I am upgrading jwplayer to 7.4.4 with hlshtml and default mode as html5 settings.
My player is working fine in firefox. But in chrome its giving error : cannot load m3u8 crossdomain access denied.
Usually caused by a firewall blocking your access. On IE you can try: Go to "Internet Options" > "Secuirty" > "Internet" > choose "Custom Level" and scroll down to "Miscellaneous". One of the options should be "Access data sources across domain" - set this to "Enable".
If it is already enabled then it is likely that there is a firewall blocking you.
OR
When you get the error, do you have a shield on the right side of your address bar? You should be able to click on that and override the blocking for mixed content. Otherwise, you can force start the browser instance without the check through terminal, though, at that rate, would probably be easier to just use Safari until they get the cross-domain issue fixed.
Related
Click Me
This used to work as a valid href attribute but it seems in the past few months it now shows an error in the console (I'm using Chrome):
Not allowed to load local resource: view-source: http://stackoverflow.com
I found some links from 2013 where this was once a bug in Chrome but said it was fixed.
Could someone point me to an authoritative source that can explain why this no longer works? I assume that this is security by the browser and not an angular issue (since view-source is whitelisted and used to work)
Looks like Chrome and Firefox (at least) disabled this within the past year or so
I found this thread, and these release notes explaining why and provides a timeline as to when the change took place.
Related StackOverflow question: File URL "Not allowed to load local resource" in the Internet Browser
Chrome responds with the "Not allowed to load local resource:" as a security protocol. I'm not sure why this used to work, but not now, though there is no real way around this unless web-security is disabled. There may be a different outcome on other browsers, but ultimately you are correct in thinking that it's Chrome's security.
The reason is that Chrome tries to preload URLs in background, to speed up your browsing experience.
If you open the DevTools after loading the page, the content of the items listed on the Resources tab may not be populated. This is also true of network requests on the Network tab. To see the fully populated resources on the Resources tab, first open the DevTools, then refresh the page, or navigate to the desired page with the DevTools open. Now select the html resource and it should be populated.
I'm setting up a local development server on my Mac using nginx in place of Apache. I'm basically there, but having one issue.
I have multiple web apps, and each are set up using sites-available and sites-enabled - no issues here. The issue is that my browser of choice is chrome, and there's some weird caching going on that is causing the first-visited app to load each time. For example, I have:
site1.dev
site2.dev
If I load site1.dev, it loads without issue. If I load site2.dev, it's automatically redirected to site1.dev. I see this as a caching issue because if I use chrome's Incognito mode, I don't have the same issues (nor do I have them in Firefox).
Does anyone know what could be going on here? Or what the solution could be? Thanks in advance!
The solution is to open Chrome's Dev tools (right click, inspect element), click the network tab, and disable caching. Reload the first url, and try the second url. If there is no redirect, disable caching, and the issue is resolved.
Chrome only redirects from cache if the page was initially loaded with caching enabled.
Uncaught SecurityError: Failed to read the 'sessionStorage' property from 'Window': Access is denied for this document.
No clue how to go further on this...when all I did was `
Works in Firefox, not in Chrome.
Could be something related to http://help.twitch.tv/customer/portal/questions/6299203-javascript-errors-in-chrome-
I had the same problem with localStorage, and fixed it like this :
Under Settings > Privacy > Content settings, change the cookies' settings to "Allow local data to be set" or the second option (in my case, it was previously on "Block sites from setting any data").
Edit
On newer Chrome versions, make sure the first option is ticked here: chrome://settings/content/cookies
I had the same issue, but my problem was a script blocking plug-in ScriptBlock that I had set to allow the site but was still blocking some actions and not reporting it.
Disabled the script blocker and voila!
If you still want to block most 3rd party cookies, you can add an exemption. I usually can do it through the cookie button that pops up in the AddressBar, but it wouldn't let me for localhost. I had to add it via chrome://settings/content/cookies Picture of chrome://settings/content/cookies
For the latest chrome browser, this might work and better guide for you. And it works for me.
Settings > Privacy and security > Cookies and other site data > Allow all cookies
That should work perfectly.
Chrome browser by default is blocking mixed content. How do I adjust my settings/configuration to allow mixed content without making any adjustments on the UI every time?
I have found two solutions but neither of them work:
Several articles say you can adjust this under the Security section
of "Under the Hood" in the Options. This option no longer seems to
exist. There is no Under The Hood tab and there is no such dropdown
to adjust how Chrome handles mixed content as far as I can tell.
