How can I solve the warning "Cross-Origin Read Blocking (CORB) blocked cross-origin response"
Related
My site has a server-level redirect from HTTP to HTTPS, but Chrome shows "Site is note secure" warning before redirecting even though the user will never see the insecure site. This is a bad UX because the user has access to a secure site and Chrome is the one not checking if secure access / redirect is available. Most sites redirect from http to https but only some of them are blocked on Chrome. What is the reason for this? How can I fix this on my sites?
My site is https://theinfinitezero.com
But if I just put http://theinfinitezero.com
it gets blocked instead of redirecting.
Forbidden
You don't have permission to access this resource.
Additionally, a 403 Forbidden error was encountered while trying to use an Error Document to handle the request.
I enabled SSL on my website which is hosted on Blogspot with a custom domain and I encounter this error in console which asks me to Load Unsafe Scripts on the address bar.
What I see in Inspect Element:
This has nothing to do with IPv4. The error just says that, while your page was served over https, it's trying to load an external script via http, which Chrome doesn't allow. You must modify your page to load all resources over https.
I'm loading a cross-origin script that requires a username/password using HTTP Basic Access Authentication.
I'm not concerned with the security of the username/password. My code:
<script src="http://user:password#example.com/script.js"></script>
This works fine in most cases. However, if the credentials are incorrect, an authentication dialog pops up.
I would like to abort the loading of the script if the credentials are wrong instead of presenting the authentication dialog to the user. Ideally a JavaScript function would be triggered as well to alert that something has gone wrong.
Is this possible, and how would it be done?
I think this would fall on the server-side configuration.
Instead of sending a HTTP 401 Not Authorized with WWW-Authenticate header, the server should respond with a different status code, perhaps 403 Forbidden
The problem is that when a 401 is sent to the browser, the browser interprets that as a login requirement, prompting the user. If it receives another error status (i.e. 403) it will simply error out (which can be caught by a JavaScript function)
I am running a chat application on my website and everything was working fine when I was on HTTP but as soon as I got the SSL added and started using HTTPS, I get this errors for my websocket connection:
[blocked] The page at 'https://localhost/test/' was loaded over HTTPS, but ran insecure content from 'ws://localhost:815/': this content should also be loaded over HTTPS.
websocket.js:10
Uncaught SecurityError: Failed to construct 'WebSocket': An insecure WebSocket connection may not be initiated from a page loaded over HTTPS.
I tried changing ws to wss and that just remove these error but that chat is still not working.
I am using Godaddy as my host/server provider. Do I need to update the SSL certificate to tell it to approve the wss connection somehow?
maybe in your html file there is a link to scripts that include http and not https
example:
<script src="http://code.jquery.com/jquery-2.1.1.min.js"></script>
should be:
<script src="https://code.jquery.com/jquery-2.1.1.min.js"></script>