I have a project that I have to inject Javascript into websites using the browser. I mean that I go to developer tools -> console -> enter the following:
window.FO_DEBUG=true;
var b=document.getElementsByTagName("head")[0].appendChild(document.createElement("script"));
b.src="//path-to-file//"
The issue is that I cannot inject code from my local machine for HTTPS websites.
The only way I found to do it is to inject a file from another HTTPS server.
Do you know any way of injecting a file from my local machine to an HTTPS server?
It's possible to inject scripts to HTTPS websites as long as the origin of these scripts is HTTPS server.
Therefore, the easiest way to do it is to create a local HTTPS server, and inject the script from this https server.
The following videos show perfectly how to do it:
https://www.youtube.com/watch?v=zTlc5Z59FpA&t=208s
https://www.youtube.com/watch?v=VbNPi2gaJpU
Related
I recently migrated a website to HTTPS using an AutoSSL tool on bluehost. I see some distortions in the content like missing background colors, table displacements, missing_logos etc.
Does anyone know how styling can get effected with HTTPS migration effect?
If you access a website using HTTPS, the browser will block resource requests using HTTP. You should load all resources securely over HTTPS.
You can edit .htaccess file. And to migrate your traffic from HTTP to HTTPS, you require a redirect rule.
So, it's obvious to use .htaccess. I hope you know how to edit such a file.
I will suggest you check this Article How to Force SSL and Manage the non-SSL Page Using cPanel
I am facing an issue with my hosted project.
The request with link :- http://......./api_tester.html works fine and
provides results, but, it gives CORS 'Access-Control-Allow-Origin' Missing
when the api_tester.html file is accessed via the browser directly.
The URL for the file in the browser is file:///E:/workspace_windows/api_tester.html
Kindly suggest.
It seems you are trying to open the file directly from desktop, hence it is picking its protocol file:// protocol. Use either complete url starting with HTTP or run from any web server. Secondly error you stated means you are trying to access the page hosted on another domain and this usually happens when you do XHR requests to domain other than the one where your file is hosted.
You can add header "ACCESS-CONTROL-ALLOW-ORIGIN" to the file you are trying to access to allow all requests to be accessible from all different domains.
When I right-click on the local html page and select "Inspect with FireBug Lite" nothing happens... on regular online sites it works except for "https://chrome.google.com/webstore/category/apps"
anyone had the same experience? I have the latest version of the extension (but it's from 2011 :/)
UPDATE: on some local sites it does show! on two web apps (PHP, Rails) it did work, but on a few static HTML files I tried it didn't....
Apparently this is normal...:
It doesn't work on local pages
If by "local pages" you mean files accessed via "file:///" protocol then yes, Firebug Lite doesn't work with "file:///" protocol. This is a JavaScript security restriction to prevent malicious web pages from accessing files in your your machine. Also, please note that the while you can load a "local page" in the browser (it will render properly) it will NOT behave exactly the same as when hosted in a web server.
Solution:
You can solve this problem by loading your page in a web server installed in your machine, so you can access that local files through "http://" addresses. This is the best solution: it is safer, and you'll get the most of what Firebug Lite can give you. I recommend using Apache HTTP Server, but you can use anyone (like IIS for example).
Which exact URL are you visiting? It is an internal Chrome's page
(like "chrome://downloads/"), or some page related to Google Chrome
extensions "https://chrome.google.com/extensions/")?
Google Chrome won't allow content scripts (required by Firebug Lite)
running on such pages. The problem is that Chrome does not inform the
user and neither the extension about it. In other words, there is no way
to Firebug Lite know if the content script was loaded or not, and we
worked around this by sniffing the URL and detecting when you visit
URLs that begins with "chrome://" or "https://chrome.google.com/extensions/",
alerting users in such cases.
You've few options to fix the solution.
One is to use Mozilla Firefox.
Second, install a web server on your system. Try WAMP or XAMPP. Once installed, store all the web pages in the root folder of the web server you just created. Save all the web pages and html files in C:\xampp\htdocs. Navigate to the locally stored webpages using your web browser by going to “127.0.0.1/index.html” or “localhost/index.html”.
Now you can use Firebug-Lite for Google Chrome on local files.
I want to change the origin policy in chrome, how can I access it and modify it?
Many thanks
Are you talking about relaxing the same origin policy for file:/// urls? If so, I strongly recommend you set up a web server on your local machine and develop that way.
That said, you can run Chrome with this command line flag: --allow-file-access-from-files This will make all file:/// urls run in the same origin. The downside: any .html page you download and open could possibly open any file on your system and upload it to some server without you knowing. So you need to be more careful if you're doing this.
Besides file:/// urls you cannot change the same origin policy outside of APIs like CORS.
I am currently building an intranet applicaiton using asp.net mvc and I am wondering if there is a way to link to a file or folder available on the network.
I tried simply
open folder
But obviously that won't work as it just gives the output: file:///G:/folder/ which doesn't actually open to anywhere. I understand that this is for security and that is fine, i am jsut wondering if there are any workaround or anything in an intranet setup? Would impersonation of any type possibly work? Any other ideas?
You could open that file from the server, and serve it to the client. Your web server will act as a proxy. If the files are accessible to the server, and there are no special permissions for the users, or if you can encode those permissions in roles or business rules, then it's quite easy.