Uncaught SecurityError: Failed to read the 'sessionStorage' property from 'Window': Access is denied for this document.
No clue how to go further on this...when all I did was `
Works in Firefox, not in Chrome.
Could be something related to http://help.twitch.tv/customer/portal/questions/6299203-javascript-errors-in-chrome-
I had the same problem with localStorage, and fixed it like this :
Under Settings > Privacy > Content settings, change the cookies' settings to "Allow local data to be set" or the second option (in my case, it was previously on "Block sites from setting any data").
Edit
On newer Chrome versions, make sure the first option is ticked here: chrome://settings/content/cookies
I had the same issue, but my problem was a script blocking plug-in ScriptBlock that I had set to allow the site but was still blocking some actions and not reporting it.
Disabled the script blocker and voila!
If you still want to block most 3rd party cookies, you can add an exemption. I usually can do it through the cookie button that pops up in the AddressBar, but it wouldn't let me for localhost. I had to add it via chrome://settings/content/cookies Picture of chrome://settings/content/cookies
For the latest chrome browser, this might work and better guide for you. And it works for me.
Settings > Privacy and security > Cookies and other site data > Allow all cookies
That should work perfectly.
Related
I try to set up the permissions policy header for the websites I managed.
Here's the header retrieved from the network tab of my Firefox browser:
permissions-policy:
accelerometer=(), ambient-light-sensor=(), autoplay=(self), battery=(), camera=(), display-capture=(), document-domain=(self), encrypted-media=(), fullscreen=(), gamepad=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), oversized-images=(), payment=(), picture-in-picture=("https://video.website.org"), publickey-credentials-get=(), screen-wake-lock=(), speaker-selection=(), unoptimized-images=(), unsized-media=(), sync-xhr=(), usb=()
When I browse this website I'm able to do everything what should be allowed for.
But I don't know if my rules are taken into account? I have no parsing error in my console log (only comments that some features are not recognized in Chrome).
If I go in my google Chrome (Version 103.0.5060.134 (Official Build) (64-bit)) settings (... > Privacy and security > Sites settings) or in my Firefox (103.0 (64-bit)) settings (3_, Privacy and Security > Permissions) I can't see any rules related to my header: it's like they are ignored.
My questions are:
should the Permissions policy header be visible in the browser configuration?
If yes, why my rules are not visible in my browsers? Are they not well parsed? I don't have any console error
If no, how can we check that our Permission policy header is well applied in Firefox and Chrome?
Thanks in advance for your help
Mat
I'm not sure what you mean by "be visible in the browser configuration". Where do you expect to see it? (Permissions-Policy headers are not going to affect whether the user has enabled/disabled features directly in the browser, as they only apply for the current request - e.g. if your PP header allows geolocation, if the user has disabled it then the browser will honour the user settings)
You say that you can see the Permissions-Policy header being returned. The only thing left is for you to do is test that the policy is being applied (e.g. can your site autoplay videos? If you change the header to 'autoplay=()' is autoplay prevented?, etc.)
Click Me
This used to work as a valid href attribute but it seems in the past few months it now shows an error in the console (I'm using Chrome):
Not allowed to load local resource: view-source: http://stackoverflow.com
I found some links from 2013 where this was once a bug in Chrome but said it was fixed.
Could someone point me to an authoritative source that can explain why this no longer works? I assume that this is security by the browser and not an angular issue (since view-source is whitelisted and used to work)
Looks like Chrome and Firefox (at least) disabled this within the past year or so
I found this thread, and these release notes explaining why and provides a timeline as to when the change took place.
Related StackOverflow question: File URL "Not allowed to load local resource" in the Internet Browser
Chrome responds with the "Not allowed to load local resource:" as a security protocol. I'm not sure why this used to work, but not now, though there is no real way around this unless web-security is disabled. There may be a different outcome on other browsers, but ultimately you are correct in thinking that it's Chrome's security.
The reason is that Chrome tries to preload URLs in background, to speed up your browsing experience.
If you open the DevTools after loading the page, the content of the items listed on the Resources tab may not be populated. This is also true of network requests on the Network tab. To see the fully populated resources on the Resources tab, first open the DevTools, then refresh the page, or navigate to the desired page with the DevTools open. Now select the html resource and it should be populated.
I am upgrading jwplayer to 7.4.4 with hlshtml and default mode as html5 settings.
My player is working fine in firefox. But in chrome its giving error : cannot load m3u8 crossdomain access denied.
Usually caused by a firewall blocking your access. On IE you can try: Go to "Internet Options" > "Secuirty" > "Internet" > choose "Custom Level" and scroll down to "Miscellaneous". One of the options should be "Access data sources across domain" - set this to "Enable".
If it is already enabled then it is likely that there is a firewall blocking you.
OR
When you get the error, do you have a shield on the right side of your address bar? You should be able to click on that and override the blocking for mixed content. Otherwise, you can force start the browser instance without the check through terminal, though, at that rate, would probably be easier to just use Safari until they get the cross-domain issue fixed.
When I go to my profile in https://console.developers.google.com it shows "Failed to load!" error and showing nothing in Dashboard or Activities.
Clearing the cache of browser worked for me in Chrome!
Ad-blockers add-ons were the cause of this issue for me. Whitelisting console.cloud.google.com domain for ad-block solved it.
If your symptoms include
GCP not loading project
Youtube and Youtube Music not playing
Allow CORS: Access-Control-Allow-Origin extension is installed
Turning the extension off will fix it.
I got rid of this "problem" by disabling ALL extensions on Chrome. AD Blocker, Instagram downloader, etc. Everything. When you are done, close and open your browser.
In my case I had turned on the CORS policy on my web browser so make sure you are not doing the same mistake.
Make sure that you are using the correct Google account, you can check that from the right-top corner in the browser, It was wrong account in my case.
In my case, billing was disabled, and when I enabled it, everything started working again.
I had a similar problem and some of the buttons failed to load and contents on the console page are misaligned.
In my case I have adblocker extension. All I have to do is whitelist the webpage in the adblocker extension. Now the contents of page are properly aligned and buttons are available.
Whenever I try to load a page whose SSL certificate is untrusted inside an iframe, Chrome 29 displays error page inside instead. Error code is ERR_INSECURE_RESPONSE.
For the same scenario, Firefox displays SSL warning in iframe with an option to ignore it.
Example: http://codepen.io/anon/pen/Glpdv
How can I force Chrome to display either a page itself or a dismissable SSL warning?
Open the iframe content in new window and accept cert.
Then you will be able to open this also in iframe.
This problem cause while ssl integration not completed properly. Some details available here : https://support.mozilla.org/en-US/kb/connection-untrusted-error-message
If you are using amazon and godaddy server combination let me know I can provide the working guide to fix this issue.