As soon as I add <script> ... </script> to a "custom html" tag in Matomo Tag Manager and hit "save", there is a network request error 403 saying "You don't have permission to access this resource. Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request."
Saving without the "script tag" works just fine e.g. I can embed the text "abc" and publish it.
I am logged in with a super admin account.
I tried to create a new tag from scratch.
This one fails when I click "save":
<script> abc </script>
This one succeeds when I click "save":
abc
Actual behavior: saving fails
Expected behavior: saving succeeds
It is very likely that you are using a Web Application Firewall (WAF) like mod_security that blocks form submissions (and therefore POST parameters) that contains HTML.
Related
I want to write a sample demo using OpenCTI API for Lightning Experience. The
URL I mentioned in the CallCenter's Adapter URL refers to a page developed using JSPs and served from a third-party domain. So, based on the documentation below, I connect to the OpenCTI API using the script-Tag.
<script src="https://c.<yourInstance>.visual.force.com/support/api/40.0/lightning/opencti_min.js" type="text/javascript"></script>
N.B. Salesforce documentation: Connect To OpenCTI
The problem is, that at page load, the browser-console logs the following exception message:
"uncaught exception: Failed to initialize Open CTI. Ensure that it is loaded from the right frame with correct URL parameters".
As subsequent problem, all OpenCTI functions return with error.
What am I doing wrong?
We are using WebSphere Portal 8.0. Currently, when a user tries to access a page they do not have permission to view (via Page Permissions), the Portal redirects them to the first page they do have access to see.
I would prefer that instead of them being redirected to an unrelated page, they instead receive some sort of Forbidden page or 403 error.
Is there a way to configure this to happen?
Portal cannot be configured to throw a 403 for these resources, but it can be configured to throw a 404 instead for pages instead of redirecting to the one that is found first for anonymous users. you can use this to instead throw a 404 http://www-01.ibm.com/support/docview.wss?uid=swg21674823
I am trying to access an Outlook email from a link (i.e. https://outlook.office365.com/owa/#viewmodel=ReadMessageItem&ItemID=xxxxxxx) from a web app I am building. Clicking on the link should open a new tab in the browser, start Outlook Web App, and open the email.
Instead, I get this error: Blocked a frame with origin "https://outlook.office365.com" from accessing a cross-origin frame
I am using an AngularJS ng-href directive to create the link with target=_blank to force opening in a new tab.
The email opens properly without error when it is opened within the same browser tab (without target=_blank)
I appreciate any suggested solutions to help me resolve this.
I have resolved the problem by altering part of the query string in the URL.
From: https://outlook.office365.com/owa/#viewmodel=ReadMessageItem&ItemID=xxxxxxx
To: https://outlook.office365.com/owa/#ItemID=xxxxxxx
Now the direct link will open in any frame, given you are authenticated, without any cross-origin errors.
Using twitter4j v3.0.3, every aspect of Twitter integration works, except that when authenticating/authorizing my, the browser is redirected to http://api.twitter.com/login which returns "Sorry, that page doesn’t exist!"
This only happens THE FIRST TIME, i.e.browser with a clear cache or an Incognito window. My server reports that it's redirecting to this URL...
http://api.twitter.com/oauth/authenticate?oauth_token=PTlVt6aisFy7UytjsRM5poFHcdGEjGtgNpxhJ8UbQ
...the browser confirms a 302 to...
https://api.twitter.com/oauth/authenticate;jsessionid=pw65se84inj9?oauth_token=PTlVt6aisFy7UytjsRM5poFHcdGEjGtgNpxhJ8UbQ
...and that request generates a 302 to the page which does not exist, i.e.
https://api.twitter.com/login?redirect_after_login=%2Foauth%2Fauthenticate%3Bjsessionid%3Dpw65se84inj9%3Foauth_token%3DPTlVt6aisFy7UytjsRM5poFHcdGEjGtgNpxhJ8UbQ
When the user navigates back from the "Sorry, that page doesn’t exist!" page and then retries, the oauth flow works perfectly.
I'm guessing this is something to do with the appended jsessionid?
This issue is on local development server, but the 404 has also been seen intermittently on GAE production.
I found the solution here: https://stackoverflow.com/a/19690688/2698327
You identified correctly the problem: GAE append a jsessionid parameter for the first request made by a user (i.e. when the session is created).
To prevent it from doing so you can edit the web.xml and append the following:
<context-param>
<param-name>org.mortbay.jetty.servlet.SessionURL</param-name>
<param-value>none</param-value>
</context-param>
To be correctly authenticated, you should send appropriate parameters via query parameters in the link such as: consumer key, consumner secret key, access token and access token secret.
If you still get the same page not found error, maybe the twitter account that associated with the authentication parameters was deleted!
This is killing me.
So I have a backbone site where when the user logs in, a GET request is made to the server and an access token is returned. Everything is working in FF, Chrome, IE10.
When I look at code inspector in IE9, the network tab does not list the get request to my API at all (not even as pending or failed). When I console log "error.status or error.statusText", it returns with:
0 Error: Access is denied.
My API has "Access-Control-Allow-Origin: *" enabled. I have also added "jQuery.support.cors = true;" to my initialize function in router.js. Now I am just out of ideas! I would really prefer not to setup a proxy.
if you are using backbone than probably you are using jQuery too, so i think you should check this post : Simple jQuery post not working on Internet Explorer 9 (access denied)