Apple's Safari Browser now Supported! (includes iPhones)

12 views
Skip to first unread message

Anders

unread,
Nov 2, 2008, 5:13:02 PM11/2/08
to JustHumans
The cross-site permissions issue blocking Apple's Safari web browser
has been fixed. As noted before, Safari has an overly conservative
default cookie policy that refuses to return cookies to domains
outside the requested site. The end result of this is that JustHumans
images wouldn't show up properly in Safari because JustHumans images
are served from verify.justhumans.com instead of your site. We have
enabled the JustHumans server to also respond to any name you make up
creating a way around this problem. So now if you create a new name
under your own domain and point it at verify.justhumans.com (using a
CNAME DNS record), Safari will happily render the images and work as
designed.

For example, if you are running the site www.example.com and you
include a JustHumans form, you could create a new DNS entry called
verify.example.com and have that point to verify.justhumans.com. (You
need to create a CNAME record within the DNS for your domain name to
do this. Check with the people who host the DNS for your domain if you
are unsure how to do this.) You would then alter your JustHumans code
replacing verify.justhumans.com with the new name you created:
verify.example.com.

This:
<script language="JavaScript" src="http://verify.justhumans.com/
verification.js?k=a1b2c3..."></script>

becomes this:
<script language="JavaScript" src="http://verify.example.com/
verification.js?k=a1b2c3..."></script>

Now, when Safari comes across this code, verify.example.com is within
your domain so Safari hapily renders the content. Additionally,
JustHumans notices your new domain name and uses that in the
JavaScript that it renders which includes the URLs to all of the
images. This way everything stays within your domain and Safari
renders everything as expected.

This is running on the forms at the bottom of http://www.12byzantinerulers.com/
if you want to see it in action. View source to see how the URL in the
JavaScript call is altered to verify.12byzantinerulers.com. Ask
questions on the support Google group.

Thanks to Brian Z. and Mad Jax for nudging me to get this done!

-Anders

Jackson Whelan

unread,
Nov 3, 2008, 5:59:32 PM11/3/08
to justh...@googlegroups.com
Anders - thanks for the speedy implementation of this feature!

You Rock!

Anders Brownworth

unread,
Nov 3, 2008, 6:27:18 PM11/3/08
to justh...@googlegroups.com
Thanks Jackson,

Truth be told, I was sick this weekend so I had a good chunk of idle time to fill!

Best,

-Anders
--
-Anders
-----------------------------------------------------------
Anders Brownworth
http://www.anders.com/
ande...@gmail.com

Captain Nordic

unread,
Nov 4, 2008, 10:12:11 AM11/4/08
to JustHumans
Anders,
Thanks for doing all this. But to show you how inexperienced I am, I
never even KNEW that Safari didn't work.
And the main reason I was drawn to this script is because it's easy,
and I don't understand all the terms about DNS and CNAME and etc. So
I'm not sure where to look to implement this change. My domain names
are bought through MyDomain.com. Some of them use the MyDomain.com
NameServers, and use their automatic forwarding to the main domain for
the website, xcjuniorolympics2009.org (for example,
xcjuniorolympics2009.com gets forwarded to that). But www.xcjuniorolympics2009.org
uses the NameServers from my webhost. So WHERE do I go to
"create a new DNS entry called verify.example.com and have that point
to verify.justhumans.com. (You need to create a CNAME record within
the DNS for your domain name to do this."
Do I do this on my webhost using their cPanel, or via mydomain?

Thanks,

Mark

On Nov 3, 3:27 pm, "Anders Brownworth" <ander...@gmail.com> wrote:
> Thanks Jackson,
>
> Truth be told, I was sick this weekend so I had a good chunk of idle time to
> fill!
>
> Best,
>
> -Anders
>
> On Mon, Nov 3, 2008 at 5:59 PM, Jackson Whelan <jackson.whe...@gmail.com>wrote:
>
>
>
> >  Anders - thanks for the speedy implementation of this feature!
>
> > You Rock!
>
> > Anders wrote:
>
> > The cross-site permissions issue blocking Apple's Safari web browser
> > has been fixed. As noted before, Safari has an overly conservative
> > default cookie policy that refuses to return cookies to domains
> > outside the requested site. The end result of this is that JustHumans
> > images wouldn't show up properly in Safari because JustHumans images
> > are served from verify.justhumans.com instead of your site. We have
> > enabled the JustHumans server to also respond to any name you make up
> > creating a way around this problem. So now if you create a new name
> > under your own domain and point it at verify.justhumans.com (using a
> > CNAME DNS record), Safari will happily render the images and work as
> > designed.
>
> > For example, if you are running the sitewww.example.comand you
> > include a JustHumans form, you could create a new DNS entry calledverify.example.com and have that point to verify.justhumans.com. (You
> > need to create a CNAME record within the DNS for your domain name to
> > do this. Check with the people who host the DNS for your domain if you
> > are unsure how to do this.) You would then alter your JustHumans code
> > replacing verify.justhumans.com with the new name you created:verify.example.com.
>
> > This:
> > <script language="JavaScript" src="http://verify.justhumans.com/
> > verification.js?k=a1b2c3..." <http://verify.justhumans.com/verification.js?k=a1b2c3...>></script>
>
> > becomes this:
> > <script language="JavaScript" src="http://verify.example.com/
> > verification.js?k=a1b2c3..." <http://verify.example.com/verification.js?k=a1b2c3...>></script>
>
> > Now, when Safari comes across this code, verify.example.com is within
> > your domain so Safari hapily renders the content. Additionally,
> > JustHumans notices your new domain name and uses that in the
> > JavaScript that it renders which includes the URLs to all of the
> > images. This way everything stays within your domain and Safari
> > renders everything as expected.
>
> > This is running on the forms at the bottom ofhttp://www.12byzantinerulers.com/
> > if you want to see it in action. View source to see how the URL in the
> > JavaScript call is altered to verify.12byzantinerulers.com. Ask
> > questions on the support Google group.
>
> > Thanks to Brian Z. and Mad Jax for nudging me to get this done!
>
> > -Anders
>
> --
> -Anders
> -----------------------------------------------------------
> Anders Brownworthhttp://www.anders.com/
> ander...@gmail.com

Anders Brownworth

unread,
Nov 4, 2008, 10:53:18 AM11/4/08
to justh...@googlegroups.com
Mark,

Unfortunately there isn't one place that this is done for everyone, hence my somewhat hard to decipher "create a CNAME record" statement.

