Chrome SecurityError loading jQuery Mobile page from local file system - javascript

I get the following error in Chrome when loading a trivially simple html file with a jQuery Mobile reference. The error is not present with just the jQuery reference.
Uncaught SecurityError: Failed to execute 'replaceState' on 'History':
A history state object with URL 'http://stacksnippets.net/js' cannot
be created in a document with origin 'null'.
<html>
<head>
<script src="https://code.jquery.com/jquery-2.1.4.js"></script>
<script src="https://code.jquery.com/mobile/1.4.5/jquery.mobile-1.4.5.js"></script>
</head>
<body></body>
</html>
You can also "Run code snippet" and see the error in the console.
This error did not happen before today. I have not changed my code or method of loading the html file in the browser. It used to work perfectly - I use the same code for all my PhoneGap apps.
Does anyone know if there was a Chrome security update that causes this SecurityError or whether I'm missing something? How would you go about debugging this? Thank you.
UPDATE
This discussion I think points out what is going on, which I suspected, since the error does not appear when running with a web server: Origin null is not allowed by Access-Control-Allow-Origin .
But I am still wondering why this changed in the past day, whether Chrome has had a change in their security policy, or why it was working before, and whether any of my PhoneGap apps will be affected.

This error is same as the origin is null error. This error occurs because of the security feature of Chrome.
A simple solution to test the application is to bypass this security on chrome.
Steps:
create a chrome browser shortcut on desktop.
Close all the instances of chrome on your machine.
Right click on the desktop shortcut of chrome and click on Properties.
in Target field, append " -allow-file-access-from-files" at the end.
Save and close properties.
Open chrome via this shortcut only.
Hurry, the error has gone. App works perfectly.
NOTE: This is just a work-around I use to test my cordova apps on desktop browser for UI testing.

Temporary solution: I've commented out all history.replaceState calls in jquery mobile, didn't need to manipulate browser history in my app anyways.
I wonder if it's chrome security bug or model and future behavior.

On a Mac I was able to fix this by running a webserver instead of loading it from a "file://" url:
http://lifehacker.com/start-a-simple-web-server-from-any-directory-on-your-ma-496425450?utm_expid=66866090-49.VYy4WCNHSyuP6EmjnM93MQ.0&utm_referrer=https%3A%2F%2Fwww.google.com%2F
python -m SimpleHTTPServer 8000
In the directory should make it available from Chrome via 0.0.0.0

I don't seem to have the same problem, not on the stable version of Chrome (45) or the Dev version (47).
However, I have personally seen issues with the CORS header, too. If you can cause the problem to happen reliably, I suggest filing a bug at crbug.com and a Chrome developer will have a look at it.

Related

PostHog | Brave Browser Event Tracking Issue

we have implemented Posthog with React and tested the implementation, which is working fine on Chrome and Firefox. But when we are testing it on Brave/Microsoft Edge Browsers it is not working.
We have done some research on this, which says these browsers have default ad blocker feature enabled and I need to manually disable ad blocking.
For resolving Brave browser tracking issue, we have created self hosted cloud front distribution and pass cloud front url in api_host parameter inside posthog.init function but it's not working and I am getting authentication issue. Could you please guide me for the same ?
I have used posthog-js in my react app for tracking events. Everything is working properly on chrome browser but my custom events are not getting triggered on brave browser.
Here is console logs error, please have a look to attached screenshot
The errors in the screenshot are the Brave browser doing its thing and blocking third-party scripts. You can check this using "shields" https://support.brave.com/hc/en-us/articles/360022806212-How-do-I-use-Shields-while-browsing-
I'd recommend you set up a reverse proxy so that traffic to PostHog travels to your own domain. So you would have something like https://my-own-domain.com/e
see https://posthog.com/docs/integrate/proxy
(as in the comment thread above. full disclosure I'm an engineer at PostHog)

CORS still enforced after disabling Chrome web security?

I'm trying to grab data from one website and use it to write something into another website (using JQuery/Javascript). Understandably, the same origin rules weren't going to let that happen, but I figured disabling web security/CORS on my browser should fix that problem. For some reason, I can't get the policy disabled in Chrome, and I can't figure out why.
I've tried launching Chrome with --disable-web-security --user-data-dir=
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --disable-web-security --user-data-dir="C:\Users\<username>\Desktop\chromeTemp"
I expected to be able to open a new tab, access 'document' in the console, and find a link I want to 'click', but instead I got
VM186:1 Uncaught DOMException: Blocked a frame with origin <url> from accessing a cross-origin frame.
I thought this would no longer be blocked?
Looks like there might be an open bug for this, possibly try an older chrome version.
https://bugs.chromium.org/p/chromium/issues/detail?id=840124
See Last Comment on workaround:
"The workaround is to download an old version of Chrome as a portable app : https://sourceforge.net/projects/portableapps/files/Google%20Chrome%20Portable/ (version 66.0.3359.181 still works). It's the one I use when I'm developing..."

