It is really unclear what to use when you want to put ads on a cross-platform web application published as is on a website and also on the stores through phonegap.
Admob, Adsense ...?
Moreover, which one has a simple html/js integration system?
For now, I am using inmobi and their js api is very simple and nice, but I have cross domain problems...
Can you help clarify ?
this is Akshay, JS Dev, InMobi. InMobi is an ad-distributor. The ads/creatives are made by the advertisers. Also, these ads are placed in an iframe so that these ads cannot access the data present in your page, thus providing security. Because some ads try to "burst" out of the iframe, chrome throws the warning. However, these warnings can be safely ignored and will not affect your website's functionality.
That being said, InMobi's javascript is not responsible for these issues, rather the advertiser and InMobi has no control over this. There are some ad networks which require a dummy page to be present on your domain. By using such ad networks, the chrome warnings disappear (because the iframe is on your server and cross domain problems do not occur). However, by doing so, the ad has complete access to your webpage, compromising security.
Related
We are adding modern authentication (OAuth/OIDC) to an application that currently uses Windows integrated authentation for single sign on. The user signs into Windows workstation and those credentials can be used by many applications with authentication happening transparently over Kerberos.
Our app is a dot net web services based application and we have a client for users with browsers and a desktop client in WinForms. The browser scenario is no issue as the identity provider stores information in the browser that can be reused across applications in a similar way to WIA (IWA), but we are unsure the best way to handle the WinForms desktop application case. Currently the WinForms application opens a browser window to authenticate using the typical browser based method. The details from the identity provider are passed through the browser back to the WinForms app using a redirect and a custom protocol based URL.
This all works fine, but the user experience is not super tight and, for the case where the user is already logged in, requires them to press a button in the browser window as current Chromium based browsers seem unwilling to do a redirect without a recent user interaction.
Is there a better way?
The standard options according to RFC8252 are as you describe:
Log in via the system browser
Use either a loopback or private scheme based URL
I have a few blog posts about this and it is a tricky flow. The posts link to code examples you can run that explore the UX a little. You may find that a loopback URL avoids the need for a button click, though personally I think private scheme based URLs are cleaner.
There are UX things you can do, such as an interstitial web page to better control what happens in the disconnected browser. I have seen companies redirect to their own website after desktop logins, to make the UX better.
In the longer term I expect this to be replaced with API Driven OAuth Flows so that you never need to leave the app. For now you may have to live with some UX linitations, but it is the right flow from a security viewpoint.
I'm using Application Insights JS SDK React Plugin to log application insights data to Azure. This data publishing could get blocked by some browser extensions such as Ad Blocker, Privacy Badger, etc. In my case analytics got blocked by Privacy Badger while experimenting.
I know it can be prevented by disabling relevant add-ons for the particular site from the browser. Just wondering is there a particular way to prevent this from implementation side without asking users to disable their add-ons.
Have you considered building a proxy to forward traffic to your own domain before then passing it off to App Insights?
https://github.com/shaneochotny/ApplicationInsights-JS-Proxy
Show how to proxy requests from the Application Insights Javascript SDK instead of sending telemetry directly to dc.services.visualstudio.com. This allows you to do things such as use your own custom domain and/or hide the Instrumentation Key.
There are step by step instructions in that link to configure this
I have a NextJS site which is statically generated at build (SSG).
There are two things I need to implement next
Google Analytics
GDPR compliant opt-in cookie options
The first one is easy enough to do, however i'm struggling with making this GDPR compliant.
The issue is I don't have access to cookies at server side when my site is statically generated. This means that without knowing whether the user has consented to cookies at the server, I can't serve (or not serve) the analytics script along with the rest of the page.
Possible solutions:
Handle everything at client side - ask for consent, then dynamically add the GA tag to the <head>. However i'm worried this will negatively effect the analytics, or break it altogether. Does anyone know?
Change my site to be server-side rendered (SSR). I'd love to avoid this if possible. I'm really happy with how fast the site is running with SSG. It's essentially just a basic blog so would be a shame to have to convert for the sake of analytics.
Any other ideas?...
If anyone has experience with this, whether they used Next or Nuxt, etc, your input would be greatly appreciated!
Thanks in advance
Use Google Tag Manager to manage everything, your GA integration and your cookie integration using something like CookieHub for example (How to set up Google Analytics through Google Tag Manager for Next-Js?)
GTM will allow you to trigger the GA script only if the user specified he accepts analytics cookies.
Eitherway you could use Vercel.com built in analytics since your website is using Next.js wich is Vercel's framework.
We've developed a google chrome extension (with angularjs), which reads gmail mails, and sends them to on-premise servers by consuming a soap services. Now some of our customers have internal security policies prohibiting them to use chrome extensions, which now forces us to develop a Gmail Add-on (Google Appscript).
My question is, is there a way to comfortably reuse our angularjs application and include/use it in an Google Appscript application.
We are aware of the fact, that Appscript application actually arent client-side applications (unlike chrome extensions), and that we probably have to rewrite large parts of our application, but we just don't want to miss any opportunity regarding reusing our angularjs code.
Also did any of you experience major limitations of Google Appscript when consuming soap services (actually this is the main functionality of our existing application)
Thank you for any advice.
GMail Add-ons won't allow for that but you might be able to leverage Google Apps Script Web Apps.
Unfortunately, there is a bigger issue you'll have to take into account. Many of the scopes associated with the GMail API are now restricted under the new User Data Policy, where your application will need to be verified and possibly have to undergo a security assessment; which could cost you anywhere from US$15K - US$75K! Read the section titled "How will the security Assessment Work?" in the OAuth Application Verification FAQ for details.
I'm in the process of making an app for my assessment at uni using cordova/phonegap and was just wondering if its possible for me to use data from a my unis ecom website for my app without having any back-end access to it, so like images/prices/descriptions...synced to my app?
yes it is certainly possible, because Cordova means working via Javascript and a HTML5 Rendering Engine. It is with some reservations entirely possible to load data from an webserver and use it in an App.
The only thing is to ask, whether it is also a smart-choice. If you want your app not to break when the data from the website gets changed (see https://en.wikipedia.org/wiki/Link_rot )
Also the server can somewhat prevent access of data from contextes outside of the webpage, especially if TSL/HTTPS connection is offered and content is only available after authentication.
Yet anyway its the magic of Javascript to be very good in doing things with web/online resources and displaying HTML5. Cordova and PHonegap is hence imo much better than the very challenging JAVA-Dalvik and IOs native programming that one would have to use else
Likely not,
Google and Apple frowns on using apps as wrappers for websites.
Quote Google Developer Program Policies - Spam and Placement in the Store
Do not post an app where the primary functionality is to:
Drive affiliate traffic to a website or
Provide a webview of a website not owned or administered by you (unless you have permission from the website owner/administrator to do so)
And
Quote Apple iTunes Guidelines - 2.12
Apps that are not very useful, unique, are simply web sites bundled as Apps, or do not provide any lasting entertainment value may be rejected