I'm using chrome-devel-sandbox bundled with puppeteer, and I need to disable blocking of private network requests. I am seeing this error:
Access to XMLHttpRequest at 'http://127.0.0.1' from origin 'https://example.com' has been blocked by CORS policy: Request had no target IP address space, yet the resource is in address space `local`
I tried the solutions in this answer, but these preference files seem to have no effect, and upon launching puppeteer the "Block Insecure Private Network Requests" flag in chrome://flags is reset to the defult value.
Shouldn't the --disable-web-security flag take care of this already?
Is there a way to set this preference via a flag?
Is there a preferences file that the sandboxed chrome will honor?
Looking at strace logs, it does appear that the sandboxed chromium process opens the file:
[pid 1177626] stat("/etc/chromium/policies/managed/dev_policy.json", {st_mode=S_IFREG|0644, st_size=236,
I even tried --no-sandbox without success.
I'm using Chrome 99 on debian.
Related
I have a self hosted chrome extension.
It is ready for self update - URL in manifest file and configured GP on PC.
Extension could not be installed automatically or manually.
Tried to run browser with debug chrome.exe --vmodule=extension_updater=2 --enable-logging --extensions-update-frequency=30 but there are no errors related to my extension, it is even not listed in log.
When i try to drug extension in dev mode to browser i have an error that my extension is disabled by admin, but it is whitelisted, blacklist section is missing.
All is ok in chrome://policy
Any ideas ?
I'm trying to load an unpacked chrome extension. When I click the Load unpacked button nothing happens; much the same as this question. I am working within a system that has extension instalation control policies, particulary a ExtensionInstallBlacklist of * and a list of whitelisted extensions. No other policies seem to impact extensions.
It turns out that there's a js error in the console when I click the button:
Error handling response: Error: Extension installation is blocked by policy.
at chrome://extensions/crisper.js:215:2522
but looking at the js that this leads to doesn't give any clues about the name of the policy. I have searched the Chrome Enterprise policy list without any luck.
What is the policy that's blocking this?
ExtensionInstallBlacklist
A blacklist value of '*' means all extensions are blacklisted unless they are explicitly listed in the whitelist.
This includes unpacked extensions, otherwise the user could easily circumvent the enterprise policy.
I think happened in the latest update of Chrome. They're not letting any of these content types if they come from a site. This is problematic because I need the chrome developer tools to develop my app making calls to an api. Does anyone know how to disable or override this?
Change the directory in cmd to "cd Program Files (x86)\Google\Chrome\Application"
and execute the below command to disable chrome security and also avoid "Blocked receiving cross-site document warning."
C:\Program Files (x86)\Google\Chrome\Application>chrome.exe --user-data-dir="C:/Chrome dev session" --disable-web-security --user-data-dir --disable-features=CrossSiteDocumentBlockingIfIsolating
I am using hublin. the camera and microphone was working fine locally but when i uploaded to server. camera permission pop does not appear, it just silently fails and at console there is error of
easyrtc.js:2100 invoking error callback PermissionDeniedError
easyrtc.js:2085 getusermedia failed
The problem is both with chrome and chromium however asking permission at firefox.
Also i tried to give permission manually but there is no cam-cross icon in rightcorner. In chrome settings>advanced settings>content-settings>camera>manage-exceptions there is no way to manually add specific url for allowing permission as in firefox.
Using of HTTPS for WebRTC applications is mandatory in Chrome. So, it just doesn't show permission dialog when working on a plain HTTP.
Hence, you should configure secure HTTP (HTTPS) on the web server (you can use certificates from LetsEncrypt - work like a charm). Or you can try to use some tricks/workarounds described in this article: https://webrtchacks.com/chrome-secure-origin-https/
I am using google chrome version 43.0.2357.81 on OS X and attempting to display a webpage within an iframe.
ie:
I followed this link with instructions to disable web security and found it helpful for displaying local files within iframes but I am still encountering the same origin error when trying to display disparate web pages.
Disable same origin policy in Chrome
I ran the command open -a Google\ Chrome --args --disable-web-security in terminal and received the banner message confirming that it worked:
You are using an unsupported command-line flag: --disable-web-security. Stability and security will suffer.
However when I view my webpage in chrome I still got a same origin error and was unable to view the site within the iframe.
This has nothing to do with Chrome itself; the server you call within the iframe sends back a http header with
X-Frame-Options SAMEORIGIN
setting. Even "chrome.exe --user-data-dir=c:\tmp\chrome2 --allow-file-access-from-files --disable-web-security" does not disable the iframe same origin check in Chrome. The only option you have is to switch the X-Frame-Options of your server to
X-Frame-Options ALLOWALL
(if you can).