We Keep Coding

CORS still working after disabling browser web security

So I have been testing a website using Selenium, specifically a page with a credit card form embedded in an iframe. I want to access the content of said iframe but due to CORS I get the error message:
Uncaught DOMException: Blocked a frame with origin "<url>" from accessing a cross-origin frame.
I made a quick google search and realized you can bypass CORS using the "--disable-web-security" flag, so my code now looks like the following:
options = webdriver.ChromeOptions()
options.add_argument("--disable-web-security")
self.driver = webdriver.Chrome(os.getenv("CHROME_DRIVER"), options=options)
Surprisingly, the CORS exception keeps on popping and I'm currently stuck on how to go from here. I really do have to access the iframe's content, there isn't a workaround for this.
Since I was confused as to why this didn't work, I replicated the problem with another website, in this case Amazon, which functions similarly (credit card form embedded in an iframe). I ran the code with web security enabled and I get the same CORS error, as expected. But then I disable web security, exactly as mentioned before, and it works! I can now access the iframe.
I also downgraded to an older version of Chrome (86) from the current most stable (88) and nothing happens again. I'm using Ubuntu 20.04.
So now I'm wondering - why isn't the flag working for the first scenario I mentioned? Is there a chance the first website is forcing the browser's web security or something related? I'm not an expert in web development so any input on this would be valuable.

Turns out, all I needed was to add --disable-site-isolation-trials and a non-empty --user-data-dir along with --disable-web-security as stated here

For me, adding these flags to my Chrome launcher fixed my CORS issues:
--disable-web-security --user-data-dir=~/chromeTemp
Pls note, this only turns warnings off, this is definitely not a CORS solution

This webpage has a redirect loop (ERR_TOO_MANY_REDIRECTS)

We have a site that is not working in Google Chrome V44. It works well in IE and Firefox. All of sudden after updating chrome browser to V44, we unable to login to the system and just receiving this problem.
We're trying to figure out as why this is happening. We have 2 instances of our system in our server. Our live site is the one that is not working in Chrome V44 while the other - our demo site is fine. The only difference of the these sites is that our live has SSL. So our first impression is that there's a problem with Chrome V44 with our site with certificate.
I think Chrome can't establish secure connection with the site.
Has anyone experienced this issue?
Please help. Thanks.

This is due to a SSL in Chrome V44 where it incorrectly sends a HTTP_HTTPS header to be set, however the HTTPS header is still set correctly. It has been quite widely reported: http://www.zdnet.com/article/brand-new-chrome-44-release-added-a-bug/
https://ma.ttias.be/chrome-44-sending-https-header-by-mistake-breaking-web-applications-everywhere/
In order to stop this, in PHP, I added the following to the very top of my index.php file:
<?php
if (!isset($_SERVER['HTTPS'])) {
$_SERVER['HTTP_HTTPS'] = 0;
}
?>
Ensuring there is no space between the ?> and the next

I've recently had the chrome redirect loop on gmail.
Possibly significantly, I was doing some work involving changing my system time and it hasn't worked since. This guide helped to do that.
There is an available work-around, which is to use gmail in incognito mode, which does still work, although requires you to log in each time

In that case I would say this is an internal problem with you organization's setup. I would speak with your SysAdmin or IT staff. But just to be sure, use your phone carrier's internet, or a cafe nearby, basically something off your network to check if you can reproduce the error.

The issue with my MVC solution was, i had recently updated complete Nuget packages in my solution. After the update i forgot to update
<assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
<dependentAssembly>
section with new dll bindings which installed while update. So in my hosting server due to connectionstring issue, i was not overwriting the current .config file. So once i did the update in assemblyBinding section in .config file the issue gone.

There might be many reasons for the redirect loop. If you are confident your setup is done properly without any errors, then it might be the issue with your browser. You can try the following
Deleting cache and cookies
Correcting your system time (if it is not set to automatic)
Resetting the browser
Source

You should be able to fix this problem, you can try to clear your cookies in your browser
Open your Chrome browser.
Type "chrome://settings/clearBrowserData" in the address bar and press Enter.
Make sure you are clearing items from the Beginning of time. Then select Cookies and other site data. Click the Clear browsing data button.
If find from google search, this tutorial could helps you https://windows10freeapps.com/fix-err_too_many_redirects-error-google-chrome-browser

Chrome DevTools [chrome://inspect] : 404 Not Found The resource could not be found

I used "chrome://inspect" for a few days. Everything was fine. Today, for some reason, when I click "inspect" the result is "404 Not Found The resource could not be found."
What could be the reason for this ?
I was able to find only this topic: https://code.google.com/p/chromium/issues/detail?id=329979
I guess the drivers are OK if the device appears ? I`m able to transfer files, to "focus tab" or "close tab" and "reload" but i can't "inspect".
Chrome Version: 37.0.2062.124 m
DevTools URL : chrome-devtools://devtools/remote/serve_rev/#180870/devtools.html?&remoteFrontend=true&dockSide=undocked&toolbarColor=rgba(230,230,230,1)&textColor=rgba(0,0,0,1)
Edit:
I tink this comment is important so...
A bug was opened in the Google tracker: Link Please star it! Remember that you don't have to add a comment to it if you don't have new information :)
by MM
Edit 2:
DevTools are actually broken for ANY kind of Android devices, regardless device's version, Chrome version or OS. URLs of such kinds - http://chrome-devtools-frontend.appspot.com/serve_rev/#180870/devtools.html - that must return DevTools code - now returns 404. That could be fixed by Google without any change in the Chrome code, it's completely server-side problem.
by vrid...#gmail.com at bug tracker
Edit 3: At this time http://chrome-devtools-frontend.appspot.com/serve_rev/#180870/devtools.html is OK but slow. I realy cant get why I need usb driver to send data over the internet... to this page just to debug.