In your case, you probably want to create a CNAME record like verify.xcjuniorolympics2009.org pointing to verify.justhumans.com using the nameserver tools at MyDomain.com.

I'll try to boil this down:

The issue is somewhat complicated because it isn't always easy to say who manages authoritative DNS for a particular domain. (sometimes it is a person and other times its a website) As far as computers are concerned, it is easy to know exactly what server on the Internet is authoritative for a domain (in your case that is ns9.yourhostdns.com and ns10.yourhostdns.com) but its hard to know what web interface or person to go to from that.

Domains are registered through registrars. They don't, however, respond authoritatively telling people what IP address your webserver is at. A registrar essentially tells the world what nameserver is authoritative for a domain and thats it.

However, most people just register a domain for a website and maybe email. It would be a hastle for them to set up nameservers as well just to respond authoritativly for these domains, so registrars have gotten into the authoritative DNS business. So there is a good chance that your registrar is also the place you would go to create new nameserver records as well. It all depends on who does authoritative DNS for your domain.

If, however, you happen to do your own DNS, how you go about setting up a CNAME record depends on the flavor of DNS server you are running.

BIND, the most popular DNS server on the Internet, would be configured like this:

verify.xcjuniorolympics2009.org. IN CNAME verify.justhumans.com.

If you are using the djbdns package, you would do it this way:

Cverify.xcjuniorolympics2009.org:verify.justhumans.com

etc...

So unfortunately it isn't very cut and dry. I'm thinking of getting a Wiki going on JustHumans so as people figure out how to create CNAME records for their domains using the various tools out there, we can start documenting it.

Best,

-Anders

Captain Nordic

unread,
Nov 4, 2008, 11:36:18 AM11/4/08
to JustHumans
Anders,

Well, not surprisingly, you lost me there. Boy, there's a lot of stuff
out there that "amateur" web designers like me have no clue about.

But, the good news. I went ahead and asked the Tech Support guys at my
webhost (Emaxhosting.com) the same question, and they came back with
this:

"Dear Mark,
This has been completed. We have added CNAME record as 'verify' for
domain xcjuniorolympics2009.org"

Then, I went ahead and replaced my script containing
verify.justhumans.com with verify.xcjuniorolympics2009.org and it now
works in Safari.

This is again one of those examples of "If it ain't broke, don't fix
it, and if it's broke, get someone who knows what the heck they're
doing to fix it for you."

Now, the only limitation for this script still for me is the fact that
people can still click on the WRONG image and get the verification
page, so they have no way of knowing that their form didn't go
through. I still think this is pretty important, because if people out
there are using the form wrong, they have no idea that they haven't
sent it through.

Thanks, you're awesome as usual.

Mark
> ander...@gmail.com

Anders Brownworth

unread,
Nov 4, 2008, 11:41:16 AM11/4/08
to justh...@googlegroups.com
Thanks Mark,

So I have been thinking about "re-challenging" people that pick the wrong image. So if you pick the wrong one, you go to a page hosted on JustHumans.com that asks you to pick again. Would that cover your needs?

I've been apprehensive about providing a way for spammers to automatically know if their post worked or not, hence JustHumans was designed without this from day one. I could be convinced though. Are others concerned about this as well?

-a

Captain Nordic

unread,
Nov 5, 2008, 12:17:15 PM11/5/08
to JustHumans
Hi Anders,

As far as I'm concerned, this feature is pretty critical. I witnessed
repeatedly just how clueless many people are when they are "clicking
around" on web pages. It is WAY too easy for them to click on a beach
ball instead of a flower, or whatever, and the way the system is set
up now, they would NEVER know their form didn't come through. Your
suggested re-challenge fix sounds totally appropriate and necessary to
me.

Thanks for all the work!

Mark
> ander...@gmail.com

Captain Nordic

unread,
Nov 15, 2008, 1:00:36 AM11/15/08
to JustHumans
With regard to the verification scheme and the CNAME issue....

If I have a main domain hosted by a web host company, and have a
series of "subdomains" also hosted under that main domain, do I need
to CNAME record of verify for EACH of those subdomains, or could it
just go under the main domain?
For example, I have my main domain registered as nadell.net, but also
have my business domain piggybacked onto that at macbethgraphics.com,
plus assundry other domains each as a sub to the main one. If I wanted
to use JustHumans and have it work on Safari, do I need to repeat the
CNAME issue for each one of those subdomains?

Thanks,
Mark

Anders Brownworth

unread,
Nov 15, 2008, 9:54:23 AM11/15/08
to justh...@googlegroups.com
Mark,

Yes, you need to do a CNAME for each of your domain names. The issue is that if the browser is on example.com, it needs to have the JustHumans service also under example.com. (verify.example.com in this case) If there is another domain, lets say example2.com, we need to have JustHumans under example2.com as well (verify.example2.com) because the browser has no way of knowing that example2.com is owned by the same people that own example.com from just the name. (and the browser will only go by the name)

Best,

-Anders
Reply all
Reply to author
Forward
0 new messages