I want to have an authorization prompt pop up every time, but it doesn't pop up every time :/

I have a password prompt for a proxy website, but when I put it in wrong, I do not have the option to re-enter it. How do I make it pop up every time you visit the site? Thanks in advance! The URL is https://vhe.glitch.me

Hmm, it seems to work for me. But FYI Google is planning to disable popups like that one (alert, prompt, and confirm). The best thing to do is create a modal and/or have a login page with private routes to the other pages.

Also, I’d be careful with having something that always pops up like that. In your case there are buttons that will let you close the prompt but you want to make sure you can get to your editor. I once accidentally copied code for a prompt that was in a loop so there was no way to get past it. I had to download the project to get back into my files.

so, it opens up, then if i answer wrong, it says än error message i put if you type in the code right, but it i cannot get the popup again when i reopen it.

That right there, is a sad moment.

Heh, I think that’s pretty much a reason for Google wanting to deprecate/disable those. Internet security is also more complex now. They’re not bad for basic Javascript tutorials but they are hacky in real life situations.

I’m not sure how you’ve set up the project you want to privatize but I have a few auth examples using React and/or Redux / Context. Might be more complex than what you need though. I’ve been meaning to make one that’s just Node and vanilla JS. Check out my ‘starters and boilerplates’ collection if you’re curious.

I saw your thread from earlier. If you really want to leave a trail of work: for now, I’d put your project up on Github, with a license, so at least an “initial commit” exists. You can even write in your README when you initially made the project. I’d also keep a copy here if you want to work on it via Glitch, and just push it up to Github periodically. And check out the thread I started about initial commits / remixing if you haven’t.

Hope that’s helpful. I think about this stuff a lot too, considering employers really look at code carefully and I want to get credit for my work.

but back to this… how do i fix it?

Hmm you don’t want to get stuck in a loop. If you reload the page, the prompt works. You can add a reload button:

<button onclick="location.reload()">reload</button>

EDIT: actually, it doesn’t. It only works if I clear my cache.

how do I make it clear my cache? lol

An example of what I want to happen

username is: user
password is: glitch

I want it to act just like this.

Heh, you gotta clear your browser cache. In chrome: go to History > Show full history > Clear Browsing Data. I wouldn’t bother doing that though.

I can see your keys, you def want to remove any SSL stuff because people can just take it. Anything private needs to go into the .env file. Seriously: remove those immediately!

how do i hide those? can i give you access to my stuff and then you can help me?

this is the example. If you see it, try it out.
https://vhe-example.glitch.me/
username: user
password: glitch

I really don’t know much about security. Someone else on the forum can probably chime in. This stuff is not easy to set up, and you’re also working on a public platform which might not be the best place to connect proxy servers and the like.

well, how can i make the popup act like https://vhe-example.glitch.me on https://vhe.glitch.me?

it should maybe act like a normal js popup.

You’ve got a lot of code there and it would take me a while to go through it. I’d try removing or changing the cache options though. Specifically lines 61 and 62 in the vhe file. That might be blocking the reload. Remember you can comment out code rather than just deleting so you don’t forget anything.

The vhe-example is much shorter; I’d make sure you’re copying that exactly while making sure you account for any extras regarding your own project. Take your time with it; it looks like everything you need is there.

i greyed out line 61 and 62, still didn’t work. ill give you pemissions so you can try looking at it.

I don’t have time to look at it right now. Feel free to follow the help I’ve given you so far.

thanks

BTW, I did get a chance to quickly look at your files and I moved the keys and cert into .env. Make sure you reference those with process.env.cert, process.env.key, etc.

I tried replacing the res.end(‘bad creds’) with a res.redirect or res.json({ msg: "bad creds! }) but nothing worked. There’s other code in there that is probably forcing that outcome. Whereas the example project is using req, res, next to help create a refresh or loop of the prompt. Someone more experienced with Node and/or security would have more insight here.

Can you try getting someone on this message thread?

Can’t…I don’t work for Glitch, I’m just a user on here. You have quite a bit of code there, and I can tell a lot that you have probably copied and don’t understand (and hey, neither do i).

Honestly - this is my opinion. Especially if you’re a student or early in your development work, it’s really not worth you going to this much trouble to privatizing your work. Because it won’t ultimately matter much if someone steals it. It only really matters when someone has a new idea about a product that hasn’t been done before. At that point, you want credit for the idea because it’s going to make you money.

Let’s say you post your work publicly, with a license, and someone takes it and also puts it up. Well, you still have your copy. And ultimately, there’s no way to prove that you didn’t steal it from someone else, because we can always erase our git histories and do a new “initial commit.” Employers are going to test you, cross check your references, and put you through the same thing they do everyone else. They’ll still be skeptical until you prove yourself.

So yes, ownership is important and everyone should get credit for things they do, but it’s all so hard to prove we throw licenses on our stuff and just hope for the best. I know you just got blackmailed and that feels like a blow, so you’re looking for some control now. But hopefully that makes sense, and your disappointment will pass too. Most people out there are alright and don’t steal work.

It looks like it’s just for cross origin frames. Or am I completely wrong?

image1143×672 31.6 KB

I guess that’s true for now, but I think there is a broader motivation to deprecate them entirely. I believe Google (or at least some of the folks there) think that using a dialog is a better option. Which I agree with. But there is a lack of support now in all browsers. I think they will eventually be fully deprecated.

This topic was automatically closed 180 days after the last reply. New replies are no longer allowed.