im trying to delete domain security policy in Google Chrome following this post and this one.
But when i click to delete and clear data browser it not work.
my domain is: http://localhost.domain-test.app:57471 and i using Windows.
im following exacly instructions:
go to chrome://net-internals/#hsts
put localhost.domain-test.app in Delete domain security policies, click Delete Button. (put with port 57471 like example?)
go to settings -> advance settings -> clear data
Then, when i put my domain in chrome browser it force redirect to https. But im developing in localhost, i can't use https.
When i use Internet Explorer this problem not happen.
Thanks for all
The .app top level domain is preloaded for HSTS in the Chrome source code so cannot be “reset”.
See this blog post for more information: https://www.blog.google/technology/developers/introducing-app-more-secure-home-apps-web/ and also here: https://get.app
Related
So we switched a website from example.com to www.example.com (and implemented a forward to www.example.com). I believe I still have Google Chrome site data which causes problems (Shopware 6 trying to load data via API from example.com - without www) on example.com and this somehow influences www.example.com.
I already cleared the site data for www.example.com (Chrome dev tools -> Application -> Clear site data)
But how can I do this for example.com which directly forwards me to www.example.com ? I could not find an option in the dev tools to switch the domain I am looking at.
Chrome has it`s own DNS-Cache. I had that issue a lot and started to use CURL in the terminal instead when checking whether a redirect is working or not.
But Afaik you can also clear that cache:
Open a new tab.
Type the url in the search box: chrome://net-internals/#dns
Hit the “Clear host cache” button. And you are done as DNS is flushed out.
Open another tab and type URL: chrome://net-internals/#sockets
Click on the “Flush socket pools” button. Close the Google chrome
tab.
source: https://www.cyberciti.biz/faq/google-chrome-clear-or-flush-the-dns-cache/
At least that worked in some cases for me.
Can you verify that it is a browser problem and not a shopware / server problem? Did you check that the URLs in the html for loading the fonts is the correct URL, or is the old URL still used in the html?
If thats the case you should ensure that you also updated the URL in the sales channel domain settings and also update the APP_URL environment variable. After that clear the cache.
I am trying out Google Colab, but then I keep getting this pop up box that says:
Error
Could not access the resources needed to display output.
This is probably because third-party cookies are not allowed by your
browser.
NotSupportedError: Failed to register a ServiceWorker: The user
denied permission to use Service Worker.
While turn off Block third party cookies worked for me from here, I would like to keep the setting to be turned on at all times for the sake of our privacy.
Currently I will have to have another tab next to the Colab tab the so that after I have finished using Colab, I can turn it off right away and not to forget it. BUT I would have to do it every time I use Colab.
To solve this, I have tried to follow the chrome help guide and added https://colab.research.google.com and [*.]google.com to the Allow whitelist on Cookies. However the error pop up would still show. I also tried https://colab.research.google.com[/*], but chrome said its not a vaild domain.
Is there a way to allow Colab domain cookies for that?
The output cell is an <iframe> element. It has a url like
https://jbe1910iol-colab.googleusercontent.com/v2/usercontent/8b5e8f2bbe60490e/outputframe.html
So, you can try adding [*.]googleusercontent.com to the whitelist as well.
Not sure if it will work though. Hope it does.
For Google Chrome, go to the cookies settings page
Type this in the address bar
chrome://settings/content/cookies
In Allow section, click add button.
paste this [*.]googleusercontent.com
That's all.
As Korakot Chaovavanich's explanation, I added steps
Is there any way to remove entries from Chrome's preloaded HSTS list?
For development reasons I need to route a webpage google-analytics.com which refers to different from the original ip address. But google-analytics.com is on Chrome's preloaded HSTS list. This results in an error while loading web page, because my ssl of google-analytics.com certificate does not properly signed.
I know that I can remove entries from the dynamically created HSTS list via chrome://net-internals/#hsts - but not entries that come with the browser.
Is there any way to tell Chrome that I know what I'm doing?
1) Navigate to chrome://net-internals/#hsts
2)First, to confirm the domain's HSTS settings are recorded by Chrome type the host name into query domain section. Click the query button. If the box returns found with settings information below, the domains HSTS settings are saved in your browser.
For your purpose(if you want to delete):
3)Type the same domain name into the DELETE DOMAIN section and click Delete button.
