In my application, we use the XDR objects (XDomainRequest for IE8 to IE10 and EventSource for other browsers) to open a sticky connection to the server.
However, IE11 doesn't implement the XDomainRequest anymore.
What should I use for IE11? XMLHttpRequest 2?
According to MSDN's Compatibility changes in IE11:
The XDomainRequest object is replaced by CORS for XMLHttpRequest.
Related
I've got a JavaScript bookmarklet that prompts for a bookmark name, then using XMLHttpRequest, POSTs the name and current page URL to a Java servlet running in Tomcat on localhost. The servlet stores the name and URL in a DB. This works fine for most webpages, but fails if the page that's currently loaded has added Content Security Policy "connect-src" restrictions.
Here's the error: Refused to connect to 'http://localhost:8080/MyServlet' because it violates the following Content Security Policy directive: "connect-src 'self'
I obviously don't want to disable CSP completely. And since I won't know if I want to bookmark the page until it's fully loaded, anything that tinkers with CSP in the response headers or meta tags is doing the work too soon.
Is there some way I can tell the browser to ignore the "connect-src" restriction for just my localhost case, or disable/enable it on either side of my XMLHttpRequest POST?
I'm in Chrome "90.0.4430.72 (Official Build) (64-bit)".
I have a web page that contains an iframe. The iframe is loaded with a URL call to the same server as the page. However, I get this, because I am apparently using a different port, 81:
Refused to frame 'http://my-same-server:81/' because it violates the following Content Security Policy directive: "frame-src 'self' https://*".
I realize this is a Content Security Policy issue for newer Chrome browser versions, and know that I need to change an Apache header, but am not sure to what I would change it to allow the iframe to properly load. The URL cannot use HTTPS, otherwise there are no special conditions. Any help would be grand. Thank you.
I am developing a Rails application that uses SSL connection. I am currently using third party resources that are js and css files for implementing a map (OpenStreetMap) . I have already tried to import these resources (js and css) into my application, but the javascript code tries to access an external WMS via HTTP.
The problem is that Google Chrome is blocking access to third-party resources from HTTP when the application is in HTTPS.
So I disabled SSL on a certain pages of the application and tried to force the HTTP or HTTPS the way I desire.
Following this blog: http://www.simonecarletti.com/blog/2011/05/configuring-rails-3-https-ssl/ and it works.
But when I force the HTTP protocol to the page where these resources will be used using Google Chrome, it forces HTTPS connection causing infinite loop.
If I clear the Chrome cache (that have already accessed the same page with HTTPS) in order access it via HTTP it works. But if I have accessed a HTTPS page and try to access via HTTP, Chrome forces the HTTPS connection resulting in an infinite loop.
The question is: Is there something I can set in the request that causes Chrome to accept the connection?
Regards
I've been doing some research on this, and it turns out that turning on force_ssl = true on Rails 3 causes the app to send an HSTS header. There's a bit of information about it here: How to disable HTTP Strict Transport Security?
Essentially, the HSTS header tells Chrome (and Firefox) to access your site only through HTTPS for a specific amount of time.
So... the answer I have for you now is that you can clear your own HSTS setting by going to about:net-internals within your Chrome browser and removing the HSTS state.
I think the answers here can help you: Rails: activating SSL support gets Chrome confused
I am getting the following error when i try to execute send some values via SenchaTouch to the web service. What does this mean, and how can i solve this? The remaining of my code can be found at this SO post
XMLHttpRequest cannot load http://testWebService/service/. Origin http://localhost is not allowed by Access-Control-Allow-Origin.
note: I found this link, but it still didn't help.
If you are planning to run your application as a web application, you have to make sure your web service is in the same domain as your application.
Try this if you are planning to deploy sencha touch through phonegap but want to debug on your browser.
Using chrome,
to disable Cross-site scripting security:
Disable same origin policy in Chrome
Or using safari : (for this method http://localhost won't work)
Open the file locally on safari.(cmd+o and select the html file you wanna run)
Safari does not have XSS security for local files.
Hope it helps.
Regards,
Steve0hh
This is the browser blocking a cross domain XMLHttpRequest. You will need to either run a local copy of the web service on localhost, or upload your application to the TestWebService domain.
See enable-cors.org, to enable Cross-Origin Resource Sharing.
I have successfully configured my SWT Browser application to use the proxy by setting VM arguments -Dnetwork.proxy_host and -Dnetwork.proxy_port to the according values.
However the proxy needs authentication, but the username / password prompt does not open. Futhermore when registering an authentication listener, the listener is never triggered.
The problems occured with a Linux Debian 64 Bit distribution. When compiling the same application for windows, all works fine, i.e. the password promt opens. The SWT Browser is configured to use MOZILLA, not WEBKIT. Unfortunatelly I cannot test with WEBKIT as I am limited to a given environment.
Temp solution: When starting the Linux Mozilla Browser, the prompt comes up. If entering there correct values and afterwards starting the SWT Browser application, then no authentication is needed at all and internet access is possible. But this is not a good solution.
When I register a location listener with "addLocationListener" to look whats going on with url calls, then I can see that the initial url (for example www.google.de) results to call a certain http site of the proxy server. And this http site is a redirect to a https site of the proxy. Then the https site results in calling the http redirect page again. This is then an endless loop.
I would guess that somewhere in the JAVA code of the SWT Browser class there is a routine that calls setUrl with those pages (what results in an
endless loop) and skip to call any authentication listener for some reason.
Maybe someone has an idea whats going wrong in this authentication process?
I have no solution but a hint: I'm not sure what you mean by "Linux Mozilla Browser" - I know Firefox and Xulrunner. But your workaround suggests that profile information is shared somehow and that shouldn't happen.
I tried to find some information how to define the profile (where the web browser keeps its cache, config, SSL certificates, plugins, ...) but to no avail.
This entry in the FAQ shows how to set the proxy host: How do I set a proxy for the Browser to use?
Try to find a way to add the user/password information into the request sent to the proxy server. If that fails, create a local proxy which connects to the real proxy as upstream and which can authenticate itself.
Looking at the bug database, there is no support for Browser profiles: Flexible Mozilla profile support - new API request