Only on Firefox "Loading failed for the <script> with source"

I want to integrate Marketo form with my existing website on yii framework.
My code works on all the browsers except Firefox.
Excerpt from my code:
$('#button').click(function () {
var formData = {
'Email': $('#UserInfo_email').val(),
'FirstName': $('#UserInfo_first_name').val(),
'LastName': $('#UserInfo_last_name').val(),
};
MktoForms2.loadForm('//app-ab23.marketo.com', mcId, formId, function (form) {
var myForm = MktoForms2.allForms()[0];
myForm.addHiddenFields(formData);
myForm.onSuccess(function (values, followUpUrl) {
return false;
});
myForm.submit();
});
});
I get error on Firefox only with message
Loading failed for the <script> with source “http://app-ab23.marketo.com/index.php/form/getForm?munchkinId=1111&form=1111&url=http%3A%2F%2Fblox.dev%2Fwizard%2Fmap&callback=jQuery110207175825035737486_1503656391790&_=1503656391791”.
other browsers do the job correctly
note: munchkinId and formId are changed for posting here.
I just had the same issue on an application that is loading a script with a relative path.
It appeared the script was simply blocked by Adblock Plus.
Try to disable your ad/script blocker (Adblock, uBlock Origin, Privacy Badger…) or relocate the script such that it does not match your ad blocker's rules.
If you don't have such a plugin installed, try to reproduce the issue while running Firefox in safe mode.
If you cannot reproduce it in safe mode, it means your issue is linked to one of your plugins or settings.
Otherwise, it might be a different issue. Make sure you have the same error message as in the question. Also look at the network tab of the developer tools to check if your script is listed (reload the page first if needed).
I've just had the same issue - for me Privacy Badger on Firefox was the issue - not adblocker. Posting for posterity
I noticed that in Firefox this can happen when requests are aborted (switching page or quickly refreshing page), but it is hard to reproduce the error even if I try to.
Other possible reasons: cert related issues and this one talks about blockers (as other answers stated).
Today I ran into the exact same problem while working on a progressive web app (PWA) page and deleting some cache and service worker data for that page from Firefox. The dev console reported that none of the 4 Javascript files on the page would load anymore. The problem persisted in Safe mode, so it was not an add-on issue. The same script files loaded fine from other web pages on the same website. No amount of clearing the Firefox cache or wiping web page data from Firefox would help, nor would rebooting the Windows 10 PC. Chrome all the time worked fine on the problem page. In the end I did a restore of the entire Firefox profile folder from a day-old backup, and the problem was immediately gone, so it was not a problem with my PWA app. Apparently something in Firefox got corrupted.
I had the same problem (different web app though) with the error message and it turned out to be the MIME-Type for .js files was text/x-js instead of application/javascript due to a duplicate entry in mime.types on the server that was responsible for serving the js files. It seems that this is happening if the header X-Content-Type-Options: nosniff is set, which makes Firefox (and Chrome) block the content of the js files.
As suggested above, this could possibly be an issue with your browser extensions. Disable all of your extensions including Adblock, and then try again as the code is loading fine in my browser right now (Google Chrome - latest) so it's probably an issue on your end. Also, have you tried a different browser like shudders IE if you have it? Adblock is known to conflict with domain names with track and market in them as a blanket rule. Try using private browsing mode or safe mode.
I ran into the same issue (exact error message) and after digging for a couple of hours, I found that the content header needs to be set to application/javascript instead of the application/json that I had. After changing that, it now works.
VPNs can sometimes cause this error as well, if they provide some type of auto-blocking. Disabling the VPN worked for my case.
If the src is https and the certificate has expired -- and even if you've made an exception -- firefox will still display this error message, and you can see the exact reason why if you look at the request under the network tab.
I had the same issue with firefox, when I searched for a solution I didn't find anything, but then I tried to load the script from a cdn, it worked properly,
so I think you should try loading it from a cdn link, I mean if you are trying to load a script that you havn't created.
because in my case, when tried to load a script that is mine, it worked and imported successfully, for now I don't know why, but I think there is something in the scripts from network, so just try cdn, you won't lose anything.
I wish it help you.
I ran in the same situation and the script was correctly loading in safe mode. However, disabling all the Add-ons and other Firefox security features didn't help. One thing I tried, and this was the solution in my case, was to temporary disable the cache from the developer window for this particular request. After I saw this was the cause, I wiped out the cache for that site and everything started word normally.
I've had the same problem and the culprit was the "I don't care about cookies" Firefox addon. Like another user here, I'm posting for posterity.
This could also be a simple syntax error. I had a syntax error which threw on FF but not Chrome as follows:
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js">
defer
</script>
I've just run into this issue while building Facebook Login into my ASP.NET project.
It turned out to be an extension called Facebook Container, which blocks the Facebook SDK script unless you add an exception for the site in question.
Once I added the exception it all worked fine.
Ran into the same problem today. It turned out that there was no storage space left on the VM the site was running on and therefore requests weren't completely handled anymore.
After cleaning things up (notably Docker-related stuff), everything works fine again.
For me it wasn't AdBlock, but actually a wrong relative path. Wrong error message I guess. I was able to see this in the server logs.
For me it was NoScript extension which was installed by default by my company. I configured localhost to be safe, then it worked.
For me (Next.js project static export) it was due to cache. I did a hard refresh Ctrl + F5 and everything started working fine.