Your browser will no longer force an HTTPS connection for that site! You can test the working by refreshing of navigating to that site.
If you have create your own CA, create the certificate for google-analytics.com with this CA and import the CA as trusted into the browser/CA store then it should work. It will ignore pinning information if the certificate is signed by an explicitly imported CA.
See also Man in the middle attack to a website which uses public key pinning.
Nope: https://bugs.chromium.org/p/chromium/issues/detail?id=483634
You could try using a self-signed cert but imagine they preload pinning as well for their sites so doubt that would work either.
my chrome version:50.0.2661.75 m
visit GitHub, can not load css and javascript
error:
CSS stylesheet from origin 'https://assets-cdn.github.com' has been blocked from loading by Cross-Origin Resource Sharing policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://github.com' is therefore not allowed access.
github.com/:1 Script from origin 'https://assets-cdn.github.com' has been blocked from loading by Cross-Origin Resource Sharing policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://github.com' is therefore not allowed access.
github.com/:1 CSS stylesheet from origin 'https://assets-cdn.github.com' has been blocked from loading by Cross-Origin Resource Sharing policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://github.com' is therefore not allowed access.
github.com/:1 Script from origin 'https://assets-cdn.github.com' has been blocked from loading by Cross-Origin Resource Sharing policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://github.com' is therefore not allowed access.
I test IE 11 and old version chrome(49.0.2623.112 m), it is ok.
I know this happened to me to so I created a Chrome Extension to fix that. Instructions to install it are below.
How To Install The Extension
</>1. Download This Free2. Press the link to download the crx file3. Type chrome://extensions in the URL box and hit Enter4. Open the location where the .crx file saved5. Drag & Drop the .crx file into the chrome://extensions website6. While you are hovering the .crx file in the website it will show Drop file here to install7. Once you drop the .crx file it will show Add extension & Cancel8. Press Add extension9. Your Done10. Now just goto Github and it should work with all the CSS/JS loaded.The CSS/JS not loading is because I'm pretty sure that google is trying to stop Cross-Origin loading they said it was for security reasons. I'm not sure though but the extension I created will fix that on github... The extension has recently been made so im still trying to fix some of the bugs
Update:
Ok I just updated the extension I fixed the bugs now and it works perfectly I added a Automatic Update feature so when I update it it will automatically detect and update to the latest version. If it you can download the new version Here you only need to download and install this extension once after that it will automatically update to the latest version if you want to manually update follow the instructions below
How To Manually Update The Extension
</>1. Goto chrome://extensions2. Look on the Top Right of the page3. Check the box that says Developer Mode4. Click Update Extensions now the button is located right under the checkbox that says Developer Mode5. The extension is now updated.Enabling the Developer Mode Checkbox won't harm anything it just used for mostly extension/app developers
If you don't want to enable the developer mode you don't have to but it will take a few hours for it to detect the updated version of the extension.
Sorry I'm trying to fix the extension again it stopped working
It is working for good now
Last Update: To update on this, The extension has not been updated in over 4 years and I am no longer maintaining it for future updates so it will not work anymore.
I have verified my IP (not the domain) using webmasters tool and it successfully verified.
I have added <link> and called chrome.webstore.install() and getting this error:
Inline installs can only be initiated for Chrome Web Store items that have one or more verified sites.
I think I should call chrome.webstore.install() from subdomain or a page. So I am calling from a page (index.html) but url is just the IP.(like http://52.1.165.721/#/home) (Angular UI routing and index is default page.)
My questions are:
1.I didn't have a domain yet. Is that a problem?
2.I have to install extension from home page itself. I got some websites (eg: https://adblockplus.org/) as examples. But don't know how to do that. Please help.
I went through
How to test inline installation of Chromium/Chrome extensions locally? ,
Chrome Inline Install for extension not working and
chrome.webstore.install(); Not working on verified site
So as Xan said I added Website link and didn't fill Verify that this is an official item for a website you own: because my domain was not listing there.
The problem was I uploaded extension using my work account and verified site using my personal account. So I added my other account as an owner with help of https://support.google.com/webmasters/answer/2454036?vid=1-635766230904751668-2044003462 and refresh list does the trick.
So I selected the verified site from drodown and after a two minutes inline install worked.
Turns out:
1.We don't need to buy the domain. IP will work.
2.Calling chrome.webstore.install() from home page itself will work too. (Url doesn't matter I think)