Unsafe Javascript

davlar
Offline

Active Subscriptions:

None

13 years 5 months ago #29398 by davlar

Unsafe Javascript was created by davlar

Hi

Can you help me understand why I am getting these 2 errors in the JS console in Chrome? The site is Profr.org

Many thanks

Unsafe JavaScript attempt to access frame with URL http://static.ak.facebook.com/connect/xd_arbiter.php?version=18#channel=f323380944&origin=http%3A%2F%2Fprofr.org&channel_path=%2Fcomponents%2Fcom_jfbconnect%2Fassets%2Fjfbcchannel.php%3Ffb_xd_fragment%23xd_sig%3Df319ee4d68%26 from frame with URL http://profr.org/. The frame being accessed set 'document.domain' to 'facebook.com', but the frame requesting access did not. Both must set 'document.domain' to the same value to allow access.
pl.extend.events.onKeyCombinationPressInIframe
pl.extend.events.onKeyCombinationClick
pl.extend.init
(anonymous function)

Unsafe JavaScript attempt to access frame with URL https://s-static.ak.facebook.com/connect/xd_arbiter.php?version=18#channel=f3e6e0953c&origin=http%3A%2F%2Fprofr.org&channel_path=%2Fcomponents%2Fcom_jfbconnect%2Fassets%2Fjfbcchannel.php%3Ffb_xd_fragment%23xd_sig%3Df3f21ac068%26 from frame with URL http://profr.org/index.php/Tutor/Coach/teach-english-online.html. The frame requesting access has a protocol of 'http', the frame being accessed has a protocol of 'https'. Protocols must match.
pl.extend.events.onKeyCombinationPressInIframe
pl.extend.events.onKeyCombinationClick
pl.extend.init
(anonymous function)

The topic has been locked.

alzander
Offline

Support Specialist

13 years 5 months ago #29405 by alzander

Replied by alzander on topic Unsafe Javascript

That's a standard warning message you'll get when using Facebook on your site. There's a lot of restrictions on how sites can communicate with each other to prevent what's called Cross-Site Scripting (XSS) Attacks. That warning is meant to call out that such communication is happening behind the scenes of the user, which is required for Facebook functionality to work on your site. However, there's not any 'error' there or anything that should be preventing normal functionality, it's just to let the user be aware of the behavior if they want to look at the error console to see it.

Hope that helps explain, but if you have any questions or are seeing any functional issues, let us know.

Thanks,
Alex

The topic has been locked.

davlar
Offline

Active Subscriptions:

None

13 years 5 months ago #29417 by davlar

Replied by davlar on topic Unsafe Javascript

So can I just double check that applies to the second error too. It seem to be more about SSL, which I don't currently have. Do I need a certificate to use your script?

Unsafe JavaScript attempt to access frame with URL https://s-static.ak.facebook.com/connect/xd_arbiter.php?version=18#channel=f1e6d4572&origin=http%3A%2F%2Fprofr.org&channel_path=%2Fcomponents%2Fcom_jfbconnect%2Fassets%2Fjfbcchannel.php%3Ffb_xd_fragment%23xd_sig%3Dfd4cf4ae%26 from frame with URL http://profr.org/. [highlight]The frame requesting access has a protocol of 'http', the frame being accessed has a protocol of 'https'. Protocols must match.[/highlight]
pl.extend.events.onKeyCombinationPressInIframe
pl.extend.events.onKeyCombinationClick
pl.extend.init
(anonymous function)

The topic has been locked.

alzander
Offline

Support Specialist

13 years 5 months ago #29426 by alzander

Replied by alzander on topic Unsafe Javascript

Yeah, there's similar issues. If your protocols matched, you'd get a different notice talking about being on different domains. The protocol thing is just the first message displayed.

You do not need an SSL certficate for most functionality in JFBConnect. The only features that need it are Page Tab and Canvas integration, where you can show parts of your site within facebook.com. Additionally, Facebook Requests requires an SSL certificate because it relies on the Canvas integration.

Hope that helps,
Alex

The topic has been locked.

Start
Prev
1
Next
End

SourceCoast Login

Unsafe Javascript