SecurityError: The operation is insecure - window.history.pushState()

Question

I\'m getting this error in Firefox\'s Console: SecurityError: The operation is insecure and the guilty is HTML5 feature: window.history.pushState()

Answer 1

In my case I was missing 'www.' from the url I was pushing. It must be exact match, if you're working on www.test.com, you must push to www.test.com and not test.com

Answer 2

replace serviceWorker.unregister() to serviceWorker.register() in index.js file

Answer 3

Make sure you are following the Same Origin Policy. This means same domain, same subdomain, same protocol (http vs https) and same port.

How does pushState protect against potential content forgeries?

EDIT: As @robertc aptly pointed out in his comment, some browsers actually implement slightly different security policies when the origin is file:///. Not to mention you can encounter problems when testing locally with file:/// when the page expects it is running from a different origin (and so your pushState assumes production origin scenarios, not localhost scenarios)

Answer 4

When creating a PWA, a service worker used on an non https server also generates this error.

Answer 5

I had the same problem when called another javascript file from a file without putting javascript "physical" address. I solved it by calling it same way from the html, example: "JS / archivo.js" instead of "archivo.js"

Answer 6

I solved it by switching tohttp protocol from the file protocol.

• you can use "live-server" extension in VS code,
• or, on node, use live-server [dirPath]