Another option is to add the --allow-running-insecure-content flag
to your command line. I did this like so: "C:\Program
Files\Google\Chrome\Application\chrome.exe"
--allow-running-insecure-content. However this made no difference. If I tried adding the flag inside the double quotes, then Windows
complains saying it is invalid.
So what option do I have now with the latest version of Chrome?
Steps as of Chrome v91 (6/17/2021):
Click the Not secure warning next to the URL
Click Site settings on the popup box
Near the bottom of the list is Insecure content, change this to Allow
Close settings, go back to the site, and Refresh the page
Older Chrome Versions:
timmmy_42 answers this on: https://productforums.google.com/forum/#!topic/chrome/OrwppKWbKnc
In the address bar at the right end should be a 'shield' icon, you can
click on that to run insecure content.
This worked for me in Chromium-dev Version 36.0.1933.0 (262849).
In Windows open the Run window (Win + R):
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --allow-running-insecure-content
In OS-X Terminal.app run the following command ⌘+space:
open /Applications/Google\ Chrome.app --args --allow-running-insecure-content
Note: You seem to be able to add the argument --allow-running-insecure-content to bypass this for development. But its not a recommended solution.
The shield icon that is being mentioned was not in the sidebar for me either, however I solved it doing the following:
Find the shield icon located in the far right of the URL input bar,
Once clicked, the following popup should appear wherein you can click Load unsafe scripts,
That should result in a page refresh and the scripts should start working. What used to be an error,
is now merely a warning,
OS: Windows 10
Chrome Version: 76.0.3809.132 (Official Build) (64-bit)
Edit #1
On version 66.0.3359.117, the shield icon is still available:
Notice how the popup design has changed, so this is Chrome on version 66.0.3359.117.
Note: The shield icon will only appear when you try to load insecure content (content from http) while on https.
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" " --allow-running-insecure-content"
On OSX using the current Chrome build (2/20/2020, 79.0.3945.130), you can:
Click on the 'i' info icon on the left side of address bar.
Click Site Settings
Scroll down to Insecure content
Change it from Blocked (Default) to Allow
Reload the page and try your action again.
running the following command helps me running https web-page, with iframe which has ws (unsecured) connection
chrome.exe --user-data-dir=c:\temp-chrome --disable-web-security --allow-running-insecure-content
Another solution which is permanent in nature between sessions without requiring you to run a specific command when opening chrome is as follows:
Open a Chrome window
In the URL bar enter Chrome://net-internals
Click on "Domain Security Policy" in the side-bar
Add the domain name which you want to always be able to access in http form into the "Add HSTS/PKP domain" section
On OSX the following works from the command line:
/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --allow-running-insecure-content
Chrome 46 and newer should be showing mixed content without any warning, just without the green lock in address bar.
Source: Simplifying the Page Security Icon in Chrome at Google Online Security Blog.
You could use cors anywhere for testing purposes. But its note recommend for production environments.
https://cors-anywhere.herokuapp.com/
something like: https://cors-anywhere.herokuapp.com/http://yourdomain.com/api
I can modify the Document mode that IE renders the page in, by passing in a X-UA-Compatible in the response header. I can achieve this by modifying a setting in IIS.
Similarly is there a way to modify the Browser mode to Compatibility view by modifying any setting in the IIS?
Shown below is what I currently see in the F12 tool in ie.
To configure IIS 7 on a Windows Server 2008-based computer to include a custom HTTP response header:
Click Start, click Administrative Tools, and then click Internet
Information Services (IIS) Manager.
In the connections pane, expand the node for the server, and then
expand .
Click the Web site where you want to add the custom header.
In the Web site pane, double-click in the section IIS on HTTP Response Headers.
Under Actions, click Add.
In the Name box, type X-UA-Compatible.
In the Value box, type IE=EmulateIE9.
Click OK.
Hope this helps!
I was also looking into this issue and found my answer here:
http://www.nczonline.net/blog/2010/01/19/internet-explorer-8-document-and-browser-modes/
From that site:
There doesn’t appear to be any other way that and end user can trigger Internet Explorer 7 mode. As such, it appears that this is just a convenience tool for developers that frees us from needing to and so it appears to be a tool used primary for developers
The same thought can be applied to IE10 I guess. It's rather frustrating, but I hope it helps.