www-embed-player.js:150 GET chrome-extension://eojlgccfgnjlphjnlopmadngcgmmdgpk/cast_sender.js net::ERR_FAILED [duplicate]

I'm having an error running Chromecast sender in Chrome Incognito or if Chromecast extension is not installed:
Failed to load resource: net::ERR_ADDRESS_UNREACHABLE chrome-extension://boadgeojelhgndaghljhdicfkmllpafd/cast_sender.js
Failed to load resource: net::ERR_ADDRESS_UNREACHABLE chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm/cast_sender.js
Failed to load resource: net::ERR_ADDRESS_UNREACHABLE chrome-extension://hfaagokkkhdbgiakmmlclaapfelnkoah/cast_sender.js
Failed to load resource: net::ERR_ADDRESS_UNREACHABLE chrome-extension://fmfcbgogabcbclcofgocippekhfcmgfj/cast_sender.js
Failed to load resource: net::ERR_ADDRESS_UNREACHABLE chrome-extension://enhhojjnijigcajfphajepfemndkmdlo/cast_sender.js
No cast extension found
Google cast sender is trying to send AJAX requests for local "cast_sender.js". Should this happen or is there a better way to check if Chromecast sender extension exists (not by requesting AJAX request)?
I believe these AJAX requests are a way of asking if Chromecast extension exists. Is there a better way to check if Chromecast extension exists?
Update: After several attempts, it looks like this may have been fixed in latest Chrome builds (per Paul Irish's comment below). That would suggest we will see this fixed in stable Chrome June-July 2016. Let's see ...
This is a known bug with the official Chromecast JavaScript library. Instead of failing silently, it dumps these error messages in all non-Chrome browsers as well as Chrome browsers where the Chromecast extension isn't present.
The Chromecast team have indicated they won't fix this bug.
If you are a developer shipping with this library, you can't do anything about it according to Chromecast team. You can only inform users to ignore the errors. (I believe Chromecast team is not entirely correct as the library could, at the least, avoid requesting the extension scipt if the browser is not Chrome. And I suspect it could be possible to suppress the error even if it is Chrome, but haven't tried anything.)
If you are a user annoyed by these console messages, you can switch to Chrome if not using it already. Within Chrome, either:
Install the Chromecast extension from here.
Configure devtools to hide the error message (see David's answer below).
Update [Nov 13, 2014]: The problem has now been acknowledged by Google. A member of the Chromecast team seems to suggest the issue will be bypassed by a change the team is currently working on.
Update 2 [Feb 17, 2015]: The team claim there's nothing they can do to remove the error logs as it's a standard Chrome network error and they are still working on a long-term fix. Public comments on the bug tracker were closed with that update.
Update 3 [Dec 4, 2015]: This has finally been fixed! In the end, Chrome team simply added some code to block out this specific error. Hopefully some combination of devtools and extensions API will be improved in the future to make it possible to fix this kind of problem without patching the browser. Chrome Canary already has the patch, so it should roll out to all users around mid-January. Additionally, the team has confirmed the issue no longer affects other browsers as the SDK was updated to only activate if it's in Chrome.
Update 4 (April 30): Nope, not yet anyway. Thankfully Google's developer relations team are more aware than certain other stakeholders how badly this has affected developer experience. More whitelist updates have recently been made to clobber these log messages. Current status at top of the post.
If you want to temporarily get rid of these console errors (like I did) you can install the extension here: https://chrome.google.com/webstore/detail/google-cast/boadgeojelhgndaghljhdicfkmllpafd/reviews?hl=en
I left a review asking for a fix. You can also do a bug report via the extension (after you install it) here. Instructions for doing so are here: https://support.google.com/chromecast/answer/3187017?hl=en
I hope Google gets on this. I need my console to show my errors, etc. Not theirs.
How about filtering these errors ?
With the regex filter bellow, we can dismiss cast_sender.js errors :
^((?!cast_sender).)*$
Do not forget to check Regex box.
Another quick solution is to "Hide network messages".
i know it is not the best solution, but the only one supposed solution that i have read for all the web is to install chrome cast extension, so, i've decide, not to put the iframe into the website, i just insert the thumnail of my video from youtube like in this post explain.
and here we have two options:
1) Target the video to the channel and play it there
2) Call the video via ajax, like explain here (i've decided for this one) in a colorbox or any another plugin.
and like this, i prevent the google cast sender error make my site slow
By default Chrome extensions do not run in Incognito mode. You have to explicitly enable the extension to run in Incognito.

