So I have been testing a website using Selenium, specifically a page with a credit card form embedded in an iframe. I want to access the content of said iframe but due to CORS I get the error message:
Uncaught DOMException: Blocked a frame with origin "<url>" from accessing a cross-origin frame.
I made a quick google search and realized you can bypass CORS using the "--disable-web-security" flag, so my code now looks like the following:
options = webdriver.ChromeOptions()
options.add_argument("--disable-web-security")
self.driver = webdriver.Chrome(os.getenv("CHROME_DRIVER"), options=options)
Surprisingly, the CORS exception keeps on popping and I'm currently stuck on how to go from here. I really do have to access the iframe's content, there isn't a workaround for this.
Since I was confused as to why this didn't work, I replicated the problem with another website, in this case Amazon, which functions similarly (credit card form embedded in an iframe). I ran the code with web security enabled and I get the same CORS error, as expected. But then I disable web security, exactly as mentioned before, and it works! I can now access the iframe.
I also downgraded to an older version of Chrome (86) from the current most stable (88) and nothing happens again. I'm using Ubuntu 20.04.
So now I'm wondering - why isn't the flag working for the first scenario I mentioned? Is there a chance the first website is forcing the browser's web security or something related? I'm not an expert in web development so any input on this would be valuable.
Turns out, all I needed was to add --disable-site-isolation-trials and a non-empty --user-data-dir along with --disable-web-security as stated here
For me, adding these flags to my Chrome launcher fixed my CORS issues:
--disable-web-security --user-data-dir=~/chromeTemp
Pls note, this only turns warnings off, this is definitely not a CORS solution
Related
I'm unable to understand the meaning of this error which I found in my console in the Edge browser:
Error with Permissions-Policy header: Origin trial controlled feature not enabled: 'interest-cohort'.
Your guidance is much appreciated.
I can't see any errors in my HTML file, and I don't use Google analytics.
This has to do with FLOC. Or Federated Learning of Cohorts. It's an old experiment that Google ran to try to do away with 3rd party cookies. Some code in your website is blocking Floc from running. Unblocking is fairly straight forward to get rid of the warning. But you have to make the decision if you want to unblock floc or leave as is. You will only see this issue in Chrome base browsers. We need to know what type of website you are running? Drupal? Wordpress? Versions?
We have a react front-end that is communicating with an ASP Core API.
Sometimes we detect there is something wrong with the front-end, including service workers, local cache, and that kind of stuff, so we want to tell the client to clean it up.
I've implemented the Clear-Site-Data (dev-moz) (w3c) as a response header, as "Clear-Site-Data": "cache", "cookies", "storage", "executionContexts"
When testing this out in Firefox, it works, and in the console I'm seeing:
Clear-Site-Data header found. Unknown value “"executionContexts"”. SignIn
Clear-Site-Data header forced the clean up of “cache” data. SignIn
Clear-Site-Data header forced the clean up of “cookies” data. SignIn
Clear-Site-Data header forced the clean up of “storage” data.
When doing the same in Chrome, it's not working, and I'm seeing the message
The request's credentials mode prohibits modifying cookies and other local data.
I'm trying to figure out what to do to fix it, but there are barely any any references. Just 7 results, mostly from browser integration test logs
All the documentation says that this should be implemented and working in Chrome... Any idea what's the problem?
Try manually reloading the page after the Clear-Site-Data has been received (so that the local data / cache is cleared and the header no longer contain Clear-Site-Data).
Both Firefox & Chrome don't appear to support executionContexts, which tells the browser to reload the original response.
If header contains executionContexts, then the browser should ignore it (as you see in Firefox console). However you can try wildcard mapping (*). (This will also add support for future properties).
Response.AppendHeader("Clear-Site-Data", "\"*\"");
Also Google reuse parts of their Chrome source code in their open source project Chromium. If you take a look at Chromium source code (https://doss-gitlab.eidos.ic.i.u-tokyo.ac.jp/sneeze/chromium/blob/9b22da4739ec7bf54fb8e730662e2ab7996532e0/content/browser/browsing_data/clear_site_data_handler.cc line 308). This implements the same exception The request's credentials mode prohibits modifying cookies. A flag LOAD_DO_NOT_SAVE_COOKIES is somehow being sent. The console error maybe an caused by an additional response header or a small chance theres a bug in Chrome.
Right now, my advice would be do not implement the Clear-Site-Data header at this time.
Despite the spec being widely available for some years, vendor support is still hit-and-miss and is now actually going in reverse.
As per the w3c github for this, there are a number of issues regarding executionContexts. The wildcard ('*') mentioned by Greg in their answer is not supported by Chrome, and Mozilla are about to remove the cache value as well.
All this points to a flawed standard which is likely to be removed at some point in the future.
We have a site that is not working in Google Chrome V44. It works well in IE and Firefox. All of sudden after updating chrome browser to V44, we unable to login to the system and just receiving this problem.
We're trying to figure out as why this is happening. We have 2 instances of our system in our server. Our live site is the one that is not working in Chrome V44 while the other - our demo site is fine. The only difference of the these sites is that our live has SSL. So our first impression is that there's a problem with Chrome V44 with our site with certificate.
I think Chrome can't establish secure connection with the site.
Has anyone experienced this issue?
Please help. Thanks.
This is due to a SSL in Chrome V44 where it incorrectly sends a HTTP_HTTPS header to be set, however the HTTPS header is still set correctly. It has been quite widely reported: http://www.zdnet.com/article/brand-new-chrome-44-release-added-a-bug/
https://ma.ttias.be/chrome-44-sending-https-header-by-mistake-breaking-web-applications-everywhere/
In order to stop this, in PHP, I added the following to the very top of my index.php file:
<?php
if (!isset($_SERVER['HTTPS'])) {
$_SERVER['HTTP_HTTPS'] = 0;
}
?>
Ensuring there is no space between the ?> and the next
I've recently had the chrome redirect loop on gmail.
