Login

Discussion of chess software programming and technical issues.

Moderator: Ras

User avatar
Eelco de Groot
Posts: 4661
Joined: Sun Mar 12, 2006 2:40 am
Full name:   Eelco de Groot

Re: Login

Post by Eelco de Groot »

Mike Sherwin wrote: Thu May 04, 2023 4:59 pm I use http://talkchess.com/ to get to talkchess. It is working better than it has been. If I get the I am not a robot checkbox screen I exit and try again. If I try several times and I can't get past then I try later.

Everytime that I click the I am not a robot checkbox I get in but not to the expected gui but rather I end up with an archaic text based ui that works but is not very pleasant to use. I'd say the error is that the I am not a robot page redirects to the wrong interface.
Hi Mike,

if you are on http:// and in Firefox, clicking on the little lock in the address bar gives you a button to delete cookies and other website information. (Image below) After doing that, when you refresh the page with Talkchess in text mode, it says it has to transmit again the request. Then I get the correctly formatted page back.

Image
Debugging is twice as hard as writing the code in the first
place. Therefore, if you write the code as cleverly as possible, you
are, by definition, not smart enough to debug it.
-- Brian W. Kernighan
ernest
Posts: 2047
Joined: Wed Mar 08, 2006 8:30 pm

Re: Login

Post by ernest »

hgm wrote: Sat May 06, 2023 7:45 am You won't be able to see the diagrams:


[fen]edkjjkae/pppppppp/8/8/8/8/PPPPPPPP/RNBQKBNR w[/fen]
OK !
With http, instead of https, I can indeed see the diagram (with edkjjkae or rnbqkbnr :D)

...but nowadays, with http, I always get the unacceptable bad loading of the style (.css) files. :evil:
User avatar
hgm
Posts: 28354
Joined: Fri Mar 10, 2006 10:06 am
Location: Amsterdam
Full name: H G Muller

Re: Login

Post by hgm »

I still have not been able to think up a satisfactory explanation for this. Did you try the trick of clearing the cookies and cache?

Why would it matter if you load a CSS file through http or https from a website that is http? Even stranger: why would such a file have to be loaded at all? Normally a web browser would cache indirectly loaded files, and only load the primary file if not explicitly asked to clear the cache (by Shift + load).

Could the problem be that the browser cache contains a faulty version of the http CSS page (like the confirmation page rather than the real CSS data)? and that https and http files of the same URL are separately cached, so that the version cached as https could still be genuine? If that is the problem it would be solved by loading the page as http, and then reload it in a cache-clearing way. Once the CSS files are properly loaded into the chache, you should not have any problems anymore, as it would always load those, and never try to access http://takchess.com again for those.
JVMerlino
Posts: 1398
Joined: Wed Mar 08, 2006 10:15 pm
Location: San Francisco, California

Re: Login

Post by JVMerlino »

hgm wrote: Mon May 08, 2023 12:41 pm I still have not been able to think up a satisfactory explanation for this. Did you try the trick of clearing the cookies and cache?

Why would it matter if you load a CSS file through http or https from a website that is http? Even stranger: why would such a file have to be loaded at all? Normally a web browser would cache indirectly loaded files, and only load the primary file if not explicitly asked to clear the cache (by Shift + load).

Could the problem be that the browser cache contains a faulty version of the http CSS page (like the confirmation page rather than the real CSS data)? and that https and http files of the same URL are separately cached, so that the version cached as https could still be genuine? If that is the problem it would be solved by loading the page as http, and then reload it in a cache-clearing way. Once the CSS files are properly loaded into the chache, you should not have any problems anymore, as it would always load those, and never try to access http://takchess.com again for those.
My apologies in advance if this is obvious stuff. Spoke about this with my wife, who has been a web engineer for as long as the web has existed. She said to "check the console for errors or warnings when loading the page". So I did, and I see this:
--------------------
Warning - Mixed Content: The page at 'https://talkchess.com/forum3/viewtopic. ... 7&start=10' was loaded over HTTPS, but requested an insecure element 'http://hgm.nubati.net/down.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-mo ... https.html