I had the same problem, but it was caused by chosen AOSP WebView instead of Chrome Stable at Developer Options > WebView Implementation. If you do not have Chrome Stable option available, then try to install Chrome and check again.

Just had the same issue. VPN was on, turnning it off fixed it.

That was a cloud storage glitch. Things have reverted to normal since then.

After updating chrome version on Android device worked for me.

This still occurs and workaround is to open chrome://inspect and click on inspect link under Remote target assuming the command node --inspect server.js is already hit.

Workaround:
disable chrome updates. Instructions: https://www.makeuseof.com/tag/stop-automatic-chrome-updates-windows/
uninstall latest Chrome on desktop.
install previous version: (I used slimjet: https://www.slimjet.com/chrome/google-chrome-old-version.php)
Open chrome://inspect/#devices url and choose inspect-fallback instead of inspect.

Refused to display in an frame because it set 'X-Frame-Options' to 'SAMEORIGIN'

FOllowing the video and sample code from https://developers.google.com/drive/web/quickstart/quickstart-js to upload any file from local system to google drve i was stuck with an error which states
"Refused to display 'https://accounts.google.com/o/oauth2/auth?client_id=%3CAIzaSyDa2kGIMQCLdfzk…%2Flocalhost&response_type=token&state=513052220%7C0.1330524626&authuser=0' in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN'."
I registered for a new client ID and also changes in the code with new clien ID
Also disabled the chrome security using "chrome.exe --user-data-dir="c:/temp/chromedev" --disable-web-security" in run command.

I faced the below issue while loading the PDF document into iframe from google drive.
Problem:
Refused to display 'https://drive.google.com/file/d/1ipnylkWoSx4NS0GtmsQVFUq7ms339DAW/view' in a frame because it set 'X-Frame-Options' to 'sameorigin'.
Reason:
As per my analysis, I faced this issue due to the URL is not considering as embedded to allow loading from other websites.
Solution:
I did even tried with the solution of adding ?embedded=true to the URL but still no luck. Then I got one solution from https://support.google.com/drive/thread/34363118?hl=en and replaced the view with preview in my URL and problem solved.
https://drive.google.com/file/d/1ipnylkWoSx4NS0GtmsQVFUq7ms339DAW/preview

The browswer sequrity is nonsense since Google Realtime API is intended to work with default security.
I received this error when supplied clientId = 'garbage'. Indeed, your client_id=<AIzaSyDa2kGIMQCLdfzk looks like garbage. Correct client_id shoud look like '1088706429537-4oqhqr7o826ditbok23sll1rund1jim1.apps.googleusercontent.com'

This is not related to disabling security in chrome browser.
I believe there might me some issues with my XAMPP Windows local host.Deploying the same application in node.js server or hosting Dropbox/Google Drive as a web app also works fine.

I don't know if this is still relevant, i got the same error loading a google docs in an iframe. After stripping the page of everything i had, removing the doctype solved my issue.
After this i found out there was a parameter ?embedded=true which allowed me to load it in a fancybox, which looks nicer anyway. Hope it helps any1, sorry if it's not relevant for you.

Application Cache Error event: Manifest fetch failed (404)

I have already one site, for that I have created one mobile site using jquery mobile with application cache features. (Both have same urls)
Using apache2 userAgent settings I redirected to mobile site for (Android and Iphone).
When It redirected to mobile site, I get below error:
Application Cache Error event: Manifest fetch failed (404)
test.manifest
CACHE MANIFEST
# version 1
CACHE
/index.html
/static/js/main.js
/static/css/style.css
Example:
main site:
www.example.com/
mobile site
www.example.com/
www.example.com/test.manifest open directly but using redirection it give 404 error randomly.
Please suggest any solution.

One thing wrong with your manifest. You need a colon after CACHE.

Is your redirect using code something like this?
$.mobile.changePage
I see similar issues if I use bookmarks to some of my pages rather than $.mobile.changePage.

404 is standard for the page not existing. My guess is your link is incorrect or you might have forgotten to upload your manifest file.

Maybe your paths should start without / that's often the case for me, even if the first element is a folder. But you've probably already checked that.

In my case I was able to make it working like
CACHE MANIFEST
#v1.0.1
NETWORK:
*
I had the 404 error when it was like:
CACHE MANIFEST
#v1.0.1
NETWORK
*
so without : in the NETWORK section.