Google Chromecast sender error if Chromecast extension is not installed or using incognito

I'm having an error running Chromecast sender in Chrome Incognito or if Chromecast extension is not installed:
Failed to load resource: net::ERR_ADDRESS_UNREACHABLE chrome-extension://boadgeojelhgndaghljhdicfkmllpafd/cast_sender.js
Failed to load resource: net::ERR_ADDRESS_UNREACHABLE chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm/cast_sender.js
Failed to load resource: net::ERR_ADDRESS_UNREACHABLE chrome-extension://hfaagokkkhdbgiakmmlclaapfelnkoah/cast_sender.js
Failed to load resource: net::ERR_ADDRESS_UNREACHABLE chrome-extension://fmfcbgogabcbclcofgocippekhfcmgfj/cast_sender.js
Failed to load resource: net::ERR_ADDRESS_UNREACHABLE chrome-extension://enhhojjnijigcajfphajepfemndkmdlo/cast_sender.js
No cast extension found
Google cast sender is trying to send AJAX requests for local "cast_sender.js". Should this happen or is there a better way to check if Chromecast sender extension exists (not by requesting AJAX request)?
I believe these AJAX requests are a way of asking if Chromecast extension exists. Is there a better way to check if Chromecast extension exists?
Update: After several attempts, it looks like this may have been fixed in latest Chrome builds (per Paul Irish's comment below). That would suggest we will see this fixed in stable Chrome June-July 2016. Let's see ...
This is a known bug with the official Chromecast JavaScript library. Instead of failing silently, it dumps these error messages in all non-Chrome browsers as well as Chrome browsers where the Chromecast extension isn't present.
The Chromecast team have indicated they won't fix this bug.
If you are a developer shipping with this library, you can't do anything about it according to Chromecast team. You can only inform users to ignore the errors. (I believe Chromecast team is not entirely correct as the library could, at the least, avoid requesting the extension scipt if the browser is not Chrome. And I suspect it could be possible to suppress the error even if it is Chrome, but haven't tried anything.)
If you are a user annoyed by these console messages, you can switch to Chrome if not using it already. Within Chrome, either:
Install the Chromecast extension from here.
Configure devtools to hide the error message (see David's answer below).
Update [Nov 13, 2014]: The problem has now been acknowledged by Google. A member of the Chromecast team seems to suggest the issue will be bypassed by a change the team is currently working on.
Update 2 [Feb 17, 2015]: The team claim there's nothing they can do to remove the error logs as it's a standard Chrome network error and they are still working on a long-term fix. Public comments on the bug tracker were closed with that update.
Update 3 [Dec 4, 2015]: This has finally been fixed! In the end, Chrome team simply added some code to block out this specific error. Hopefully some combination of devtools and extensions API will be improved in the future to make it possible to fix this kind of problem without patching the browser. Chrome Canary already has the patch, so it should roll out to all users around mid-January. Additionally, the team has confirmed the issue no longer affects other browsers as the SDK was updated to only activate if it's in Chrome.
Update 4 (April 30): Nope, not yet anyway. Thankfully Google's developer relations team are more aware than certain other stakeholders how badly this has affected developer experience. More whitelist updates have recently been made to clobber these log messages. Current status at top of the post.
If you want to temporarily get rid of these console errors (like I did) you can install the extension here: https://chrome.google.com/webstore/detail/google-cast/boadgeojelhgndaghljhdicfkmllpafd/reviews?hl=en
I left a review asking for a fix. You can also do a bug report via the extension (after you install it) here. Instructions for doing so are here: https://support.google.com/chromecast/answer/3187017?hl=en
I hope Google gets on this. I need my console to show my errors, etc. Not theirs.
How about filtering these errors ?
With the regex filter bellow, we can dismiss cast_sender.js errors :
^((?!cast_sender).)*$
Do not forget to check Regex box.
Another quick solution is to "Hide network messages".
i know it is not the best solution, but the only one supposed solution that i have read for all the web is to install chrome cast extension, so, i've decide, not to put the iframe into the website, i just insert the thumnail of my video from youtube like in this post explain.
and here we have two options:
1) Target the video to the channel and play it there
2) Call the video via ajax, like explain here (i've decided for this one) in a colorbox or any another plugin.
and like this, i prevent the google cast sender error make my site slow
By default Chrome extensions do not run in Incognito mode. You have to explicitly enable the extension to run in Incognito.

Categories

Resources