I want to allow iframe to be loaded in my extension.
I am creating and extension which will wrap one other app in the iframe. For that app to allow iframing inside that extension I need to give hostname on which I can iframe the app.
What is the hostname for an extension ?
what about across edge and chrome ?
PS: one solution which we already have is to intercept response headers and remove the IFRAMING headers , but I am also exploring how to get the hostname for the extension so that we can configure this on server side.
Related
I search everywhere I found 0 information about this specific redirect.
I have app that I need to use "HTTP" to function, recently chrome started to redirect my app to HTTPS automatically, and If I put HTTPS to HTTP code in my app it cause infinite loop.
My app is not on the HSTS preload domain list, my app and server have no redirect code to HTTPS.
Request URL: http://4444.com/z.txt
Request Method: GET
Status Code: 307 Internal Redirect (from disk cache)
Referrer Policy: strict-origin-when-cross-origin
Cross-Origin-Resource-Policy: Cross-Origin
Location: https://4444.com/z.txt
Non-Authoritative-Reason: DNS
This does not happen on any other browser other than chrome.
Does that mean chrome is targeting my host's dns to make sure all website hosted on the DNS is HTTPS?
If yes I think this is very bad move from google as I can't find any announcement by google that they will start forcing https on websites. This could break many non https sites without prior warning.
If not what can I do to fix this issue?
Thanks
I encountered the same problem just like you, and that situation didn't happen all the time, sometimes when I open another window as incognito mode, the redirect disappeared!Sooooo Annoying:(
And I just tried another way, it seemed to work fine with me!
go to : chrome://net-internals/#dns, and click Clear host cache , then refresh your page, the redirect will be gone!
Even if the "Always use secure connections" (chrome://settings/security) is disabled, chrome will still try to use HTTPS if it finds HTTPS records in DNS, as per #dns-https-svcb flag - "Support for HTTPS records in DNS" (chrome://flags/#dns-https-svcb) - which is enabled by default.
This causes the loop leading to the ERR_TOO_MANY_REDIRECTS with Non-Authoritative-Reason: DNS.
Either remove any HTTPS record from the host zone file or disable the aforementioned flag from chrome.
Did you access websites using VPN? VPN server seems able to force http to https
I have a web application that opens a local application on client machines using a protocol already registered during client setup.
The web application gives an alert when opening local application and gives a checkbox to be selected in that alert. If checkbox is checked, the browser doesn't prompt next time when opening the local application.
However, this checkbox is seen when my web application is hosted with https. When hosted with http, the checkbox is not given by the browser and the browser always throws the alert. Can the user at client side manually do something to avoid the alert every time?
I looked into the Google chrome settings. There is Protocol Handlers in Site Settings but it doesn't allow to enter a site manually. It shows outlook.office.com which I can remove but doesn't give a way to enter a site manually.
Is there a workaround to trust a site and not show alert for this specific trusted site
If your environment is Microsoft, with a GPO the website can be added in the safe list address of Internet Explorer options. Otherwise, you will have to do it manually in each endpoint.
Browser says "Camera Blocked to protect your privacy"
My project include using user camera and when i access application from localhost camera works fine but when accessing through ipaddress, the browser by default blocks the camera and other resource.. how can i allow them for my application.
My application is for an organization who will be accessing the application using ipaddress.
Thank you for reading and your help. :)
type url chrome://flags/#unsafely-treat-insecure-origin-as-secure
Enter url in the textarea
Choose Enabled in the select option
Click image link bellow to see detail
example
Chrome blocks vulnerable features—including camera, location, microphone, etc. on non-secure sites. As of July 2018, with the release of Chrome 68, Chrome starts to mark all HTTP sites as "not secure."
You have three options to unblock these features for your site:
Treat 192.168.10.79 as secure origins by setting chrome://flags/#unsafely-treat-insecure-origin-as-secure. Origins must have their protocol specified, e.g., http://192.168.10.79.
Port forwarding your site address to localhost. Chrome treats localhost as secure origins.
Set up a self-signed certificate for the server.
The problem is because of http protocol. This is not a secure protocol.
Solution
In my scenario I have used https and have got all permissions.
I know that I am able to write a redirection rule which redirects to HTTPS version if someone sends a request on HTTP version of an URL. But how to implement that if an user wants to visit my site directly using only domain name: example.com, he gets the https:// version without redirect? I also know about HSTS, but I am pretty sure that this can be accomplished only with good .htaccess settings?
You can't.
If you type a URL into a browser without explicitly stating the scheme, then the browser will default to plain HTTP.
The only way to change that would to rewrite the browser the user has installed (or perhaps to have them install a browser plugin).
.htaccess is a recommended against mechanism for configuring Apache HTTPD. The HTTP server you use cannot influence the URL the browser requests (other than by recieving a request and responding with a redirect).
I am facing an issue with my hosted project.
The request with link :- http://......./api_tester.html works fine and
provides results, but, it gives CORS 'Access-Control-Allow-Origin' Missing
when the api_tester.html file is accessed via the browser directly.
The URL for the file in the browser is file:///E:/workspace_windows/api_tester.html
Kindly suggest.
It seems you are trying to open the file directly from desktop, hence it is picking its protocol file:// protocol. Use either complete url starting with HTTP or run from any web server. Secondly error you stated means you are trying to access the page hosted on another domain and this usually happens when you do XHR requests to domain other than the one where your file is hosted.
You can add header "ACCESS-CONTROL-ALLOW-ORIGIN" to the file you are trying to access to allow all requests to be accessible from all different domains.