Error - fen.js:1 Failed to load resource: net::ERR_CERT_AUTHORITY_INVALID

Error - name.js:1 Failed to load resource: net::ERR_CERT_AUTHORITY_INVALID

Warning - Mixed Content: The page at 'https://talkchess.com/forum3/viewtopic. ... 7&start=10' was loaded over HTTPS, but requested an insecure element 'http://hgm.nubati.net/down.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-mo ... https.html
--------------------
User avatar
hgm
Posts: 28354
Joined: Fri Mar 10, 2006 10:06 am
Location: Amsterdam
Full name: H G Muller

Re: Login

Post by hgm »

Indeed, this is the error that you expect when loading a page that really is http as https. The question, however, is what goes wrong when you load it as http, which is what you should do.
JVMerlino
Posts: 1398
Joined: Wed Mar 08, 2006 10:15 pm
Location: San Francisco, California

Re: Login

Post by JVMerlino »

Here's what I see when I load it as http (after getting past two Cloudflare checks):

---------------------
font-awesome.min.css:1 Failed to load resource: the server responded with a status of 403 (Forbidden)
stylesheet.css:1 Failed to load resource: the server responded with a status of 403 (Forbidden)
stylesheet.css:1 Failed to load resource: the server responded with a status of 403 (Forbidden)
forum_fn.js:1 Failed to load resource: the server responded with a status of 403 (Forbidden)
jquery.min.js:1 Failed to load resource: the server responded with a status of 403 (Forbidden)
core.js:1 Failed to load resource: the server responded with a status of 403 (Forbidden)
no_avatar.gif:1 Failed to load resource: the server responded with a status of 403 (Forbidden)
ajax.js:1 Failed to load resource: the server responded with a status of 403 (Forbidden)
font-awesome.min.css:1 Failed to load resource: the server responded with a status of 403 (Forbidden)
stylesheet.css:1 Failed to load resource: the server responded with a status of 403 (Forbidden)
stylesheet.css:1 Failed to load resource: the server responded with a status of 403 (Forbidden)
---------------------
User avatar
hgm
Posts: 28354
Joined: Fri Mar 10, 2006 10:06 am
Location: Amsterdam
Full name: H G Muller

Re: Login

Post by hgm »

That is useful. If I ask for the page source of a forum page, near the top I see:

Code: Select all

<link href="./assets/css/font-awesome.min.css?assets_version=4" rel="stylesheet">
<link href="./styles/prosilver/theme/stylesheet.css?assets_version=4" rel="stylesheet">
<link href="./styles/prosilver/theme/en/stylesheet.css?assets_version=4" rel="stylesheet">
At the bottom of the page there is:

Code: Select all

<script type="text/javascript" src="./assets/javascript/jquery.min.js?assets_version=4"></script>
<script type="text/javascript" src="./assets/javascript/core.js?assets_version=4"></script>



<script type="text/javascript" src="./styles/prosilver/template/forum_fn.js?assets_version=4"></script>
<script type="text/javascript" src="./styles/prosilver/template/ajax.js?assets_version=4"></script>
Although the error messages do not appear to give the full URL of the file they tried to load, it seems obvious that those three produced a 403 error.

Now if we only could figure out why it would produce that error in your case, while it almost never does for me.

