it set 'X-Frame-Options' to 'DENY'.
First of all, is there another built in way to do this like webview is in phonegap, so I can load an external site into a div or div like element. I know webview exists for chrome apps, but i couldn't find anything for extensions.
Basically i want to show preview of pages on links..
To do that I am trying to load urls of links using by setting src of iframes using content script. However, for most urls, I get an error that xframe not allowed.
what are my options.
xframe is pretty full proof, however, if you aren't referring to specifically an iframe, you could always use a web-proxy such as node-unblocker for node.js, or miniProxy for PHP.
I've recently began learning AngularJs for web development and am loving it so far. However, I'm not so sure about having hashtags withing the link when routing between views. My main concern is how Google will cache the pages on the site and whether the links will work both ways, i.e. whether users can just click www.sampledomain.com/#/orders/450 and be directed straight to the order page. Is this an okay method or is there a way to route views without the hashtag?
When I remove the hashtag, the reload the page and gets 404 error. Can anyone give me a decent explanation of what is going on. Thanks
When I remove the hashtag, the reload the page and gets 404 error
That's because in your server side code you are probably not handling a request like "www.sampledomain.com/orders/450"
You can have your server-side code handle this request by either returning a redirect to the new URL ("www.sampledomain.com/#/orders/450") or just return the correct HTML directly. The "right" solution will depend on your needs.
User can just click link with a hashtag and it will be directed straight to the order page.
Google treats links with hashtags as different URL's when the content is different. It's more about SEO then angular.js, but here is an article about that: The First Link Counts Rule and the Hash Sign - Does it Change PR Sculpting?
You might want to set Angular's $locationProvider to use html5Mode.
FTA:
$location service has two configuration modes which control the format of the URL in the browser address bar: Hashbang mode (the default) and the HTML5 mode which is based on using the HTML5 History API. Applications use the same API in both modes and the $location service will work with appropriate URL segments and browser APIs to facilitate the browser URL change and history management.
html5Mode will give you "normal" urls in modern browsers while falling back to hash bangs on older browsers.
An html5Mode url:
http://foo.com/bar?baz=23#baz
a hashbang url:
http://foo.com/#!/bar?baz=23#baz
This thread was created back in 2008 Restricting IFRAME access in PHP
I am looking to do almost the exact same thing. i.e. I want to have sites which are publicly accessible as long as they are being viewed from a specific iFrame, from a specific app. The IFrame app will have user authentication giving them access to urls outside the core application. The urls are all likely to be built using Open Source PHP tools e.g. Wordpress.
Both the viewing iFrame and the viewed sites/pages will be owned by us.
Have there been any developments in last few years on ways to do this?
For various reasons not related to this particular issue, I am considering using the serverside RIA framework Vaadin (JAVA) for building the app that will contain the iFrame viewer.
The demo of the embed widget is here http://demo.vaadin.com/sampler#WebEmbed Looking at the page source I don't see anywhere that the address of the embedded webpage is displayed. So to some extent I wonder if I can hide my urls from search engines, give them very long, randomly generated URI's and maybe they will be impossible to find anyway?
You should be able to modify a framekiller to do the opposite. A framekiller is a piece of javascript to prevent clickjacking by detecting if the page has been loaded within an iframe.
Limiting the iframe to load within a specific page is more difficult. Looking at the referer is easy, but also easy to bypass. If you load the iframe from an https page the referer will be blank. A better way would be to require the server to obtain a Nonce and include this in the iframe url. Such as http://iframe_url?key=difhj8j84528423j423894hfdj897 or whatever. Having the server make a request to your server would be ideal. Doing it with client side code and jsonp to fetch the nonce is problematic because an attacker could deliver modified javascript to fetch the nonce.