Custom Protocol blocked By Chrome Version 30 - google-chrome

When I try to launch a custom protocol from https connection, Chrome version 30 is giving the following error.
[blocked] The page at https://something.com ran insecure content from custom-protocol://somethingelse.com/myapp
Chrome version 29 works fine.
Did anyone come across similar issue?
Is this a new issue/feature in chrome?
Appreciate any response.
Thanks in advance.

I did, and the problem was that I was using https to access the page, the link was in an iframe and most of all, the certificate used in the https was not trusted. After moving to https works fine.
And by the way, it was working in FireFox.
Hope it helps!

Related

VueJS local not found in Chrome

When browsing to http://localhost:8080/ in chrome I get redirected to a bad request page, provided by the chrome browser. If I browse to the network url ie: http://192.168.1.1:8080/, then the chrome browser happily loads it.
The localhost url works fine in Firefox and in Edge.
Has anyone experienced this behaviour before and know how to fix it?
Check your chrome proxy settings and hosts file, also try the guest and private mode.
It might be a cookies problem

chrome: CORS prefly request: status 405

I'm developing a ionic app and I need to make some CORS requests for dev purpose.
I use chrome v49 with -disable-web-security. I also use an .htcacces to allow OPTIONS request.
But i still get an error 405.
Chrome header sum'up
Try adding the chrome Extension Allow-Control-Allow-Origin: * from chrome webstore , enable
cross-origin resource sharing
from its option, then reload the page
Thanks for your answer. We already tried that but it did not succeed either.
The problem was server side. We used symphony witch refuse everything with is rly strict policy. To solve this we used NelmioCorsBundle.

Chrome trying to load http site over https

So we have a site that does not have an ssl certificate and normally loads fine over http (works in firefox, chrome canary, safari etc) but when loading the site on Chrome v 44 it cant find any of the resources because it is trying to serve them over https.
So the html loads but no styling or scripts etc.
We think this is happening after a chrome update. In the console, all the resources have this error
net::ERR_INSECURE_RESPONSE
If your site is in wordpress, I have the solution.
Just place
$_SERVER['HTTPS'] = false;
in your themes's functions.php.
At least it worked for me...
Maybe it is Chrome HSTS Chrome HSTS

Chrome v. 39 and Content-Security-Policy HTTP header

We recently discovered an interesting bug in newly released Chrome v.39.
It just crashed with standard "Aw Snap!" message on every page with an iframe if that iframe loads a page with Content-Security-Policy HTTP header. This blocked out web-site because we host some third-party ads.
From what i found the "Content-Security-Policy" header is a W3C standard and Google Chrome used to support in between v.25 and v.38 releases. But from now they don't.
Does anyone know a nice practical solution for this issue? Is there a way to prevent Chrome from crashing without this workaround?
If you want support Chrome 39/40, I found that adding the protocol in front of domain would prevent the crash (It's not required in CSP 2.0, but it's better than crash).
If you want support Chrome 41, it didn't crash even without protocol name.
Hope this helps.
In order to fix the issue we had to add a logic that sends X-Content-Security-Policy to all but IE and Content-Security-Policy to IE only. This is ugly code/solution but at least it stopped crashing.

Chrome Extension injecting iframe

I have my personal Google Chrome extension that adds an iframe to every page.
Now, it worked perfectly until a couple of days earlier.
Now it wont work on https pages!
The iframe source is HTTP.
The console is reporting:
[blocked] The page at https://example.com ran insecure content from http://mysite.com
Now, I know about mixed content issue, but it worked perfectly before. Why isnt it working now and how to fix it?
Anyone?
Thanks
Well, a new chrome update was released a couple of days ago. Check the patch notes from that release if they changed anything security related to make Chrome extensions require both HTTP or both HTTPS, not mixed.