Chrome is blocking downloads from my webapp
Search console shows that there are no security issues, yet Google continues to block downloads.
Submiting XML sitemap has not solved this.
Any ideas?
Related
When using the Microsoft Edge browser, by default when you open a PDF it will open the PDF in a new tab using the built-in PDF viewer. To avoid this, you can adjust the browser's settings: Toggle on the "Always open PDF files externally" option. This works great. However, it presents a separate issue. Our internal applications use embedded PDFs in iframes. When the external toggle is set to on, these PDFs will not show in the iframes. This doesn't happen in Chrome. Has anyone else experienced this and know a work around?
I've tried removing the type="application/pdf" from the iframe tag to no avail. I can't find anything else online.
It looks like an expected result because you have enabled the option Always open PDF files externally.
So MS Edge browser is giving you an option to download the PDF file and open it using the desired app.
You said this doesn't happen in Chrome browser.
If you enabled the Download PDF files instead of automatically opening them in Chrome option then you will notice the same result in the Chrome browser.
Output in the Chrome browser:
If you click on the Open button then it will download the PDF file.
I did not get any solution or a workaround for this issue.
If you think that there should be an option to load the file in an iframe if Always open PDF files externally option is enabled then I suggest you click on the Send Feedback button in the MS Edge browser and try to provide your feedback about it to the Microsoft.
I posted feedback suggesting that an exclusion/inclusion list be in included but the simplest way would be to treat the frame as part of the session. But this is not Microsoft it is the Chrome projects issue.
I'm trying to allow users to add an Adblock Whitelist via a Chrome extension. To allow this there is the API like such:
1) Add The Ebates WhiteList
However if I add that link to a Chrome extension popup window the link doesn't go anywhere. My guess is that the Chrome extension execution context isn't aware of Adblock/able to support that API. Is anyone who is more of an extension wizard than myself able to verify that I'm correct in my assumption and that there is no workaround? Thanks!
Click Me
This used to work as a valid href attribute but it seems in the past few months it now shows an error in the console (I'm using Chrome):
Not allowed to load local resource: view-source: http://stackoverflow.com
I found some links from 2013 where this was once a bug in Chrome but said it was fixed.
Could someone point me to an authoritative source that can explain why this no longer works? I assume that this is security by the browser and not an angular issue (since view-source is whitelisted and used to work)
Looks like Chrome and Firefox (at least) disabled this within the past year or so
I found this thread, and these release notes explaining why and provides a timeline as to when the change took place.
Related StackOverflow question: File URL "Not allowed to load local resource" in the Internet Browser
Chrome responds with the "Not allowed to load local resource:" as a security protocol. I'm not sure why this used to work, but not now, though there is no real way around this unless web-security is disabled. There may be a different outcome on other browsers, but ultimately you are correct in thinking that it's Chrome's security.
The reason is that Chrome tries to preload URLs in background, to speed up your browsing experience.
If you open the DevTools after loading the page, the content of the items listed on the Resources tab may not be populated. This is also true of network requests on the Network tab. To see the fully populated resources on the Resources tab, first open the DevTools, then refresh the page, or navigate to the desired page with the DevTools open. Now select the html resource and it should be populated.
I'm setting up a local development server on my Mac using nginx in place of Apache. I'm basically there, but having one issue.
I have multiple web apps, and each are set up using sites-available and sites-enabled - no issues here. The issue is that my browser of choice is chrome, and there's some weird caching going on that is causing the first-visited app to load each time. For example, I have:
site1.dev
site2.dev
If I load site1.dev, it loads without issue. If I load site2.dev, it's automatically redirected to site1.dev. I see this as a caching issue because if I use chrome's Incognito mode, I don't have the same issues (nor do I have them in Firefox).
Does anyone know what could be going on here? Or what the solution could be? Thanks in advance!
The solution is to open Chrome's Dev tools (right click, inspect element), click the network tab, and disable caching. Reload the first url, and try the second url. If there is no redirect, disable caching, and the issue is resolved.
Chrome only redirects from cache if the page was initially loaded with caching enabled.
I have an application that uses Google Drive for document storage and preview functionality, but recently the iFrames that the documents are loading into are not displaying anything. Upon inspection of the console, Chrome declares that it blocked the fram from running insecure content, and that is why the file preview did not load.
The initial call to preview this file is to a url that looks like this:
https://docs.google.com/document/d//preview
There is a redirect along the way that takes the following form but because it uses http instead of https, Chrome blocks the content from loading.
http://www.google.com/url?sa=p&q=https://www.google.com/accounts/ServiceLogin?service%3Dwise%26passive%3Dtrue%26go%3Dtrue%26continue%3Dhttps://docs.google.com/document/d//preview?pref%253D2%2526pli%253D1
Is there any way around this issue? It is blocking a core functionality of my application currently, so any advice would be appreciated. I can provide a screenshot of the full stack of network loads in necessary, but this is the only URL that is not http compliant.
Thanks in advance for your help.
Hacked that. Add a "?pli=1" without quotes at the end of the URL to avoid redirect (after "/preview" or "/edit") and land directly to the document.