I ran into an interesting problem today using Chrome and I'm hoping there is a better way to fix it than what I ended up doing.
The issue starts with an invalid SSL certificate on a site that I'm configuring. In Chrome it's possible to advance past this screen using a link which adds a security exception for the current domain so that you don't have to view this warning message again.
It's also possible to clear this warning by going to the site with the exception then clicking the Not secure text and choosing the Re-enable warnings option.
Now my problem, I have a couple different redirects in place on the site that will redirect my .com and .bank domains to the primary .net domain. While developing I added security exceptions for all three of these domains. This becomes and issue when testing that my SSL certificate is configured properly. I want to clear out Chrome's stored exception for the .com domain - but I cannot do so using the Re-enable warnings option because as soon as I arrive at the page Chrome sees that an exception is already stored and proceeds to load the page normally which then gets redirected to the .net domain. Because of this there is no point where I can actually clear out the bypassed security warning in Chrome...
The only way I've been able to find to clear out these exceptions is to use the Reset option in Chrome's settings, which is not something I want to do regularly. I'm wondering if there is a hidden settings page in Chrome that lists all of the bypassed security warnings so that I may clear them out individually.
To "Re-enable warnings" for all SSL warnings if you don't want to clear your history (or if you dont know all the exemptions you have in place), you can close Chrome and edit:
"C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Preferences"
and set ssl_cert_decisions":{},"
Stored in the JSON-path:
profile > content_settings > exceptions > ssl_cert_decisions
Or you can change the decision_expiration_time of the specific exemption to be equal to the last_modified time
Example: "ssl_cert_decisions":{"https://expired.badssl.com:443,*":{"last_modified":"13235055329485008","setting":{"cert_exceptions_map":{"-201cgaDTf2DD6Cj0N6/tKvudkzDuRBA3GwKd8T9hE7mHhQ=":1},"decision_expiration_time":"13235055329485008","version":1}}}
you will have to clear the browsing data for that site, the easiest way I found to do this is (Ctrl+Shift+Del) to bring the clear browser data window up then set time range to 1 hour, choose browsing history only then click clear data. Hope this is useful.
While I'm trying to visit a specific website (that one: https://login.uj.edu.pl) I'm getting ERR_INVALID_ARGUMENT error. Here is the problem: "Server has a weak ephemeral Diffie-Hellman public key".
More about the issue there: https://productforums.google.com/forum/#!topic/chrome/o3vZD-Mg2Ic
I know that it should be fixed by a webmaster but until it happens I have to access the page every day anyway. I found an extension to Firefox to avoid this error: https://addons.mozilla.org/en-us/firefox/addon/disable-dhe/
Now i want to get rid of the error in Google Chrome (well, Chromium actually). Is there any possibility to make it work? It's my university's page and it can take years for the site administrator to fix that secure connection issue.
What's strange the problem occurs in Linux only, in all the browsers. In Windows, Chrome-OS or Android there is nothing wrong. I know that using insecure connection is wrong but in that case I have no choice.
EDIT:
I cannot accept any solution because the site I was trying to access changed its encryption to the right one. Now I can't test your solutions because the problem is already solved by site admins.
The solution is:
Type in your browser (I tried in Iceweasel)
about:config
Search for
security.ssl3.dhe_rsa_aes_128_sha
security.ssl3.dhe_rsa_aes_256_sha
Set them both to false (just double click to set them to false or true).
That's it!
This solution worked for me:
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --cipher-suite-blacklist=0x0088,0x0087,0x0039,0x0038,0x0044,0x0045,0x0066,0x0032,0x0033,0x0016,0x0013
The recent release (Sep. 1) to Chrome 45 contains the fix for the Logjam attack as detailed in https://weakdh.org but it introduce this kind of problem.
