slack-digest/2021-02-09.md
Tue, 09 Feb 2021 08:34:29 GMT
Join the conversation at slack.cordova.io
Mon, 08 Feb 2021 16:05:28 GMT
@g.asci says
What does a signed vue powered cordova app send in the Referer section as request header? I need to add the domain to my tinymce account but I cannot test it after I sign the app and install to my phone. Is there way to check it? It is my local ip address with the dev server but it looks like it changes after I sign it. (And are they different for iOS and Android versions?) Here is the support message that I received: Hello,
Thank you for reaching out to Tiny Support.
Our Cloud platform verifies the domain you are attempting to load Tiny from by checking the “Referer” header in the network request to load TinyMCE.
Using your browser’s Developers Tools, open the Network tab. From there, find the request being made to load Tiny with your API key, and click on the Headers tab. In the section called “Request Headers” there should be a field for “Referer”.
If the value there is different from one of your registered URLs, you may need to adjust either your registered URLs, or your applications “Refer” header settings.
Let us know if you have additional questions.
Thank you,
Mon, 08 Feb 2021 16:07:51 GMT
@dpogue says
Possibly
file:///but also possibly nothing
Mon, 08 Feb 2021 16:08:45 GMT
@norman137 says
If the file is a "local" file, such as a data uri or a
file://uri, then the browser is not suppose to send a referer header.
Mon, 08 Feb 2021 16:09:18 GMT
@norman137 says
Also if the pages aren't loaded via https, the browser isn't suppose to send a referer header.
Mon, 08 Feb 2021 16:09:35 GMT
@norman137 says
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referer
Mon, 08 Feb 2021 16:09:52 GMT
@g.asci says
Oh what should I do in this case, then. I get the client side error saying that this domain is not verified. I have removed the error using a few css tricks but I am not sure if this is the right way to solve it.
Mon, 08 Feb 2021 16:19:56 GMT
@norman137 says
Doing what they say... you can see if a
Refererheader is being sent in the Request Headers to TinyMCE so you can play around. If it's missing, then that means the browser isn't sending it (for whatever reason, likely related to the points i made above).I'm not sure how browsers behave with non-standard schemes, but you could try using the ionic webview, but this might not be a long term solution because of: https://github.com/ionic-team/cordova-plugin-ionic-webview/issues/484
There are much better ways to confirm ownership of a domain imo, but obviously you're kinda locked into what TinyMCE offers has options.
Mon, 08 Feb 2021 16:20:43 GMT
@g.asci says
But I cannot see the developer tools to check the Referer header after signing the app and installing app or can I?
Mon, 08 Feb 2021 16:23:07 GMT
@norman137 says
you can as long as the app is built in debug mode.
Mon, 08 Feb 2021 16:53:18 GMT
@g.asci says
Yeah, that’s right, no header is sent except for
x-request-withwhich has a value of my bundle id. I have kindly requested tinymce team to add another bundle verifier with this header. If they don’t I am gonna stick to the css trick :D. Thank you for your help.
Mon, 08 Feb 2021 16:58:38 GMT
@norman137 says
Most companies that I worked with if they want to verify your domain have you add a TXT record with a specific value to the dns, so they can confirm that you are the owner of that domain.
Mon, 08 Feb 2021 17:00:18 GMT
@g.asci says
Yes, I am using Mailjet API, Cloudflare and AWS SES. They all work the same way.