I like to have a few chrome extensions, but I'm worried about them sending my data to some shady server.
Is there a way I could block their internet access (like a firewall) (I guess they will work fine offline).
OS: ubuntu 20.14
Related
Background: I have a web app that is accessed via Chrome on a Windows 10 machine.
I also have a native Win10 application installed on the device. The web app sends data to the Win10 application via a local web service running on the machine in IISExpress.
To allow for HTTPS communication on port 44300, I've created a self-signed certificate via PowerShell:
New-SelfSignedCertificate -DnsName "localhost" -CertStoreLocation "cert:\LocalMachine\My" -NotAfter (Get-Date).AddMonths(60)
And then imported it to 'Local Computer\Trusted Root Certificates\Certificates'
From within the web app I send a command to the win10 app that looks something like this:
https://localhost:44300/CMTService.svc/JumpToAssignment?Param=Key=418584577
The win10 app is polling for these requests and picks up the message.
Issue:
Different versions of Chrome behave differently with the acceptance of the self-signed certificate. For instance versions 62, 64 and 75 all accept the certificate and allow for communication with the web service. But other versions of Chrome like 76 and 78 block communication. The Security tab in the Chrome DevTools shows https://localhost:44300 as "Unknown / cancelled" and my requests fail with ERR_SSL_CLIENT_AUTH_CERT_NEEDED. Whereas in working versions of Chrome my URL shows under "Secure origins". The only thing that I change is the Chrome version to get these different results.
I've tried enabling the Chrome setting to allow for invalid certs for localhost (chrome://flags/#allow-insecure-localhost). This temporarily works, but then after closing and reopening chrome, my requests start failing again with the same error code.
If I take one of my failing URLs and paste it into a new Chrome tab, suddenly communication with my native app in my web app resumes as normal. But it only works for that session - when I close and reopen Chrome my communication is broken again.
Question:
How do I allow for communication between my Chrome v78 web app and my local native app?
ERR_SSL_CLIENT_AUTH_CERT_NEEDED means the server is asking the browser for a certificate for client authentication.
You've described how you setup server authentication, but not described how you setup client authentication.
Likely you have enabled certificates for client authentication, but have not configured the web app to send the correct client certificate or have not configured the native app to accept the correct client certificate. That's a very open ended topic to be prescriptive without knowing more about your development efforts, but you can confirm if client authentication is enabled by inspecting a packet capture. One description of the handshake is here : https://blogs.technet.microsoft.com/nettracer/2013/12/30/how-it-works-on-the-wire-iis-http-client-certificate-authentication/.
Just an update: I implemented a javascript workaround to get around my communication issues. When first loading the web app, I simply send my first communication to IIS (destined for Win10 native app) in a separate chrome browser tab. For whatever reason this allows for successful acceptance of the certificate and kick starts the communication with IIS. This is my code to send the command in a new tab and then close it:
var inst = window.open(launchWinAppURL);
if (inst != null) {
window.setTimeout(function() {
inst.close();
}, 1000);
}
This is not the most elegant solution, but it seems to work on all chrome versions, so i'm satisfied.
Is the web app only communicating with the one win10 machine? Have you installed the self-signed cert directly to the machine? I would try installing it directly to the machine and see if the later instances of chrome allow communication.
I am developing a webpage that uses camera. When I test in Chrome in my local network, camera doesn't work and I get warning in the console:
getUserMedia() no longer works on insecure origins. To use this feature, you should consider switching your application to a secure origin, such as HTTPS. See link for more details.
In the link provided there is an instruction to set some flags in Chrome. So I tried. My command looks like this:
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --unsafely-treat-insecure-origin-as-secure="192.168.0.15" --user-data-dir=c:\chrome-dev-profile
But when I run Chrome I get this message:
You are using an unsupported command-line flag: --unsafely-treat-insecure-origin-as-secure. Stability and security will suffer.
What am I doing wrong?
Is there another way I can test in local network without setting up https server? I need this just for development.