The question why it would try to load those files from the server in the first place, rather than using cached versions, still stands. I cannot imagine it would cache the error for reuse. What happens when you try to load them directly, by asking for the page source, and then clicking the URL in that? Does the 403 error persist?
JVMerlino
Posts: 1398
Joined: Wed Mar 08, 2006 10:15 pm
Location: San Francisco, California

Re: Login

Post by JVMerlino »

hgm wrote: Mon May 08, 2023 10:23 pm That is useful. If I ask for the page source of a forum page, near the top I see:

Code: Select all

<link href="./assets/css/font-awesome.min.css?assets_version=4" rel="stylesheet">
<link href="./styles/prosilver/theme/stylesheet.css?assets_version=4" rel="stylesheet">
<link href="./styles/prosilver/theme/en/stylesheet.css?assets_version=4" rel="stylesheet">
At the bottom of the page there is:

Code: Select all

<script type="text/javascript" src="./assets/javascript/jquery.min.js?assets_version=4"></script>
<script type="text/javascript" src="./assets/javascript/core.js?assets_version=4"></script>



<script type="text/javascript" src="./styles/prosilver/template/forum_fn.js?assets_version=4"></script>
<script type="text/javascript" src="./styles/prosilver/template/ajax.js?assets_version=4"></script>
Although the error messages do not appear to give the full URL of the file they tried to load, it seems obvious that those three produced a 403 error.

Now if we only could figure out why it would produce that error in your case, while it almost never does for me.

The question why it would try to load those files from the server in the first place, rather than using cached versions, still stands. I cannot imagine it would cache the error for reuse. What happens when you try to load them directly, by asking for the page source, and then clicking the URL in that? Does the 403 error persist?
Firstly, I can give you the full URLs for those files:

Code: Select all

http://talkchess.com/forum3/assets/css/font-awesome.min.css?assets_version=4
http://talkchess.com/forum3/styles/prosilver/theme/stylesheet.css?assets_version=4
http://talkchess.com/forum3/styles/prosilver/theme/en/stylesheet.css?assets_version=4
http://talkchess.com/forum3/assets/javascript/core.js?assets_version=4
http://talkchess.com/forum3/assets/javascript/jquery.min.js?assets_version=4
http://talkchess.com/forum3/styles/prosilver/template/forum_fn.js?assets_version=4
http://talkchess.com/forum3/styles/prosilver/template/ajax.js?assets_version=4
http://talkchess.com/forum3/styles/prosilver/theme/images/no_avatar.gif
And if I try to load the avatar gif directly, I get this, which hopefully sounds very useful:
-----------------------
The Cross-Origin-Opener-Policy header has been ignored, because the URL's origin was untrustworthy. It was defined either in the final response or a redirect. Please deliver the response using the HTTPS protocol. You can also use the 'localhost' origin instead. See https://www.w3.org/TR/powerful-features ... thy-origin and https://html.spec.whatwg.org/#the-cross ... icy-header.
-----------------------

I get the same error if I try to load core.js

jm
User avatar
hgm
Posts: 28354
Joined: Fri Mar 10, 2006 10:06 am
Location: Amsterdam
Full name: H G Muller

Re: Login

Post by hgm »

I suppose the answer must ly in here, but I don't really understand what it is saying. I know this 'Cross-origin policy' issue from when I try to fetch a URL from a JavaScript program, it would not allow me to fetch from another server as the page containing the JavaScript came from. Later this was made more strict, and you could not even fetch URLs from the same server that referred to another directory.

I never know that it could apply to URLs that appear hard-coded in the HTML page. Apart from that there was a problem loading http links from https pages.

But we are trying none of that, here. I also don't understand what it means thet the 'header has been ignored'. I don't care about that header, as long as the data that is fetched is not ignored. So ignoring the header sounds good, acting on information in the header to block the data transfer would be bad. That some redirect is going on is to be expected; I suppose this refers to the CloudFlare involvement. The 'please deliver ...' is a request to whom?
JVMerlino
Posts: 1398
Joined: Wed Mar 08, 2006 10:15 pm
Location: San Francisco, California

Re: Login

Post by JVMerlino »

According to my wife, the policy should not need to be as strict as the behavior is suggesting. She says there are sites that can allow you to create policies from scratch, such as this one:
https://developer.mozilla.org/en-US/doc ... ner-Policy

Unfortunately, the "ignored header" is a mystery to her as well.