I found it in this post
Quick hack to get around this issue (Mac OSX)
Run this in commandline to workaround the issue while launching Chrome
Chrome:
open /Applications/Google\ Chrome.app --args --cipher-suite-blacklist=0x0088,0x0087,0x0039,0x0038,0x0044,0x0045,0x0066,0x0032,0x0033,0x0016,0x0013
Canary:
open /Applications/Google\ Chrome\ Canary.app --args --cipher-suite-blacklist=0x0088,0x0087,0x0039,0x0038,0x0044,0x0045,0x0066,0x0032,0x0033,0x0016,0x0013
For Firefox
Go to about:config
Search for security.ssl3.dhe_rsa_aes_128_sha and security.ssl3.dhe_rsa_aes_256_sha
Set them both to false.
NOTE: Permanently fix would be to update the DH key with a length > 1024
Are you by any chance on the Chrome development channel, or possibly the Beta channel? I know that the dev channel currently has some stricter rules on SSL keys, and Beta might as well. You might try getting the stable release from https://www.chromium.org/getting-involved/dev-channel and see if that runs without the error.
Use netsurf (netsurf aur) on that site. I am on the same boat with you. Using Arch and Chromium and Firefox both refuses to enter certain websites. Netsurf can do the job for me.
I have also facing this issue and resolved by #Duccio Fabbri answer,
--cipher-suite-blacklist=0x0088,0x0087,0x0039,0x0038,0x0044,0x0045,0x0066,0x0032,0x0033,0x0016,0x0013
I don't know why this works but it works, for permanent use of this you can follow below step.
Go to browser short cut
Right click and Go to properties
Go to Short cut tab
Go to Target textbox, in this you will find your chrome full path , add above string at the end of path.
and it will look like
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --cipher-suite-blacklist=0x0088,0x0087,0x0039,0x0038,0x0044,0x0045,0x0066,0x0032,0x0033,0x0016,0x0013
Apply and close it.
Now it will work.when you open it next time.
At Fireforx I was facing the same problem, I did the following changes and it worked for me,
Firefox:
Go to about:config from browser tab
Search for security.ssl3.dhe_rsa_aes_128_sha and security.ssl3.dhe_rsa_aes_256_sha parameter.
Set them both to false.
I was also getting this error, I reset the chrome settings to fix it: Settings > show advanced settings > Reset setting
I found the solution for apache tomcat in this stackoverflow question, I just copy the solution:
Just edit 'conf/server.xml' adding the 'ciphers' attribute to your https connector:
<Connector
...
ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA"
...
Practically you're explicitly defining the list of allowed ciphers, excluding the Diffie-Hellman ones (the one with 'DHE' in the name).
Open Server.xml file in your tomcat and set attribute "ciphers"
<Connector port="8007" protocol="AJP/1.3" redirectPort="8443" ciphers="SSL_RSA_WITH_RC4_128_SHA" />
I am trying to allow a http website to use my camera without the prompt without luck.
I changed the Preference file (when Chrome is closed) and changed the Profile part as follows:
"profile": {
"avatar_index": 0,
"content_settings": {
"clear_on_exit_migrated": true,
"pattern_pairs": {
"http://mywebsite.com:80,*": {
"media-stream-camera": 1,
"media-stream-mic": 1
},
...
However, for some reason it keeps showing the prompt.
Any idea? I'm using Chrome version 33.
Thanks!
It seems like Chrome overwrites the preference file every time it starts. I couldn't get any of my changes to stick.
Solution 1. Packaged Chrome app.
One way to grant permissions is to run your site as a chrome app. Just include videoCapture in the manifest.json. This will definitely work.
"permissions": [
"videoCapture"
],
Solution 2. Get an SSL Certificate.
I know you specifically said 'http', but if you have serve your site over https, it will only require the user to grant permissions once.
Solution 3. Modify device policy.
If you can't package your site as a chrome app for some reason, there might be another way to get it to work. It involves editing Chrome's policy list to allow camera access. I can't get this to work, currently, but I'm looking into it.
http://www.chromium.org/administrators/policy-list-3#VideoCaptureAllowedUrls
VideoCaptureAllowedUrls are a list of urls to automatically grant webcam permission to. The problem is setting this property. I know where the file lives, but there are no examples on HOW to set properties.
