I have a problem regarding the security of QtWebKit, I wanna disable X-Frame-Options so I can embed sites such as facebook.com in iframes inside my app.
I know that can be made using WebCore API (isWebSecurityEnabled switch, http://trac.webkit.org/wiki/ConfigurableFeatures) but I didn't found any way of doing it with QtWebKit.
Thank you!
I had the same problem (but applied to command-line-browser phantonjs with the rendering engine QtWebKit) and the only option after analyzing the issue, is modifying the behavior of rendering of QtWebKit.
The good, the change is very small, we just change the function FrameLoader :: shouldInterruptLoadForXFrameOptions to return false in any condition (https://github.com/deerme/phantomjs/blob/master/src/qt/qtwebkit/Source/WebCore/loader/FrameLoader.cpp#L2986).
In my particular case I did a fork of the phantonjs repository with this small change in QtWebKit (https://github.com/deerme/phantomjs).
So, in your particular case, you should download the source code of QtWebEngine and make the change and finally you can use the QtWebEngine modified in your Qt application.
Related
I've been going through the documentation at https://bazelbuild.github.io/rules_nodejs/ in order to put together a small web based application. I've got babel building the JS code, and http_server serving it, and ibazel watching it, and everything is working as expected: when I make a change, ibazel notices it and restarts the http_server rule.
The next thing I wanted to look at is getting autoreload in the browser so that the browser would automatically refresh when the change was compiled. My understanding is that this requires the http server to not be killed by ibazel, but instead to stay up and trigger a refresh via the ibazel_live_reload mechanism. I believe that http_server doesn't support this, but ts_devserver is explicitly mentioned in several places. However, ts_devserver doesn't seem to be maintained anymore (although I did find a devserver EXE in the npm package, there isn't a bazel rule that I saw to use it).
Is there a third party live development server that supports the ibazel reload mechanism - or am I missing something completely obvious?
Disclosure, I'm a core maintainer on rules_nodejs
As of rules_nodejs v3.0.0, ts_devserver has been renamed to concatjs_devserver to try and better namespace it (it has little to nothing really to do with Typescript). Its docs can be found here.
Note though that the concatjs_devserver comes with some compatibility gotchas, all dependencies have to be in named AMD/UMD or goog.module format for example, and may be tricky to use unless following the rest of the google3 toolchain.
We've (as the maintainers of rules_nodejs) tried not to wrap an existing devserver and publish it as of yet for various reasons, but it's something that has come up in discussion. I'm currently investigating some options in this space.
I'm not aware of any published devservers that currently support the ibazel protocol, there is a wrap of browsersync in the Angular Components repo which you may find useful.
I'm currently working on an IPFS/Ethereum dapp in Muon.
Because i need Metamask i started with this Boilerplate: https://github.com/SwapyNetwork/electron-metamask-boilerplate
Everything is working fine so far.
However i can not use require('anything') in the renderer process or in html script tags. (See below)
There seems to be a problem with the boilerplate code but i can't find it.
Or is node code in renderer not supported in Muon?
My only change in testing is setting node-integration explicitly to true and
inserting require('fs') in index.js. (i installed fs of course).
I tried many different solutions from stackoverflow and other sites but couldn't find a solution yet.
Error Message
Thank you
As per the muon's github repo:
Some of Muons goals include:
Use the Chromium source directly (eliminating electron's copy of chrome_src) with minor patches
make integrating chrome components less painful
faster and more streamlined end-to-end build process (see browser-laptop-bootstrap).
add support for Chrome extensions
add security focused features for the renderer:
remove node completely (from the renderer process)
full sandbox
scriptable window.opener support
As you can see there, muon does not supports node code in the rendered. It is by design for security purpose. Muon may be great for certain applications, but I recommend switching on to electron if you really need to use require in the renderer.
I'm struggling while getting a webpage running on my torquebox-server. The page itself is working fine, but to integrate this into another webiste I need to enable (or at least change them to another value) the X-Frame-options for the torquebox-server. I wasn' able to find something in the documentation, and there is also no part in the config file, which seems to be the correct place to change this.
Has someone already tried this or got this running on torquebox?
I would be very grateful, if someone could help me out..
Cheers Tim
After some morge research I've found out, that this isn't solvable with torquebox, but I just need to change my application. The application is using sinatra as framework, which uses Rack:Protection as a security module. In this module the "sameorigin" option is set (thanks to grep ;) ). Sinatra offers the possibility to exclude options from modules, in this case it was set :protection, :except => :frame_options
(found here)
So, maybe this is helpful for someone, who's having the same problem
I am trying to play with some of the designer tools for Orchard 1.8 to understand how some of the overall architecture works, but when I enable the Shape Tracing module I get a ton of these: Uncaught ReferenceError: shapeTracingMetadataHost is not defined.
The HTML seems to be generated for some of it so I can poke through there in trying to figure out layout processes, but any suggestions on what might cause this? It does seem to work with The Theme Machine which uses jQuery 1.9.1, however we're using the latest jQuery (via <script src="//code.jquery.com/jquery-latest.js"></script> so is that potentially the source of this?
Do not bring the latest jQuery. Always use Script.Require("jQuery"). jQuery is a shared resource. Let the platform decide which version to use. Not doing so means that you'll get multiple versions of the same script included, and any breaking change in jQuery (and those are common) will break random things.
I have been using animation effects from scriptaculous.js in my GWT project. Recently I have added GWTBootstrap library into my project. After that the effects from scriptaculous.js has stopped working. If I disable the following line
"inherits name="com.github.gwtbootstrap.Bootstrap" in my *gwt.xml then it works again. I dont know whether I can use both scriptaculous.js and Bootstrap in same project. Please can someone who used both help me.
Regards
Nava
GWT-Bootstrap uses embedded copies of bootstrap.css and bootstrap.js by default.
If you need to use your own copies or include other resources, you'll need to create a custom Configurator and a custom Resources.
For more info with samples click HERE.