SecurityError: The operation is insecure.
-
SecurityError: The operation is insecure.
https://what.thedailywtf.com/assets/nodebb.min.js?v=49191cul3vs
Line 1Also
TypeError: can't convert undefined to object
https://what.thedailywtf.com/assets/src/modules/composer/uploads.js?v=49191cul3vs
Line 1
-
Are you still using FF 22?
When do those errors occur? When the page is loaded (every time)? When doing something in particular?
-
@anotherusername said in SecurityError: The operation is insecure.:
Are you still using FF 22?
Check the request log. I dare you.
When do those errors occur? When the page is loaded (every time)? When doing something in particular?
Every page load, and it kills all navigation.
-
Sounds like history API error, given that it kills navigation. That's what you get when you try to push an entry into history that's on a different domain than the site you're on.
-
@lorne-kates said in SecurityError: The operation is insecure.:
Check the request log. I dare you.
-
@onyx said in SecurityError: The operation is insecure.:
Sounds like history API error, given that it kills navigation. That's what you get when you try to push an entry into history that's on a different domain than the site you're on.
Good to know that NodeBB is as assbackwardly broken as when I left it.
-
I've got it loaded up in Firefox/22.0 (portable) and I'm not seeing any errors. :/
eta: I'm not a mod/admin/anything special. I can't check any logs.
-
@anotherusername said in SecurityError: The operation is insecure.:
I've got it loaded up in Firefox/22.0 (portable) and I'm not seeing any errors. :/
22? :eyeroll:
Try FF28, you fucking luddite.
-
@lorne-kates said in SecurityError: The operation is insecure.:
SecurityError: The operation is insecure.
https://what.thedailywtf.com/assets/nodebb.min.js?v=49191cul3vs
Line 1Thanks, that's very specific.
-
@ben_lubar said in SecurityError: The operation is insecure.:
@lorne-kates said in SecurityError: The operation is insecure.:
SecurityError: The operation is insecure.
https://what.thedailywtf.com/assets/nodebb.min.js?v=49191cul3vs
Line 1Thanks, that's very specific.
That's as specific as it gets. Directly copied from the error console.
You're the one with the unminified js.
-
@ben_lubar said in SecurityError: The operation is insecure.:
@lorne-kates said in SecurityError: The operation is insecure.:
SecurityError: The operation is insecure.
https://what.thedailywtf.com/assets/nodebb.min.js?v=49191cul3vs
Line 1Thanks, that's very specific.
Sourcemaps NodeBB, plox?
-
@lorne-kates Ok... I now have it loaded up in Firefox/28.0 (portable). I'm still not seeing them. I'm seeing some different errors, but the site appears to be working fine. I wonder if there's a non-default about:config setting that could be causing it.
Can you open the debugger and enable "Pause on exceptions", disable "Show original sources", and prettify the "nodebb.min.js" source, and after that, can you get the error to reoccur? Hopefully then the debugger will show where it's stopped.
-
@onyx said in SecurityError: The operation is insecure.:
Sourcemaps NodeBB, plox?
There's two dozen errors like
Source map error: SyntaxError: JSON.parse: unexpected end of data at line 1 column 1 of the JSON data Resource URL: https://what.thedailywtf.com/assets/src/modules/{$somefile}.js?v=49191cul3vs Source Map URL: public/src/modules/{$somefile.js}.map
in the console.
-
@onyx said in SecurityError: The operation is insecure.:
@ben_lubar said in SecurityError: The operation is insecure.:
@lorne-kates said in SecurityError: The operation is insecure.:
SecurityError: The operation is insecure.
https://what.thedailywtf.com/assets/nodebb.min.js?v=49191cul3vs
Line 1Thanks, that's very specific.
Sourcemaps NodeBB, plox?
Here you go: https://what.thedailywtf.com/assets/nodebb.min.js.map
It's referenced from the script.
-
There appears to be an issue with pasting images which is causing an error matching the second one:
r
is undefined, and it's complaining because[].some.call(r, ...)
requires it to convertr
to an object.
-
@anotherusername said in SecurityError: The operation is insecure.:
Can you open the debugger and enable "Pause on exceptions", disable "Show original sources", and prettify the "nodebb.min.js" source, and after that, can you get the error to reoccur? Hopefully then the debugger will show where it's stopped.
function D()
function D() { $('.container') .addClass('container-fluid'); $('.container') .removeClass('container'); $(window) .resize(N); var e = [ ].slice.call(document.styleSheets); if (i.maxFluidWidth) { e[0].insertRule('.container-fluid { max-width: ' + i.maxFluidWidth + ';}', e[0].cssRules.length) } if (i.leftMargin) { e[0].insertRule('.container-fluid { margin-left: ' + i.leftMargin + ';}', e[0].cssRules.length) } for (var t = 0; t < e.length; t++) { var n = e[t]; if (n != null && n.cssRules != null && n.cssRules.length > 0) { var r = [ ].slice.call(n.cssRules); for (var o = 0; o < r.length; o++) { var a = r[o]; if (a != null && a.media != null && a.media && a.media.length > 0) { var s = a.media.conditionText || a.media.mediaText; var c = s.match(S); if (c && j[c[1]]) { s = s.replace(c[1], j[c[1]]) } var l = s.match(A); if (l && _[l[1]]) { s = s.replace(l[1], _[l[1]]) } a.media.mediaText = s } } } } }
It's not setting a nice breakpoint because of minification, even with prettify. Looks like it's happening inside the o to r.length loop. I'm guessing it's trying to fuck around with fake responsiveness.
