2014r2: webapp in iFrame ??

It’s a browser-based, browser-enforced standard. It’s certainly a best security practice. Most of our users don’t put their web apps in frames, and this never came up from anyone throughout the entire testing process.

But since it did come up as an issue on release, we’re addressing it quickly. So I don’t think there’s much else to discuss in this thread.

Okay, another topic. As WE is explicitly not meant for designing homepages, in what other way than with iframes would you include such WE webapps into a homepage?

Most web apps are deployed as a separate link from another site, not inside of the same site which can only be done via a frame.

#FacePalm. Is it too much for you to ask for feedback on these plans before they get set in stone or at the least let us know what you’re doing?

This reminds me of the tab order issue. Suddenly it was decided that taborder for everybody has to be left-right, top-down. Xojo has a record of short-sighted decisions, where you guys tried to avoid discussion with your customers. Stop that.

I doubt that Xojo has the manpower and the means to find out what is done with “most web apps”. And you seriously should rethink this daddy-knows-whats-best-for-you approach. Not only for the current issue, but in general.

BTW, thanks for the hint! Good to have a plan B.

Don’t change notes go out with the beta to the beta / those who can afford pro licence testers?

If so as pro’s they would have known the effect of this header. If not this questions if those selected for beta testing are the right people. When I read the release notes yesterday this potential issue clicked with me straight away and I don’t even use web edition. I bet when the option to turn off this header is implemented no one will implement other features to reduce the risk of click jacking. Xojo are right in implementing this feature but it should be optional but when you turn it off you need to look at protecting your site from click jacks.

IIRC the release note linked to a private case(?) so people only have those few words in a release note to go on.

What I find with the Betas is pretty much a double edged sword;

  • Yes, I love the fact each release has a couple of hundred fixes/features
  • No, I don’t have time to go full belt at testing that lot!

So - I do what I can with very finite time - need to pay the mortgage and all that. I’m thinking of asking to be removed from the Alpha Group. Xojo need people to play with the Alphas and I just can’t!

Sure, I’m not the only person in that boat.

In this case, the question may be better phrased
“could this be highlighted in the release notes better to show that this change could break stuff and needs special attention?”
This may then get better/more attention in the Betas and maybe avoid these problems.

Cheap shot noted, Mike. Will be returned one day, in spades.

Are you suggesting that we ask every single user for feedback before implementing any feature requests? We’d never add any user requested features to the product.

No. There is a subset. My rough first estimate of that subset would be anything where “because security” is part of the answer. It doesn’t require permission. All it requires an explanation. As Pat augmented my note, all we had was an obscure description of a private case.

I’m trying not to pile on about the error, as that’s being addressed. I’m trying to help you understand what we need in order to anticipate similar issues. And to be brutally honest here, every time I hear “because security” in the general WE discussion, I process “this is going to cost me some time.” It’s not fair, but it’s how it is.

[quote=107590:@Patrick Delaney]IIRC the release note linked to a private case(?) so people only have those few words in a release note to go on.

What I find with the Betas is pretty much a double edged sword;

  • Yes, I love the fact each release has a couple of hundred fixes/features
  • No, I don’t have time to go full belt at testing that lot!

So - I do what I can with very finite time - need to pay the mortgage and all that. I’m thinking of asking to be removed from the Alpha Group. Xojo need people to play with the Alphas and I just can’t!

Sure, I’m not the only person in that boat.

In this case, the question may be better phrased
“could this be highlighted in the release notes better to show that this change could break stuff and needs special attention?”
This may then get better/more attention in the Betas and maybe avoid these problems.[/quote]

My point exactly. Most people with a pro licence are making their primary living from Xojo. There are some very competent non pro licence holders who may be hobbyists and may have more time to run some more aggressive testing and spot some of what the pro licence holders are missing. There must be a better way to select beta testers.

Brad, read my point above, it is valid. It is not a cheap shot but selecting beta testers based on the fact that they can afford a pro licence in my opinion is flawed. You could have a complete novice with a fat wallet purchase a pro licence and become a beta tester… Is that right?

Let’s wrap this up here- the thread is about an issue we’re already addressing.

The general sentiment about striving to be more upfront about potentially higher-impact changes early on is well received. Consider it as such. :slight_smile:

Think that’s all that’s needed here…

I am not Xojo Inc. and it is their choice to make betas available to Pro licensees, plus a few others I noticed around. That said, it seems sensible to pick beta testers amongst people who program for a living and should therefore generate more accurate reports because they are more accustomed to be precise, as it is their trade. It is also easy to check on professionals by what they produce, most of the time.

How would you pick non professionals, if they have not produced any visible programs ? Non professionals can be very competent, yet asserting their capabilities can be difficult.

Just a thought. Please don’t infer I am doubting your abilities in any way.

[quote=107618:@Michel Bujardet]I am not Xojo Inc. and it is their choice to make betas available to Pro licensees, plus a few others I noticed around. That said, it seems sensible to pick beta testers amongst people who program for a living and should therefore generate more accurate reports because they are more accustomed to be precise, as it is their trade. It is also easy to check on professionals by what they produce, most of the time.

How would you pick non professionals, if they have not produced any visible programs ? Non professionals can be very competent, yet asserting their capabilities can be difficult.

Just a thought. Please don’t infer I am doubting your abilities in any way.[/quote]

Yes I agree it would be difficult to pick beta testers. However I suspect there are others who make a living from Xojo who also purchase non-pro licences. Also those testing a beta on a product they have on the market will do just that, test a product they have on the market and perhaps not play around in the IDE much trying to find small beta problems. I bet Xojo would find some of the hobbyists a lot better at ‘breaking’ the product.

I don’t think ability is the be all and end all here. Someone may have the simplest ‘hello world’ app that throws up a problem not spotted by a pro.

You’re quite correct that there are people who own other license types that would make good beta testers.
Adding everyone who has a Pro license is a first pass.
We can and do add people who do not meet that criteria but they have to ask.
We may then add them or decline.

[quote=107611:@Mike Charlesworth]Brad, read my point above, it is valid. It is not a cheap shot but selecting beta testers based on the fact that they can afford a pro licence in my opinion is flawed. You could have a complete novice with a fat wallet purchase a pro licence and become a beta tester… Is that right?
[/quote]

It’s called a perk and it’s their business how they want to pick beta testers. Not yours. Not mine. But just some “how to influence people” advice for you. If you want in, but don’t feel like buying in, it’s a safe bet you’ll have more luck typing up a nice resume on a quality linen paper and sending it to them with a polite request to be included rather than criticizing their selection process in public.

True. I was one of them for quite a while.

I would not go as far as testing on a Hello Word. But indeed pros are not the alpha and omega. They are probably easier to spot.

As Norman said, Xojo may add people who ask . Won’t you do ?