I have a web application that uses location, I would like to help the user enable location services if it is disabled on the device.
To continue please : Enable the Location Services toggle.
This is what i tried :
the Location Services
Of course, I tried all possible schemes:
App-prefs://
App-prefs:
prefs://
prefs:
prefs:root
prefs:root=
But safari always tell me :
Safari cannot open the page because the address is invalid
You can't open a specific sub-menu in the settings due to Apple restrictions.
However you can open the main settings of an iPhone with this url:
App-Prefs://prefs:root
Tested in IOS 16.
Doesn't work on Mac.
Please note that according to Apple only the schemes explicitly documented are supported. Everything else is considered to be a private API.
⚠ The App-Prefs URL scheme is not documented for third-party use!
I'm trying to allow users to add an Adblock Whitelist via a Chrome extension. To allow this there is the API like such:
1) Add The Ebates WhiteList
However if I add that link to a Chrome extension popup window the link doesn't go anywhere. My guess is that the Chrome extension execution context isn't aware of Adblock/able to support that API. Is anyone who is more of an extension wizard than myself able to verify that I'm correct in my assumption and that there is no workaround? Thanks!
I'm working on a test site (not publicly accessible).
It has a valid certificate and when I visit a certain page it shows as secure in chrome...
When I refresh the same page, it shows the security info i icon.
On the security tab in dev tools it says there's mixed content (no other issues)
When I reload the page with the security tab enabled there are no mixed content issues.
The page always shows secure in Firefox.
Does anyone know what causes chrome to show the security info icon, only on reload, and not when the dev tools are open?
I've found a page on another website where this is happening...
https://www.volkswagen.co.uk/financeCalculator/generateDefaultCalculation?modelId=1997
If you go to that link ^^^
It shows secure
Hit refresh
It shows insecure
Open dev tools security tab
It says it's got mixed content
Refresh to get details of mixed content
Page shows as secure.
The VW page you linked to does serve its favicon over http which is the reason for Chrome showing the security info icon.
You may have a plugin/extension on Chrome that injects http links and messes with the overall result regarding mixed content.
To check this you can go to the network tab in developer tools and search links that start with http://
I've allowed Chrome to Load Unsafe content for a site by clicking on the Shield icon. How do I block it again?
Anything in Chrome's settings?
In Chrome settings -> Advanced Settings search for Enable phishing and malware protection under Privacy.
Also have a look at Check for server certificate revocation under HTTPS/SSL to allow or block unsafe content.
Hope this is something you are looking for.
In Firefox, I view my site and get no warnings about insecure mixed content.
Using FireBug, I can see that every request is https.
In Chrome, I get the https crossed out in the address bar.
I viewed source in Chrome and then ran this regex /http(?!s)/ but the only things it found were the href attributes for some external links and the doc type and http-equiv meta tags.
Using Chrome's Resource Tracking revealed all requests were https too.
This includes Google Analytics, jQuery from Google's CDN and Facebook like scripts.
Is there any specific tool I can use to show non https requests, or anything further I can try?
I found that I get the "mixed content"-warning in Chrome even when there is no mixed content, if sometime during the session mixed content was already encountered on the domain.
(Also mentioned here: Why is Chrome reporting a secure / non secure warning when no other browsers aren't?)
In Chrome's Developer Tools, the Console tab shows the resources that it won't load because they unsecure.
You can add the "scheme" column to the Chrome developer tools network tab to show which requests were sent over http or https:
Press F12 to show the developer tools
Switch to the Network tab
Right click in the column headers and select "Scheme"
Reload the page to show which elements are loaded over http or https
In situations like this where it's helpful to see exactly which protocol is being used to load resources, I would recommend Fiddler2 as a browser-agnostic solution that can show you exactly what traffic is occurring on each request.
From the site:
Fiddler is a Web Debugging Proxy which logs all HTTP(S) traffic between your computer and the Internet. Fiddler allows you to inspect all HTTP(S) traffic, set breakpoints, and "fiddle" with incoming or outgoing data. Fiddler includes a powerful event-based scripting subsystem, and can be extended using any .NET language.
Edit: In-browser debugging tools are becoming really good so this third-party tool may not be as useful as it was when this answer was first written.
Open up the Web Inspector and find the yellow triangle (warning) in the top right. Click on it and it will display all security issues.
In 48-th version of chrome they added a security panel. Using it you can quickly identify the mixed content resources:
Do you have the HttpFox plugin for FireFox? That'd work, I think.
Among other things, it reports on the URL, Method, Result Code, and bytes of all the assets that a web page requests. It's what I've used to trap the occasional non-HTTPS graphic, etc. I'm sure the other suggested tools would do the same...
You can use SslCheck
It's a free online tool that crawls a website recursively (following all internal links) and scans for nonsecure includes - images, scripts and CSS.
(disclaimer: I'm one of the developers)
I know this post is old, but I ran across it and had the same issue. I clicked on the Chrome menu (top right corner), scrolled down to Tools> and selected Developer Tools. Clicked on the Console tab and it told me exactly what the problem was... the favicon was served over http, not https, but of course it was not in the page source code. Corrected the problem in my CMS, which loads the favicon without code in the page... and no more error!
Note that 'mixed content' and 'mixed scripting' are detected seperatly. Check this site for the meaning of the icons in Chrome: https://support.google.com/chromebook/answer/95617?p=ui_security_indicator&rd=1 (click 'see details' link).
Grey icon = mixed content, red icon = mixed scripting.