Is that the unresponsive plugin?
-
Ah, it only occurs in desktop mode. I do see that error now that I've enabled it.
-
The security error is occurring here:
There's absolutely no way to avoid this error, AFAIK. Trying to access a stylesheet that you don't have permission to access will produce it, and there's no good way to tell whether you can access a stylesheet without trying.
The best way to do it would be try, catch the error if we can't, and don't go into the
if
block below if we couldn't:var sheet; try { sheet = s[ixs]; } catch (e) { sheet = null; // nothing else we can do } if (sheet != null && sheet.cssRules != null && ...
The other error about converting undefined to an object occurs when pasting image data, and it's a separate issue.
-
A temporary workaround would be to execute
delete localStorage.responsive
from the Javascript console, to turn off desktop mode. Then refresh the page.
-
@lorne-kates Welcome back!
-
@anotherusername said in SecurityError: The operation is insecure.:
A temporary workaround would be to execute
delete localStorage.responsive
from the Javascript console, to turn off desktop mode. Then refresh the page.How do I turn off desktop mode?
-
@lorne-kates said in SecurityError: The operation is insecure.:
How do I turn off desktop mode?
Shrink your window by 3 pixels
-
@lorne-kates said in SecurityError: The operation is insecure.:
@anotherusername said in SecurityError: The operation is insecure.:
A temporary workaround would be to execute
delete localStorage.responsive
from the Javascript console, to turn off desktop mode. Then refresh the page.How do I turn off desktop mode?
The menu from your avatar:
You can select "Responsive Mode" but you'll probably hate it.
@anotherusername said in SecurityError: The operation is insecure.:
There's absolutely no way to avoid this error, AFAIK. Trying to access a stylesheet that you don't have permission to access will produce it, and there's no good way to tell whether you can access a stylesheet without trying.
Hmm...is it possible to swallow an exception there?
-
@boomzilla said in SecurityError: The operation is insecure.:
The menu from your avatar:
From my avatar menu on Firefox, or on Chrome?
Firefoxbolded text****
Chromebolded text****
-
@boomzilla said in SecurityError: The operation is insecure.:
The menu from your avatar:
The
SecurityError
crashes the script before it can add those options to the menu. Is there a good reason why the setting apparently isn't on the settings page? I can't find anywhere else to enable it. Or does the script crash before it can add it there also?@boomzilla said in SecurityError: The operation is insecure.:
Hmm...is it possible to swallow an exception there?
Yes, that's what you have to do... that's what the code I posted in that post does. I'd create a pull request, but no github.
-
@lorne-kates
are you on mobile? Any reason you can't executedelete localStorage.responsive
in the JS console?As my ^ comment said, the options should be there, but the script is crashing.
edit: well it's not working when I do that... um...
-
@anotherusername said in SecurityError: The operation is insecure.:
Any reason you can't execute delete localStorage.responsive in the JS console?
I did that part, just couldn't find the desktop mode in my account menu.
Because apparently the broken css fuckery crashes the scripts BEFORE it has a chance to render the options for "desktop mode".
Which makes it impossible to turn on/off that mode.
I've since deleted localstorage.responsive, and I'm in a private window to post this.
-
And natch, going back to non-Private window, deleting localstorage.responsive and deleting all cookies, closing the tab, opening the tab and logging in again results in-- the same security warnings.
(posted from ick Chrome ick)
-
@lorne-kates ok, it looks like you also have to
delete localStorage['unresponsive-settings']
-
@anotherusername said in SecurityError: The operation is insecure.:
@lorne-kates ok, it looks like you also have to
delete localStorage['unresponsive-settings']
That worked. Thanks.
-
@anotherusername said in SecurityError: The operation is insecure.:
Is there a good reason why the setting apparently isn't on the settings page?
The menu made more sense. Also it's not part of settings, since you don't want your desktop session to affect your phone session, which is why it uses local storage. This is what it looks like for me on FF 57 (and yes, I know that I tested the extension in FF and Chrome during development):
-
@administrators somebody with a github account:
Replace
var sheet = s[ixs];
with
var sheet; try { sheet = s[ixs]; } catch (e) { sheet = null; }
here:
-
-
@pie_flavor said in SecurityError: The operation is insecure.:
Fix insecurity by pie-flavor
If only it was that simple
-
-
Another update to catch more problems.
Updated to v0.5.1. Doesn't barf in FF or Chrome.