/Applications/Google\ Chrome.app/Contents/Resources/com.google.Chrome.manifest/Contents/Resources/com.google.Chrome.manifest
There are 'instructions' on editing the policy list, but they're totally useless. All it does is point to that file, and gives templates for Windows and Linux (I'm on OSX).
Note that this solution will only work in kiosk mode. To run Chrome in kiosk mode, add the flag --kiosk http://yoursite.com. This forces the app into fullscreen mode.
If you're on Windows/Linux, this SO post might help you.
Solution 4. Use command-line flag
use --use-fake-ui-for-media-stream command-line flag
example (OS X) : /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome http://html5-demos.appspot.com/static/getusermedia/record-user-webm.html --use-fake-ui-for-media-stream
More info here http://creativcoders.wordpress.com/2014/08/18/chrome-always-allow-access-to-webcam-and-microphone-over-http-webrtc/
Okay, so I'm a student programmer in my college's IT department, and I'm doing browser compatibility for a web form my boss wrote. I need the user to be able to open a local file from a shared drive with a single click.
The problem is that Firefox and Chrome don't allow that for security reasons. Thus, I'm trying to write a custom protocol of my own to open an address in Internet Explorer regardless of the browser being used.
Can anyone help me with this? I'd also be willing to try an alternative solution to the problem.
The below worked for me, is this what you mean?
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\foo]
#="URL: foo Protocol"
"URL Protocol"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\foo\DefaultIcon]
#="C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\foo\shell]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\foo\shell\open]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\foo\shell\open\command]
#="C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe \"%1\""
Just to note, I'm running Win7Pro, so you may have to move around file path(s) to conform to your environment.
And if that doesn't work, create a proxy between the protocol and the browser, pass the argument(s) from foo:// to that, parse what's necessary, then hand it off to IE using start iexplorer.exe "args".
I'm unsure whether I understand your question, if it is how do I open local files using chrome/firefox, this is your anwser:
First a disclaimer, I have never done this and cannot vouch for the accuracy of my response
IE
Microsoft's security model is pretty fail so you can go right ahead and open these files
FireFox
Some quick googling found that Firefox can do this after either editing prefs.js as outlined here or installing an addon called LocalLink
Chrome
Practically impossible due to its security, until now when locallink was ported to chrome.
I am modifying a site's appearance (CSS modifications) but can't see the result on Chrome because of annoying persistent cache. I tried Shift+refresh but it doesn't work.
How can I disable the cache temporarily or refresh the page in some way that I could see the changes?
The Chrome DevTools can disable the cache.
Right-click and choose Inspect Element to open the DevTools. Or use one of the following keyboard shortcuts:
F12
Control+Shift+i
Command+Shift+i
Click Network in the toolbar to open the network pane.
Check the Disable cache checkbox at the top.
Keep in mind, as a tweet from #ChromiumDev stated, this setting is only active while the devtools are open.
Note that this will result in all resources being reloaded. Should you desire to disable the cache only for some resources, you can modify the HTTP header that your server sends alongside your files.
If you do not want to use the Disable cache checkbox, a long press on the refresh button with the DevTools open will show a menu with the options to Hard Reload or Empty Cache and Hard Reload which should have a similar effect. Read about the difference between the options to know which option to choose. The following shortcuts are available:
Command+Shift+R on Mac
Control+Shift+R on Windows or Linux
Clearing the cache is too annoying when you need to clear the cache 30 times an hour.. so I installed a Chrome Extension called Classic Cache Killer that clears the cache on every page load.
Chrome Store Link (free)
(Now without malware!)
Now my mock json, javascript, css, html and data refreshes every time on every page load.
I never have to worry if I need to clear my cache.
There are about 20 cache cleaners for Chrome I found, but this one seemed lightweight and zero effort. In an update, Cache Killer can now stay "always on".
