I'm developing a ionic app and I need to make some CORS requests for dev purpose.
I use chrome v49 with -disable-web-security. I also use an .htcacces to allow OPTIONS request.
But i still get an error 405.
Chrome header sum'up
Try adding the chrome Extension Allow-Control-Allow-Origin: * from chrome webstore , enable
cross-origin resource sharing
from its option, then reload the page
Thanks for your answer. We already tried that but it did not succeed either.
The problem was server side. We used symphony witch refuse everything with is rly strict policy. To solve this we used NelmioCorsBundle.
Related
I am trying to make a CORS request with credentials(Cookies attached) and Chrome is not attaching the Cookie to my request. I have set the cookie to a sub-domain of the existing page and i could observe it is set successfully from the Cookie manager.
I do not have this problem with Chrome 78th version(latest version). But for the previous versions, I have this problem(I have checked 75 and 77). As well as i do not have any problem with other major browsers also. They also attach cookies without a problem.(I have tested my code with Firefox, IE, Opera and Edge)
This how I have set the Cookie from external service end.
res.setHeader('Set-Cookie','cdn-token=exp3header_same-site-none; domain=.local.com; path=/; SameSite=None;');
Complete sample code base can be found in following links:
External service - https://github.com/bhanukayapa/cors-backend.git
Front-end application - https://github.com/bhanukayapa/cors-angular-frontend.git
Can someone please explain the root cause for this problem? I checked Chrome release notes also. I could not find and bug fix or improvement related to this. Thanks in advance.
If setting SameSite=None this must be paired with Secure. e.g.
res.setHeader('Set-Cookie','cdn-token=exp3header_same-site-none; domain=.local.com; path=/; SameSite=None; Secure');
When I go to my profile in https://console.developers.google.com it shows "Failed to load!" error and showing nothing in Dashboard or Activities.
Clearing the cache of browser worked for me in Chrome!
Ad-blockers add-ons were the cause of this issue for me. Whitelisting console.cloud.google.com domain for ad-block solved it.
If your symptoms include
GCP not loading project
Youtube and Youtube Music not playing
Allow CORS: Access-Control-Allow-Origin extension is installed
Turning the extension off will fix it.
I got rid of this "problem" by disabling ALL extensions on Chrome. AD Blocker, Instagram downloader, etc. Everything. When you are done, close and open your browser.
In my case I had turned on the CORS policy on my web browser so make sure you are not doing the same mistake.
Make sure that you are using the correct Google account, you can check that from the right-top corner in the browser, It was wrong account in my case.
In my case, billing was disabled, and when I enabled it, everything started working again.
I had a similar problem and some of the buttons failed to load and contents on the console page are misaligned.
In my case I have adblocker extension. All I have to do is whitelist the webpage in the adblocker extension. Now the contents of page are properly aligned and buttons are available.
We recently discovered an interesting bug in newly released Chrome v.39.
It just crashed with standard "Aw Snap!" message on every page with an iframe if that iframe loads a page with Content-Security-Policy HTTP header. This blocked out web-site because we host some third-party ads.
From what i found the "Content-Security-Policy" header is a W3C standard and Google Chrome used to support in between v.25 and v.38 releases. But from now they don't.
Does anyone know a nice practical solution for this issue? Is there a way to prevent Chrome from crashing without this workaround?
If you want support Chrome 39/40, I found that adding the protocol in front of domain would prevent the crash (It's not required in CSP 2.0, but it's better than crash).
If you want support Chrome 41, it didn't crash even without protocol name.
Hope this helps.
In order to fix the issue we had to add a logic that sends X-Content-Security-Policy to all but IE and Content-Security-Policy to IE only. This is ugly code/solution but at least it stopped crashing.
When I try to launch a custom protocol from https connection, Chrome version 30 is giving the following error.
[blocked] The page at https://something.com ran insecure content from custom-protocol://somethingelse.com/myapp
Chrome version 29 works fine.
Did anyone come across similar issue?
Is this a new issue/feature in chrome?
Appreciate any response.
Thanks in advance.
I did, and the problem was that I was using https to access the page, the link was in an iframe and most of all, the certificate used in the https was not trusted. After moving to https works fine.
And by the way, it was working in FireFox.
Hope it helps!
Visiting my site in SSL and in Chrome (12.0) I get
Your connection to someWebsite is
encrypted with 256-bit encryption.
However, this page includes other
resources which are not secure. These
resources can be viewed by others
while in transit, and can be modified
by an attacker to change the behaviour
of the page.
The connection uses TLS 1.0.
The connection is encrypted using
AES-256_CBC, with SHA1 for message
authentication and DHE_RSA as the key
exchange mechanism.
The connection is compressed with
DEFLATE.
I searched with FireBug (NET tab) and Chrome Inspector and all resources are accessed via https. Where is the problem? *I cleared the cache already
What could be the problem?
Chrome will give this error if you've visited another https page on the same domain that had mixed content however this should not be the problem if you've tried clearing your cache.
You might want to try Ctrl-Shift-J for the JavaScript console, it should show the insecure content.
I have the same thing - and I read from the Google Chrome help site that elements on the site are not encrypted - like videos. I looked via Firefox - right click->View Page Info->Media tab and saw that every time I use a YouTube video in my video player I have plain http addresses like:
http://s.ytimg.com/yt/swfbin/watch_as3-vflrEm9Nq.swf and
http://img.youtube.com/vi/V6JgyNy59yA/1.jpg
I think these non https links are causing the security message site-wide. Thus, it appears using videos from 3rd party sites will always throw a security error in Google Chrome for https pages.
That's my answer - but I have no solution yet. I need to be able to share videos from youTube in our news section, but my online store section needs to use https without scary red letters and slashes through it for my clients.
Has anyone dealt with this effectively?
Thanks
Had the same problem on my Magento Site. Be sure to change all image and js links (even in .css) from http:// to simply //. Solved it for me.
I had the same issue, my problem was that some img tags had src to http instead of https, it does not matter even they link to other domain like <img src="http://otherdomain.com/image.jpg" /> it still shows that warning. As soon as I changed all internal and external img links to https the warning disappeared.
If you check the page and it seems to have no insecure content, check to make sure that something on the page is not submitting data to an insecure location.
Content should be submitted over HTTPS, not HTTP.