Possibly significantly, I was doing some work involving changing my system time and it hasn't worked since. This guide helped to do that.
There is an available work-around, which is to use gmail in incognito mode, which does still work, although requires you to log in each time
In that case I would say this is an internal problem with you organization's setup. I would speak with your SysAdmin or IT staff. But just to be sure, use your phone carrier's internet, or a cafe nearby, basically something off your network to check if you can reproduce the error.
The issue with my MVC solution was, i had recently updated complete Nuget packages in my solution. After the update i forgot to update
<assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
<dependentAssembly>
section with new dll bindings which installed while update. So in my hosting server due to connectionstring issue, i was not overwriting the current .config file. So once i did the update in assemblyBinding section in .config file the issue gone.
There might be many reasons for the redirect loop. If you are confident your setup is done properly without any errors, then it might be the issue with your browser. You can try the following
Deleting cache and cookies
Correcting your system time (if it is not set to automatic)
Resetting the browser
Source
You should be able to fix this problem, you can try to clear your cookies in your browser
Open your Chrome browser.
Type "chrome://settings/clearBrowserData" in the address bar and press Enter.
Make sure you are clearing items from the Beginning of time. Then select Cookies and other site data. Click the Clear browsing data button.
If find from google search, this tutorial could helps you https://windows10freeapps.com/fix-err_too_many_redirects-error-google-chrome-browser
FOllowing the video and sample code from https://developers.google.com/drive/web/quickstart/quickstart-js to upload any file from local system to google drve i was stuck with an error which states
"Refused to display 'https://accounts.google.com/o/oauth2/auth?client_id=%3CAIzaSyDa2kGIMQCLdfzk…%2Flocalhost&response_type=token&state=513052220%7C0.1330524626&authuser=0' in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN'."
I registered for a new client ID and also changes in the code with new clien ID
Also disabled the chrome security using "chrome.exe --user-data-dir="c:/temp/chromedev" --disable-web-security" in run command.
I faced the below issue while loading the PDF document into iframe from google drive.
Problem:
Refused to display 'https://drive.google.com/file/d/1ipnylkWoSx4NS0GtmsQVFUq7ms339DAW/view' in a frame because it set 'X-Frame-Options' to 'sameorigin'.
Reason:
As per my analysis, I faced this issue due to the URL is not considering as embedded to allow loading from other websites.
Solution:
I did even tried with the solution of adding ?embedded=true to the URL but still no luck. Then I got one solution from https://support.google.com/drive/thread/34363118?hl=en and replaced the view with preview in my URL and problem solved.
https://drive.google.com/file/d/1ipnylkWoSx4NS0GtmsQVFUq7ms339DAW/preview
The browswer sequrity is nonsense since Google Realtime API is intended to work with default security.
I received this error when supplied clientId = 'garbage'. Indeed, your client_id=<AIzaSyDa2kGIMQCLdfzk looks like garbage. Correct client_id shoud look like '1088706429537-4oqhqr7o826ditbok23sll1rund1jim1.apps.googleusercontent.com'
This is not related to disabling security in chrome browser.
I believe there might me some issues with my XAMPP Windows local host.Deploying the same application in node.js server or hosting Dropbox/Google Drive as a web app also works fine.
I don't know if this is still relevant, i got the same error loading a google docs in an iframe. After stripping the page of everything i had, removing the doctype solved my issue.
After this i found out there was a parameter ?embedded=true which allowed me to load it in a fancybox, which looks nicer anyway. Hope it helps any1, sorry if it's not relevant for you.
I've added addthis.com's code to my HTML page.
But Google Chrome shows a status failed for getting this url :
x Failed to load resource
GET http://s7.addthis.com/js/300/addthis_widget.js#pubid=ra-51aee1dc1b323034
The addthis widget shows in FireFox on my PC but not on my colleague's where on loading that URL shows Content Encoding Error.
Im unable to find the root cause of this. Is it addthis's script or does it have something to do with my implementation ?
I ran into the same issue today. Try using https. It solved the problem for me.
https://s7.addthis.com/js/300/addthis_widget.js#pubid=ra-51aee1dc1b323034
AdBlock and other extensions block "addthis"
http://support.getadblock.com/discussions/problems/26572-adblock-blocking-adthis-widget
I tried in every possible way for a day (http to https, CORS, etc). But failed. Then disable all the Extensions in Chrome. Eureka!!! It's Avast bloking the addthis_widget.js
If you have the Avast Online Security extension installed in your browser just disable it. Worked for me.
I ran into the same issue:
GET https://s7.addthis.com/js/300/addthis_widget.js net::ERR_BLOCKED_BY_CLIENT
The console error states it was blocked by client (me): so I checked and found out I had adblockers enabled in my browser, thus: I then added the site to whitelist and voila: AddThis started working!
In addition:
//s7.addthis.com/js/300/addthis_widget.js#pubid=ra-51aee1dc1b323034
The above accounts for both Http and Https.
If you're using OpenWRT (and I imagine DD-WRT and others) on your router and using any of the adblock services/plugins, you need to add s7.addthis.com to the Services > Adblock whitelist.
The specific error is
https://s7.addthis.com/js/300/addthis_widget.js
net::ERR_NAME_NOT_RESOLVED
You'll get similar errors for Google and Bing analytics and other similar services too.