Note: I do not know the plugin author in any way. I just found it useful.
Pull up the Chrome developer console by pressing F12 and then (with the console open):
Right click (or hold left click) on the reload button at the top of the browser and select "Empty Cache and Hard Reload."
This will go beyond "Hard Reload" to empty the cache entirely, ensuring that anything downloaded via javascript or etc. will also avoid using the cache. You don't have to mess with settings or anything, it's a quick 1-shot solution.
There are two more options to disable page caching in Chrome for good:
1. Deactivate Chrome Cache in the Registry
Open Registry (Start -> Command -> Regedit)
Search for: HKEY_CLASSES_ROOT\ChromeHTML\shell\open\command
Change the part after ...chrom.exe" to this value: –disable-application-cache –media-cache-size=1 –disk-cache-size=1 — "%1"
Example: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -disable-application-cache –media-cache-size=1 –disk-cache-size=1 — "%1"
IMPORTANT:
there is a space and a hyphen after ...chrome.exe"
leave the path to chrome.exe as it is
If you copy the line, be sure to check, if the quotes are actual quotes.
2. Deactivate Chrome cache by changing the shortcut properties
Right-click on the Chrome icon and select "Properties" in the context menu.
Add following value to the path: –disk-cache-size=1
Example:
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" –disk-cache-size=1
IMPORTANT:
there is a space and a hyphen after ...chrome.exe"
leave the path to chrome.exe as it is
If you do not wish to edit Chrome's settings you may use incognito mode for the same results.
F12 to open Chrome DevTools
F1 to open DevTools Settings
Check Disable cache (while DevTools is open) as shown below:
This is currently on the Preferences tab which is the default. You may need to scroll down. This checkbox has been moved at least a couple times since this question was asked. Last I checked, it was in the middle column at the bottom. If you have it open on a thinner screen and there are 2 columns under Preferences, it may be near the top right. Feel free to update this post if it changes or comment and I'll update the post.
In addition to the disable cache option (which you get to via a button in the lower right corner of the developer tools window -- Tools | Developer Tools, or Ctrl + Shift + I), on the network pane of the developer tools you can now right click and choose "Clear Cache" from the popup menu.
Instead of hitting "F5"
Just hit:
"Ctrl + F5"
In the Canary Channel (and maybe the dev and stable channel will follow along) this is to be found as the second option overall on the left hand-side under the "General" section.
In addition to that, there is always the option to switch into Incognito Mode via Ctrl + Shift + N. Even though that unfortunately also ends your session.
To be clear, the disable cache checkbox in Chrome (v17 here, but since v15 I believe) is not in the main settings UI. It is in the developer tools settings UI.
From the browser window's wrench icon menu (prefs menu) choose Tools → Developer Tools
In the developer tools UI that appears, click the gear icon at bottom right.
Check the 'Disable cache' checkbox in the Network section.
Using Ctrl+Shift+R to refresh was nice but didn't get everything I needed.
still some things wouldn't refresh, such as data stored in js and css.
found a solution: a toolbar of google for chrome web developers. After you install the toolbar select options and "reset page".
Disable cache in chrome only works when you have dev tools open
Until the bug is fixed you could use Clear Cache Chrome plugin and you can also set a keyboard shortcut for it.
After installing it, right click and go to options:
Check Automatically reload active tab after clearing data:
Select Everything for Time Period:
And then you can go to Menu => Tools => Extensions:
Click on keyboard shortcuts at the bottom:
And set your keyboard shortcut, for example Ctrl + Shift +R:
Actually if you don't mind using the bandwidth it is more secure for multiple reasons to disable caching and advised by many security sites.
Chromium shouldn't be arrogant enough to make decisions and enforce settings on users.
You can disable the cache on UNIX with --disk-cache-dir=/dev/null.
As this is unexpected crashes may happen but if they do then that will clearly point to a more severe bug which should be fixed in any case.
This might help someone.
