browser-security

IE: HTTPS security is compromised by res://ieframe.dll/sslnavcancel.htm

非 Y 不嫁゛ 提交于 2019-12-04 12:15:45
问题 I'm working on an ecommerce application that has many HTTPS-only areas. This particular error only happens in IE (10 at least, haven't tried others) and it only happens on one HTTPS page in the entire application. From research, I gather this is IE's mixed-content warning. This is very confusing because IE is the only browser that has any issue with this page. All other relevant browsers don't complain about any mixed content. Can anyone shed some light on what sslnavacancel.htm is? Or, how

IE: HTTPS security is compromised by res://ieframe.dll/sslnavcancel.htm

时光毁灭记忆、已成空白 提交于 2019-12-03 07:04:54
I'm working on an ecommerce application that has many HTTPS-only areas. This particular error only happens in IE (10 at least, haven't tried others) and it only happens on one HTTPS page in the entire application. From research, I gather this is IE's mixed-content warning. This is very confusing because IE is the only browser that has any issue with this page. All other relevant browsers don't complain about any mixed content. Can anyone shed some light on what sslnavacancel.htm is? Or, how to drill down further to get an idea of what resource may be actually causing this problem? Thanks in

what happens in asynchronous loading of webapps if some script delete the previously loaded or included scripts?

荒凉一梦 提交于 2019-12-02 12:11:37
问题 the question is: what happens in asynchronous loading of webapps if some script delete the previously loaded or included scripts? Let have several scripts included: <script src="Squel.js" async="" type="text/javascript"></script> <script src="PSquel.js" async="" type="text/javascript"></script> <script src="MySquel.js" async="" type="text/javascript"></script> No matter, whether it is included by markup or dynamically via requireJS, the same order of asynchronous script includes happen.

Finding All Insecure Content on a Secure Page

非 Y 不嫁゛ 提交于 2019-11-28 17:22:30
What's the most efficient way to find a list of all non-HTTPS URLs requested by an HTTPS page? If this kind of security violation happens, every browser alerts the user, but I can't find an easy way to find what exact URLs cause the violation. The easiest way I've found so far is to use Firefox, but even then it's still not very convenient. First, I can right-click, select View Page Info, click the Media tab, and scroll through a list of URLs. However, this seems to only list image files, not CSS or JS includes that can also cause the error. For those, I have to use the Firebug extension,

Finding All Insecure Content on a Secure Page

时光毁灭记忆、已成空白 提交于 2019-11-27 10:25:02
问题 What's the most efficient way to find a list of all non-HTTPS URLs requested by an HTTPS page? If this kind of security violation happens, every browser alerts the user, but I can't find an easy way to find what exact URLs cause the violation. The easiest way I've found so far is to use Firefox, but even then it's still not very convenient. First, I can right-click, select View Page Info, click the Media tab, and scroll through a list of URLs. However, this seems to only list image files, not

How to override content security policy while including script in browser JS console?

こ雲淡風輕ζ 提交于 2019-11-27 07:12:26
I was trying to include JQuery on an existing website using console this way: var script = document.createElement('script'); script.src = 'http://code.jquery.com/jquery-1.11.1.min.js'; script.type = 'text/javascript'; document.getElementsByTagName('head')[0].appendChild(script); Then I got this error: Content Security Policy: The page's settings blocked the loading of a resource at http://code.jquery.com/jquery-1.11.1.min.js .. During development I might want to include external Javascript. I might not want to copy paste the entire JQuery code since it does not look neat. How to override the

How to override content security policy while including script in browser JS console?

ε祈祈猫儿з 提交于 2019-11-26 13:01:33
问题 I was trying to include JQuery on an existing website using console this way: var script = document.createElement(\'script\'); script.src = \'http://code.jquery.com/jquery-1.11.1.min.js\'; script.type = \'text/javascript\'; document.getElementsByTagName(\'head\')[0].appendChild(script); Then I got this error: Content Security Policy: The page\'s settings blocked the loading of a resource at http://code.jquery.com/jquery-1.11.1.min.js .. During development I might want to include external