Luka,
I've run into this bug just yesterday. I have not found out how to get Chrome to honor that flag on the command line yet. But I did find a workaround that works for my case.
I'm running my web services on a Linux machine that is running an ssh server. I'm testing on windows with chrome, and used putty to connect to the linux box from windows and then created a "local port forward" to make my remote linux box's ipaddress:port appear on localhost:port on windows. Depending on your platform this workaround may work for you. This approach isn't too cumbersome if you only have a few ports to forward.
In my particular case my setting for putty looked like
L8080 localhost:8080
To see more about port forwarding and ssh see: https://help.ubuntu.com/community/SSH/OpenSSH/PortForwarding
If I'm looking for a local/intranet address while connect to a VPN, it works in safari or firefox but many times it will not work via google chrome
example address:
http://help/userui/ticket?ID=14273
Google Chrome takes me to a verizon page like so: "http://searchassist.verizon.com/main?ParticipantID=euekiz39ksg8nwp7iqj2fp5wzfwi5q76&FailedURI=http%3A%2F%2Fhelp%2Fuserui%2Fticket%3FID%3D14273&FailureMode=1&Implementation=&AddInType=4&Version=pywr1.0&ClientLocation=us"
How can I get chrome to realize that I'm looking for a page on an intranet on not to the public web?
Notes:
Using Cisco AnyConnect as VPN client
Chrome version 48.0.2564.97 (64-bit)
OSX 10.11.3
The best solution I've found on OSX so far is to use Safari which is better about detecting VPN pages.
Soon after you've navigated the pages Chrome starts to work as well. This must either be a DNS or caching issue, possible both (I'm no IT master).
I have been having an issue lately with Google Chrome. Some sites, seems to be completely random, are returning a 503 Service Unavailable error message. The last one I received was from my hosting provider when trying to access my CPanel. I can access the same URL completely fine in Firefox or IE. It seems to be isolated to Chrome.
I have tried the following:
Disabled all extensions
Logged in/out of my Google account
Cleared all cache and history
So far, nothing seems to correct the issue. It's becoming more and more aggravating from what was once a pretty reliable browser.
I am running:
Windows 7
Chrome Version 36.0.1985.143 m
I was hitting the same issue. Mostly, it would occur on intranet sites at work, but it happened with a few exterior sites. Loading in IE Tab would work fine.
I was able to solve the issue by upgrading to 64-bit Chrome. I'm not sure why that fixed it, but I think it had something to do with a conflict between Java and Chrome (It looks like I have both 64bit and 32bit Java installed side-by-side).
My solution:
Uninstall Chrome with clear personal data option selected
Install Chrome again but without admin right (install for your personal
user)
Use Chrome as normal
I've installed lemmingzshadow / php-websocket on my Win7 machine, which was pretty simple to do:
unzipped the content into my htdocs folder.
executed server.php from command line.
requested the file /client/status.html from a browser that supports Websockets.
Now here's what I get on the local machine running Google Chrome 19 / Windows 7
click to enlarge
It says "connected" for 30 seconds (displaying no info from the server) then says "disconnected", and here's the related command line output:
Exact same issue when accessing the script through LAN from another computer with Firefox 12 / WinXP
click to enlarge
It only seems to work when accessing it from my VirtualBox Ubuntu, using either Firefox 7.0.1 or Chromium
click to enlarge
It's been days since I've trying to figure out why this is happening, tried other Websocket scripts and they only work when I access them from Ubuntu. I even installed this same script on Ubuntu / XAMPP and was still stuck with the same issue (script running fine on Ubuntu but not on the other operating systems).
I'm going crazy over this, any idea why it's happening??
In that code (lemmingzshadow), the default behavior is for the server to mask the data it sends to the client:
Connection.php:
public function send($payload, $type = 'text', $masked = true)
For some reason this will work in Chrome 18, but it is against the latest websocket spec and does not work in Chrome 19.
RFC 6455 Sec 5.1:
A server MUST NOT mask any frames that it sends to
the client. A client MUST close a connection if it detects a masked
frame.