I have rigged my Nginx for crazy caching. Thus, disabling cache in network tools and explicitly clearing cache don't work.
A very simple yet boring workaround is, I just open a new Incognito Tab. Surprisingly it works, all the time!
A hard refresh in incognito mode does the trick anytime I wish to reload in the same mode.
When this question was asked, Chrome didn't support the Disable Cache feature. But now, you can find the "Disable Cache" feature in Network Tab in Chrome Dev Tools.
Network Tab with Cache Disabled
You can see that all the resources (I have filtered JS resources) have been fetched from network and not loaded from disk/memory cache.
Disable Cache not selected
You can see that when I refreshed the page but didn't select the "Disable Cache" feature, almost all the resources were loaded from Cache.
This works fine for local web development but there are certain limitations that I'd like to highlight. You can stop reading here if the solution discussed so far meets your use case.
Limitations
You have to keep the DevTools Open and Disable Cache Selected
When you disable the cache, it is disabled for all the resources in that tab. It makes things slow and is inefficient if you want to disable cache for only 1-2 resources
Using Requestly Chrome Extension to disable Cache for particular resources (JS/CSS/Images, etc)
Recently, I stumbled upon https://dev.to/requestlyio/disable-caching-of-particular-js-css-file-2k82 which helped me understand how you can disable cache for specific resources.
The trick here is to add a query parameter to your resource with random value every time the request is made. Using Requestly Query Param Rule, you can add a param like this
URL Contains mywebsite.com/myresource.js
Add param cb rq_rand(4)
rq_rand(4) is replaced by 4 digits random number when a request is made.
Requestly Query Parameter Rule to add random parameter
After adding the rule, JS/CSS files are not cached
Here you can see that "Disable Cache" is not selected and still the resources are not loaded from Cache because of a random parameter (cb - Read it as Cache buster) in the URL.
The good thing is you don't need to keep your dev tools open for having this behavior
You can keep this permanently ON and your browsing experience won't be affected too.
How to get the Rule
Here is the link using which you can browse & download the rule if you have Requestly installed - https://app.requestly.io/rules/#sharedList/1600501411585-disable-cache-stackoverflow
Disclaimer: I built Requestly but I think this could be helpful to a lot of web developers and hence sharing here.
How about a bookmarklet which changes the page name to prevent the page from cacheing. In Chrome you would create a new bookmark and then paste the code into the URL. Click the bookmark and the page will reload with timestamp to thwart the cache.
javascript:(function(){var idx = location.href.indexOf('?');var d = new Date();var str = location.href.substr(0,idx) + '?version=' + d.getTime();location.href=str; void 0;})();
I just got caught out but not necessarily due to Chrome.
I am using jQuery to make AJAX requests. I had the cache attribute set to true in the request:
$.ajax({
type: 'GET',
cache: true,
....
Setting this to false fixed my problem but this is not ideal.
I have no idea where this data is saved but I do know that chrome never hit the server for a request.
There is a better and quicker way now (Chrome version 59.x.x.):
Right-click onto the reload-icon (left of the url-field) and you get a drop-down menu, select the third option: 'empty Cache and Hard reload'.
This option is only available when the developer tools are open.
(Notice the difference to option 2: 'Hard reload' -cmd-shift-R). No cache emptying here!
There is a chrome extension available in the chrome web store named Clear Cache.
I use it every day and its a very useful tool I think. You can use it as a reload button and can clear the cache and if you like also cookies, locale storage, form data etc. Also you can define on which domain this happens. So can clear all this shit with only the reload button which you anyway have to press - on your chosen domains.
Very very nice!
You also can define a Keyboard Shortcut for this in the options!
Also another way is to start your chrome window in incognito-mode.
Here the cache also should be completely disabled.
One more option for disabling the cache is provided by my 3rd Chrome extension Page Size Inspector that disables the cache exactly the same way as Devtools does.
In addition, the extension quickly reports page size, cache usage, network requests and load time of a web page in a convenient way. Plus its open source at Github.
