This question already has answers here:
How to fix "page trying to load scripts from unauthenticated source" [closed]
(2 answers)
Closed 3 years ago.
insecure content blocked
When I published my site (https://myitside.com/instagram-downloader/), I always get a safety shield in the url-bar on top that says: Insecure content blocked. This page is trying to load scripts from unauthenticated sources. Because of this error, my site does not show icons or the correct font until I click "load unsafe scripts".
How to solve this
As it says, your page is trying to load scripts from unauthenticated sources...make sure those scripts are loading from https:// addresses and not http://.
Related
This question already has answers here:
API Automation Testing : Is there any way to automate download scenario with content validation?
(2 answers)
Closed 1 year ago.
I am automating my web application using Karate UI. I want to save a file from the application to a specific location to validate. By default, it is getting saved in the system downloads folder. How do I change this download path?
I have tried
addOptions: ['user.dir','path']
userDataDir = "path"
in karate.config(---)
You may be able to do this if you control the user data dir. One of the things you can try is to move a pre-created profile where the system directory is set correctly etc.
Else please assume this is not supported - you are welcome to contribute code and research.
The recommendation is to use Karate's API testing capabilities to download a file to a controlled location: https://stackoverflow.com/a/67018365/143475
This question already has an answer here:
Python HTTP Basic Authentication through Selenium when username and password contains special characters
(1 answer)
Closed 2 years ago.
Our test environment is using a basic authentication and I'm trying to send the parameters in the URL header.
The only problem is, our password already contains "#", which means everything after it is considered as the website URL itself.
I've been trying to use "%40" which represents this character but it didn't work.
Here's the header assuming the username="username" and the password is "my#password":
driver.get("https://username:my%40password#test.website.com");
It used to work on my older computer, but something doesn't work on this one.
Any suggestions?
It used to work on my older computer
How long ago did it actually work? This old Chrome browser feature was removed from Chrome for years, but I learned from a bug report I filed that it's been brought back, although it only works in Selenium, not for a regular Chrome user in the address bar.
Perhaps Chrome's current "resurrected" name:password# feature no longer supports the %40 trick you used to use?
This question already has an answer here:
Configure IIS server to work with Aurelia framework and push state
(1 answer)
Closed 4 years ago.
I have a project created using Aurelia CLI v0.33.1 using Webpack. I have enabled pushState and index.ejs contains a <head> with:
<base href="<%- htmlWebpackPlugin.options.metadata.baseUrl %>">
which is currently set to "/" in my webpack.config.js (as I've seen suggested elsewhere for similar issues).
When I access the url locally via, http://localhost:8080/orders, I can view the page. After publishing to an Azure host, accessing https://<AzureHostURL>/orders results in a 404.
If I navigate to https://<AzureHostURL> and use the UI to navigate to /orders it works as expected.
It is unclear to me what the cause of this issue could be.
Thanks to direction from #avrahamcool, which provided me with an understanding of the problem, I found this Stack Overflow question which provided the exact solution I needed.
Recently our website went from http to https. I, and others, are randomly getting "The Site Can't Provide a Secure Connection" page. Upon refresh, the page loads just fine. Why are we getting this initial page randomly?
FYI... We have http to https redirects in place.
Impossible to say without more details, but some things I can suggest are:
You have multiple servers and some are configured correctly and some incorrectly.
You are not including the full certificate chain. Sometimes your browser has the missing intermediary cached and sometimes not (see this answer for more info here: https://serverfault.com/questions/826100/ca-certificate-trouble-with-squid-on-centos7/826321#826321)
A bug in browser/software. I had this issue on Chrome when using Apache HTTP/2. Never did figure it out but a Chrome update fixed it.
Run https://www.ssllabs.com/ssltest/ on your site to confirm not a problem with your https set up and, if that doesn't work, or you don't understand the results it gives, then update your question with more details (what Server and Browser you are using and what version, if you have any proxy in place between your Browser and the site and, ideally the website name) if you want people to help you.
Also be aware this is a programming site and some people don't like these questions here and will suggest other Stack Exchange sites but honestly don't know where this question is best placed: serverfault.com maybe, but is for professional SysAdmins only, Unix and Linux seems a little generic (not even sure if you are using a Linux webserver!), Webmasters is more for content and SEO questions, Information and Security is more for theoretical SSL/TLS questions...
I am trying to setup my HTTPs website with Apache 2.2 and Firefox 33.
On the first load Firefox shows that warning.
But on the next page load (i.e. F5, another tab, etc until firefox restarts) everything on this URL is secure.
The page is just plain HTML, no javascripts, no images. I put robots.txt and favicon.ico into the /var/www/site/htdocs/ (I thought firefox loads them from http:// instead of https://). But this did not helped.
So, why firefox shows this warning on the first view after launch and don't does that later?
(I tried to ask this question on server fault, but don't have enough reputation to upload pictures)
UPD: Tools -> Web Development -> WebConsole says
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://mc.yandex.ru/webvisor/26570853?rn=493111185&page-url=http%3A%2F%2Fstart.calculate-linux.ru%2F&wmode=0&wv-type=0&wv-hit=372504783&wv-part=1&wv-check=34794&browser-info=z%3A240%3Ai%3A20141022210348%3Arqnl%3A1%3Ast%3A1413997437. This can be fixed by moving the resource to the same domain or enabling CORS. 26570853
Everything becomes ok, when I set about:blank as homepage.
But the question remains - how (in this scenario) scripts from previous page can affect next page?