by New Rogernomics » Mon Apr 30, 2018 7:00 am
by Kutumal » Mon Apr 30, 2018 7:05 am
by New Rogernomics » Mon Apr 30, 2018 7:11 am
The offending code was removed ASAP. Here is the code:Kutumal wrote:A brief info on what the code was (I spotted it and told NR about it):
It was retrieving nation/region flag URLs via the API on the client-side. It was using XMLHttpRequest's setRequestHeader() function to set a User-Agent, but browsers explicltly don't allow overriding the UA in that way and, accordingly, it didn't identify it correctly to NationStates. The correct approach would have been to include a "&user_agent=...."-parameter in the URL.
So basically, the intent for compliance was there, just the execution flawed.
EDIT: What NR posted isn't the offending code, by the way.
<!-- Nation in Lazarus in Profile -->
<script type="text/javascript">
$("dl.user_profile dt:contains('Nation')").each(function(){
var nation=$(this).next('dd').text();
var xhr = new XMLHttpRequest();
xhr.open("GET", "https://www.nationstates.net/cgi-bin/api.cgi?nation="+nation+"&q=flag+region", false);
xhr.setRequestHeader("User-Agent",<redacted>);
xhr.send();
xmlDocument = xhr.responseXML;
var flagurl = xmlDocument.getElementsByTagName("FLAG")[0].textContent;
var region = xmlDocument.getElementsByTagName("REGION")[0].textContent;
if (region == "Lazarus") {
$(this).next('dd').html("<span style='font-style:normal; line-height: 1.75em;'><a href='http://nationstates.net/nation="+nation+"' target='_blank'><img src='"+flagurl+"' height='26px' style='border: 1px solid #80d280;' /> "+nation+"</a></span>");
} else {
var xhr = new XMLHttpRequest();
xhr.open("GET", "https://www.nationstates.net/cgi-bin/api.cgi?region="+region+"&q=flag", false);
xhr.setRequestHeader("User-Agent", <redacted>);
xhr.send();
xmlDocument = xhr.responseXML;
var regionflagurl = xmlDocument.childNodes['0'].textContent;
$(this).next('dd').html("<span style='font-style:normal; line-height: 1.75em;'><a href='http://nationstates.net/nation="+nation+"' target='_blank'><img src='"+flagurl+"' height='26px' style='border: 1px solid #62ce62;' /> "+nation+"</a><div style='font-size:12px;'><i>visiting from</i> <a href='http://nationstates.net/region="+region+"' target='_blank' style='font-family: Nunito Sans;'><img src='"+regionflagurl+"' height='13px' style='border: 1px solid #80d280;' /> "+region+"</a></div></span>");
}
});</script>
I think it was one that it was initially based off though, obviously with a lot of changes.Kutumal wrote:EDIT: What NR posted isn't the offending code, by the way.
by Kutumal » Mon Apr 30, 2018 7:44 am
xhr.setRequestHeader("User-Agent", <redacted>);
by New Rogernomics » Mon Apr 30, 2018 8:08 am
Really this is the only thing I found that helps me understand it: https://www.html5rocks.com/en/tutorials/cors/Kutumal wrote:Yep, that's the one.
Besides the synchronous XHR that made me cry the offending line:
- Code: Select all
xhr.setRequestHeader("User-Agent", <redacted>);
Setting the User-Agent programmatically in such a way isn't allowed in most browsers.
by Mount Seymour » Mon Apr 30, 2018 10:13 am
The Pacific Alpine Commonwealth of Mount Seymour
a.k.a. Somyrion, Aumeltopia
by Wolfram and Hart » Tue May 01, 2018 5:56 am
Mount Seymour wrote:^ That was my request butchering. Don't think I have much to add (lesson is basically I need to actually learn things before trying to make them work...). I have next to no background in js or using XHR, and had no intention of avoiding setting a user-agent. Kutumal helpfully explained the (numerous) problems with the code. Apologies to the NS admins (I'll make sure to check with multiple people as well as wait for a while before I venture into some other piece of code) and to all the developers and programmers whose eyes I made bleed.
by Mount Seymour » Tue May 01, 2018 1:03 pm
Wolfram and Hart wrote:Mount Seymour wrote:^ That was my request butchering. Don't think I have much to add (lesson is basically I need to actually learn things before trying to make them work...). I have next to no background in js or using XHR, and had no intention of avoiding setting a user-agent. Kutumal helpfully explained the (numerous) problems with the code. Apologies to the NS admins (I'll make sure to check with multiple people as well as wait for a while before I venture into some other piece of code) and to all the developers and programmers whose eyes I made bleed.
This is where I started for this type of code:
https://www.w3schools.com/xml/ajax_intro.asp
Hope it helps!
The Pacific Alpine Commonwealth of Mount Seymour
a.k.a. Somyrion, Aumeltopia
Advertisement
Users browsing this forum: Alinek, Armbruster, Automaton Legion 4, Barbartopia, Bormiar, British Arzelentaxmacone, Catastrophic Hardware Failure Notice, Ebrein, Ehrijeters, Fachumonn, Ferret Civilization, Fotisdia, Free Toast, GENHISH, Google [Bot], Great Yue, Heromerland, Hyponichtmallieturam, Imperial German State, Khantin, Land Without Shrimp, Larsez, Lower Antegria, Miraregna, Moloto Japan, New Baltic States, New Westmore, North American Imperial State, Omnicontrol, Oronatia, Patolia, Patriums, Poulton-with-Fearnhead, Reyo, Schardonia, Scus was taken, Second Scratch Empire, Sokkalia, Stones, Sumoriant, Suvarnavarta, The Hard Part, The Koryoan Union, The United Good, Tianjastan, United Calanworie, Xoshen
Advertisement