Not sure what you are using, but if you are using ASP.Net you can do the following which works like a charm:
<link href="#Url.Content("~/Content/Site.css")?time=#DateTime.Now" rel="stylesheet" />
Basically it will automatically append the Date and Time to the end of the file each time it is ran, meaning since the file name is technically different, you will never have to worry about it getting cached again.
I had the same problem, I tried :
Control Shift R,
Disable cache in F12
Control F5.
Then I discovered that using a .appcache manifest for a non https site is deprecated.
I removed my site.appcache file and its reference in the html tag and now I'm seeing the latest version of each page!
If you're using ServiceWorkers (e.g.: for Progressive web apps), you'll likely need to check "Update on reload" under Application > Service Workers in dev tools too.
Since version 50 (if I remember correctly), the "Disable cache" option was removed from the Devtool Settings. Go to the "Network" tab and there's the "Disable cache" option.
The problem with "annoying" cache in general layes in the framework :). Let's see details.
Most of frameworks uses in .htaccess (os equivalnent) derective redirecting all requests to frameworks "index",
BUT it the same time EXCLUDE files and directories requested by application directly.
(f.e. as for .htaccess typical directives are:
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-l
RewriteRule ^(.+)$ index.php?url=$1 [QSA,L]
)
Thus ALL .js, .css files as graphics ones are not handled by frameworks "index".
And those files are generally most often changed during development.
That's why the cache control derective should not be placed in frameworks "index".
It should be palced in .htaccess.
F.e. for development process use:
Header set Cache-Control "no-store, no-cache, must-revalidate"
Header set Pragma "no-cache"
(Or for consecutive working versions, use "Etag" directive - check more in HTTP reference. Notice, that ETag is not intended for development.
In .htaccess there is no direct way to generate random number (or fast changing sequence like date UTC) to use in ETag, because - as I mentioned before - this is not what this is provided for).
Hope it helps and saves time.
Hey if your site is using PHP then place following little PHP snippet at the beginning of your html page :
//dev versioning - stop caching
$rand = rand(1, 99999999);
Now everywhere you load resources like CSS- or JS- files in a script or link element you append your generated random value to the request URL after appending '?' to the URI via PHP:
echo $rand;
Thats it! There will be no browser that caches you site anymore - regardless which kind.
Of course remove your code before publishing or simply set $rand to an empty string to allow caching again.
I have used the other options described above but I find that the best is to add the following parameter to the startup of chrome.exe.
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --disk-cache-size=1
-media-cache=1
I find not disabling media cache is a good idea but it is here for completeness sake.
In actuality I want an option to completely disable the cache, to use the memory for IO instead of my disk (which would make load time 10x faster too!) but I don't think chrome or any browser for that matter has that option yet.
How can I disable the cache temporarily or refresh the page in some way that I could see the changes?
It's unclear which "cache" you're referring to. There are several different methods a browser can cache content persistently. Web Storage being one of them, Cache-Control being another.
Some browsers also have a Cache, used in conjunction with Service Workers, to create Progressive Web Apps (PWAs) providing offline support.
To clear the cache for a PWA
self.caches.keys().then(keys => { keys.forEach(key => console.log(key)) })
to list the names of the cache keys, then run:
self.caches.delete('my-site-cache')
to delete a cache key by name (i.e., my-site-cache). Then refresh the page.
If you see any worker-related errors in the console after refreshing, you may also need to unregister the registered workers:
navigator.serviceWorker.getRegistrations()
.then(registrations => {
registrations.forEach(registration => {
registration.unregister()
})
})
Chrome's Cache killer is by far the best option. Since the store URL to install cache killer is down, you can download the CRX file here:
https://www.crx4chrome.com/extensions/jpfbieopdmepaolggioebjmedmclkbap/
once the extension file is downloaded, open Chrome -> more tools -> extensions, then drag the CRX file from the File Explorer or your Desktop (depending the location where you downloaded the file) into the chrome window to install the extension.