Chrome extension breaks HTTPS on all URLS being loaded.
Any suggestions on where to start looking for the cause?
The status of the connection as given by Chrome is:
Your connection to this site is private, but someone on the network might be able to change the look of the page.
screenshot
Disabling the extension resolves HTTPS.
Copy the extention script and place it on your server.
So you can access it without refering to a <script src="http://...>.
But a <script src="/path/to/this/js/on/your/server" ...>.
The problem isn't the extention itself, but it's location.
Related
I keep getting the error below ONLY on Chrome Browser, however there is single call to http://fonts.gstatic.com/s/roboto/* within the page nor its included statics files. I do not have any idea why Chrome makes this call nor where it is coming from. Access same url from any other browser works except Chrome.
Please I will appreciate your help on fixing this error
Mixed Content: The page at 'https://www.domainname.com/' was loaded
over HTTPS, but requested an insecure font
'http://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu5mxKOzY.woff2'.
This request has been blocked; the content must be served over HTTPS.
Just for the record and anyone that might be facing similar problem. As #Raj mentioned in his answer, Chrome does not let https sites use resources from http sites.
However, I narrowed down issue when I served an empty page with just HTML & Body tag and confirmed the issue still persisted. This tells me there might be something else wrong somewhere.
And it happened to be one of the installed Chrome Extensions that is injecting this fond resource. I fixed the issue by disabling all Extensions. I will figure out which one was doing the harm by re-enabling them one after another
Chrome does not let https sites use resources from http sites. Changing to https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu5mxKOzY.woff2 will solve the problem
I had the same problem. The solution was to deactivate a chrome plugin. In my case, it was VLC Video downloader, which inserted this path to an unsecure resource.
I want to develop a google chrome extension which replaces url to another if page is not available.I mean it responses
*The server DNS address of the example.com host machine could not be found.
*ERR_CONNECTON_RES
or same as these stuations.
I have searched how extensions work and found these extentions run after DOM is completed.But i believe that there is no impossible thing.
Is there a any code i can add to run the extension before DOM is completed to content.js.
You won't be able to work with just content scripts; those cannot be used on Chrome error pages.
So, you'll need a background page and some API event to listen to for the specific case of network errors.
webNavigation API seems to be a good fit, e.g. webNavigation.onErrorOccurred.
I am trying to load socket.io using the following code:
<script src="http://cdn.socket.io/socket.io-1.4.5.js"></script>
However some users have reported the following error to me:
Failed to load https://cdn.socket.io/socket.io-1.4.5.js ERR_SSL_PROTOCOL_ERROR
Is this an automatic security setting on modern browsers? And if so can it be disabled?
The problem is not your fault!
Accessing that link in my browser fails as well, and inspecting the unsuccessful request shows that the following header was set:
Upgrade-Insecure-Requests: 1
This tells the browser to "upgrade" all http:// URLs to https://, which seems to mirror the error your users are reporting.
ERR_SSL_PROTOCOL_ERROR indicates that the SSL certificate for https://cdn.socket.io/ is incorrectly configured and thus the browser (rightly) assumes the worst, and chooses not to trust data served from that domain over the secure protocol. When the domain is configured to "upgrade" insecure requests to secure ones, and secure requests are rejected by the browser, it becomes clear why there is no way to access the content correctly at either URL.
I would contact the administrators of the website and inform them of the problem, or just simply switch to another CDN like Chris Chen suggested:
<script src="https://cdnjs.cloudflare.com/ajax/libs/socket.io/1.4.5/socket.io.min.js"></script>
Sounds like the users who are experiencing that error are hitting the https version of your page. Best way to deal with this issue is by changing your code to:
<script src="//cdn.socket.io/socket.io-1.4.5.js"></script>
Or
<script src="https://cdn.socket.io/socket.io-1.4.5.js"></script>
The former is preferable (because it is faster for http users) unless you are working with an .html or .htm page and want to open it without a web server.
The link is not working at all from anywhere. Is it a private link that require certification?
If you just want socket.io.js, use link from https://cdnjs.com/libraries/socket.io
So basicly I can't use variables that were created by website in my Chrome extension but can I make jQuery ajax query to this site? Like I found that site is using something like this
/ajax/groups/members/remove.php?group_id=111111111111&uid=1111111111
Can I do that with my extension that will contain jQuery.ajax code? Tbh I have never used jQuery.
Thanks in advance.
Let me clear some concepts for you:
1- Your chrome extension has a background page and it is completely different than the current tab that the user is viewing (you referred to it as website).
2- You can access tabs (including the current active tab) with chrome.tab API
https://developer.chrome.com/extensions/tabs
3- You can load jquery in your chrome extension background and you can send ajax requests with it. Also, you have to set required permissions for your chrome extension to be able to access outside domains.
4- If you send a ajax request with this path "/ajax/groups/members/remove.php?group_id=111111111111&uid=1111111111" in your chrome extension, it tried to load it from your localhost because your chrome extension loads from your localhost. Therefore, you have to write complete path such as "//www.mydomain.com/ajax/groups/members/remove.php?group_id=111111111111&uid=1111111111"
I have a website at example.com and I am serving all external resources from cdn.example.com. So in my HTML page at example.com I have something like:
<script type="text/javascript" src="http://cdn.example.com/script.js"></script>
In my script I want to create a Web Worker, so I do:
worker = new Worker("http://cdn.example.com/script.js");
But this fails on Firefox 16 with Failed to load script: http://cdn.example.com/script.js (nsresult = 0x805303f4) error. It works on Safari 6 and Chrome 22.
It seems the problem is because origins differ. Effective origin of the script is example.com and cdn.example.com does not match that. This seems a bug because not CORS not setting document.domain helps (or at least I couldn't make it to work by playing with that). Is there any way to make it work?
At the end I made website at example.com serve a simple JavaScript code which includes the real web worked code:
importScripts('http://cdn.example.com/script.js');
and then create web worker by pointing to that.