Is there a switch for Chrome I can use to block all domains except from my local server - http://localhost:4200/?
Context - I am running Chrome with --disable-web-security switch, but often find forgetting it has security disabled and then using it for Googling and stuff... So I want my machine to prevent me from doing stupid things.
Related
Anytime I have dev tools open on localhost my cookies are deleted and I am redirected to the login page on every page load which means I cannot use dev tools to debug or get insight into my site. I have localhost setup with a valid SSL cert (self-signed) and the site works normally until I open dev tools. How do I fix or disable this new "security" or setting in chrome?
After lots of issues and trying out many different things I came across this post/answer
When adding a Javascript library, Chrome complains about a missing source map, why?
Turns out that when I opened Dev Tools it would request a CSS map and the request was being sent to a different firewall causing my application to require me to re-authenticate every time this resource was requested. Turning off the CSS source map option fixed the issue
Open Chrome and navigate to google.com
In Fiddler use the "Any Process" button to select that Chrome tab
In Fiddler the "Any Process" button changes to something like "chrome: 11788"
In the Chrome tab search for something
I expect traffic to be captured by Fiddler but no sessions are displayed. If I use "Any Process", traffic is captured from all applications.
The "Use Filters" checkbox is unchecked in the Filters tab.
I uninstalled and reinstalled Fiddler.
I have the latest version installed.
What else could I do?
Modern versions of Google Chrome use separate process for making requests; so the process of the main window, detected by the 'Any Process' tool, is different.
The team is considering a fix, but it is currently not implemented, see "Target Any Process" feature no longer working with Chrome.
Possible workarounds meanwhile are:
Use other filtering functionality - e.g. capture a request from Chrome, and from the Sessions view choose right click -> Filter now -> Show only process=<process number>.
Filter everything else. In Fiddler, uncheck Tools -> Options -> Connections -> Act as system proxy on startup. Then Start Chrome with manually specified proxy settings, pointing to the port on which Fiddler is listening:
chrome --proxy-server=http://localhost:8888
This way the only captured traffic will be from this instance of Chrome.
Detailed version: Why Fiddler's Process Picker tool doesn't work with Chrome anymore
Brief version: For security and performance reasons Chrome now handles network requests through a separate network service. So when you are pointing the 'Any Process' tool of Fiddler on any Chrome window/tab, you are actually pointing to the UI (browser process) of Chrome browser.
There is one quick workaround for this:
Navigate to chrome://flags/#network-service-in-process in your Chrome browser. You would see Runs network service in-process and its value would be set to Default.
Change the value from Default to Enabled. By doing this you are telling Chrome to handle network requests from the browser process which also handles the UI.
Restart Chrome. You should now be able to capture network requests by pointing the Any Process tool on any Chrome tab.
Once you are done with your development activities do not forget to set the flag back to Default. This would give better performance.
NOTE: At the point of writing this, I am using Chrome 84.
We are looking for a way to have Chrome bypass the HSTS requirements for our dev environment.
We are working on a project for https://foo.com.
Within our organizations internal dns we have DNS entries for foo.com.dev which points to our internal dev server which has historically allowed us to reach our dev server via https://foo.com.dev. Secure web requests to this site have always been met with a security warning that we have been able to bypass but in a recent build of Chrome it seems that the ability to bypass the warning has been removed. We can continue to use this method in IE but would like to be able to test Chrome as well.
Additionally, developers have been able to use there own machine names as suffixes. For example a https://foo.com.workstation10
Any suggestions would be very welcome because the prospect of reconfiguring our entire dev environment is not a pleasant one.
To be clear - access to these sites are entirely limited to internal users by both firewall setup and dns configuration.
You can try one of the following options:
Send the Strict-Transport-Security header only for foo.com, and do not specify includeSubDomains.
Make self-signed certificates for foo.com.dev on server and import in on your local device's chrome.
If your target domain is restricted only for internal purpose, you can bypass it just typing badidea in the chrome window. Further details are available here
For more details about HSTS refer HSTS RFC
I have a packaged app that calls chrome.runtime.reload(). On a desktop OS (Windows, OSX) this call will cause the application to close, but not restart unless there is an additional Chrome page open.
I assume this is because if it is the only Chrome app running, it closes the Chrome process entirely and there is nothing to restart it.
Adding the background permission looks like it should work, according to the documentation but it does not seem to actually start Chrome when the user logs in (and keep it running) as the documentation states.
A user can override this globally with a setting.
In Chrome's settings with "Show advanced settings":
System > Continue running background apps when Google Chrome is closed
Perhaps it is disabled on your development system.
I'm fighting against a strange behavior in our office network.
Every morning when we switch on our computers, our network was overload on outbound traffic.
After several test I found a possible cause.
I noticed that when we start Chrome (and gmail?) there is a high traffic generated from my computer to Google servers (e.g.: 74.125.133.132). Here a resource monitor screenshot:
The network traffic doesn't go down until I stop chrome and I start it again.
No extensions installed and every possible traffic generating feature is disabled.
Monitoring the network and restart Chrome every morning is quite annoying. Does someone have a similar behavior and a solution/workaround?
On start up chrome checks weather new update or fixes are available or not..
Or you might be having an chrome extension like _toolbar type, these type of extensions causes a lot of traffic..
Go to settings => extensions => and disable unnecessary and unrecognized extensions..
Hope it solve your problem..