Empty page when embedded

Website URL

(please specify the URL of the site on which you are experiencing the problem)

Error Message

Failed to load resource: net::ERR_FAILED
Access to fetch at ‘https:play.google.com/log?format=json&hasfast=true&authuser=0’ from origin ‘https:www.infutik.eu’ has been blocked by CORS policy: Response to preflight request doesn’t pass access control check: The ‘Access-Control-Allow-Origin’ header has a value ‘http:play.google.com’ that is not equal to the supplied origin. Have the server send the header with a valid value, or, if an opaque response serves your needs, set the request’s mode to ‘no-cors’ to fetch the resource with CORS disabled.

Other Information

Hi over a while!
Once again I see this error described in Empty page when embedded. In Edge and Chrome embedded (via Google Sites) pages blank, in Firefox fine.
Perhaps again it’s a temporary glitch, but … maybe not. Can’t be sure exactly when it started, but few days ago it was ok.
Any ideas?
More thanks, Alar.
PS! In error I removed from https // to fit into “two links” requirement.

This is something that you must solve with Google. Our hosting does have CORS settings, but that doesn’t matter in this case. Google’s settings are blocking you from accessing it from within your site, and thus you must get in touch with Google to have this sorted out.

3 Likes

Since you are using CloudFlare, it seems similar to this

I am seeing this as well

5 Likes

Hi and thanks!
So, it could be something addressed to my site!? Interestingly Firefox does work ok.
Sure, I don’t think there is something wrong with hosting system, perhaps something even temporary, we’ll see.
Well, anyway, I’ll wait day or two and then start to search some contacts within this conglomerate.
More thanks, Alar.

Hi and thanks!
Well, yes, I see that too. But can’t understand what it does mean, a bit over my expertise, let’s say so. But I understand I’m not alone. And … probably it isn’t something to approach Google with!?
More thanks, Alar.

The aes.js file is connected to the security system. Your web assets were mistakenly blocked by the security system. It’s not only you who is suffering from the issue. Any website which uses Cloudflare is currently being affected by the issue.

4 Likes

Thank You!
Well, then we hope they will solve it soon!
More thanks, Alar.

1 Like

Some changes were recently made to the browser security challenge. If you don’t know that system, this article goes into detail about it:

Until recently, if you used Cloudflare, you were exempt from this security system, both because the security system didn’t work well with Cloudflare, and because we believed Cloudflare provided adequate protection. But both are not true anymore, so the exception was removed.

For most websites, this doesn’t cause notable issues. But it seems that on your website, the main website www.infutik.eu is interacting with the subdomain varia.infutik.eu. While this worked before with Cloudflare, that is now being blocked by this security system.

While I recognize that this change is causing issues for your website, the reality is that in the current system, our hosting is working as we intended it to. So since there is no issue from our perspective, there is nothing we can fix. And no, we cannot make special exceptions to this security system for individual websites.

So I’m sorry to say that you will need to find a solution for this yourself. For example, by moving the scripts from the varia subdomain to the main website.

4 Likes

Hi and thank You for explanation!
Why I chose hosting (back in 2022, Empty page when embedded) was I needed some automation for uploading small and simple scripts and pages, Google Sites does not offer that from my perspective. Well, I don’t earn any money for this I do, so, my goal was also get all this done for free. (I understand, there is no really “free lunch”, TANSTAAFL, sure, but I still keep trying to get one.) So, I can’t move my work to main site. Anyway, I do understand what You’re saying, thank You.
Btw, page still works in Firefox. =)
More thanks, Alar.

Hi!
Just to be correct: starting as yesterday problem started appear also in Firefox.
Terv, Alar.

Sorry for the delay, I didn’t get around to checking this.

The reason that the security system is causing problems for you is because the security system prevents embedding of pages from one hostname into other hostnames. This really works at the hostname level, not the domain or account level. So on one.example.com, you can’t embed resources from two.example.com, because you need a security cookie, and browsers refuse to run the security challenge when accessed through an iframe.

So why did it work in Firefox but not other browsers? If you first go to two.example.com, then your browser will get a valid security cookie for two.example.com. If you then go to one.example.com, the embed of two.example.com will use the security cookie that’s already set. I suspect that you did this with Firefox, which is why Firefox can access, but browsers don’t share cookies with other browsers, so Edge and Chrome don’t work.

Our system is working as we intend it to, so don’t hold your breath on a fix from our side.

As for what you can do instead, I repeat my recommendation I made in your other topic: just put everything you need to run your website under a single hostname. If you don’t spread the functionality across multiple subdomains, you don’t have this issue. And seeing how it’s all hosted on the same hosting account anyway, I see no practical benefit in having it setup like this.

5 Likes

Hi and thank You!
I understand. Yes, I’m trying to move all “creation” to one place (to InfinityFree), but … I’ts a bit tricky for me, because on Google I had (still have) some options to manage (design) web page, but no automatic there I can reach.
More thanks, Alar.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.