I'm trying to switch to Firefox for development but I'm stuck at this error and I have no idea what it could be.
The problem is specifically with our Login endpoint, which sets HttpOnly cookies on successful login. In development this works on both Safari and Chrome, but trying to login on Firefox returns a NS_ERROR_DOM_BAD_URI error.
In development, web is running at http://localhost:3000, the API is on https://localhost:5001.
I assume Firefox is blocking the login because the api and the web are technically on different origins, but I don't understand why it would be doing that for localhost.
Is there a way to disable this error entirely?
Related
I have a simple Cypress test that tests login. The page it is logging into is running on port 80 as http for testing. Because of this the cookies are not set to secure. When I try running the test I get....
Cookie “token” has been rejected because a non-HTTPS cookie can’t be set as “secure”.
If I run in a regular private Firefox window this does not happen. Is there a Cypress config setting I need or something?
If I convert to secure = false cookie it works. However, the secure cookie via http doesn't block it on a regular private FF browser.
Cypress has an open issue for Firefox not recognizing localhost as a secure context.
For the time being, I recommend testing in another browser. Alternatively, you could not set the secure flag on the cookie when working locally, but a number of recent web technologies depend on secure contexts (e.g., service workers), so you could encounter the same underlying issue while testing other parts of your site.
I am facing the issue where I am unable to get the sessionID in Safari. I am unable to get the session id in my further calls in localhost as well as in https calls.
Below code I am using in my server.js. In Chrome and Firefox it is working fine. Problem is in Safari only. I am using cookie-session package of node.
Please help.
Boot.App.use(session({name: 'checkSession',keys: new Keygrip(['app-key-1'], 'SHA384', 'base64'),secure: false,httpOnly: true,domain: doc.Domain.ENV,maxAge: 31536000000}));
This is how i am creating a session
Boot.App.get('/set', function(req, res){req.session={checkSession:"user"};res.end(JSON.stringify("sessionSet"));});
But in further calls i am trying req.headers.cookie session id is coming undefined.
This has been a known issue with Safari browser. What essentially happens is that Safari disables third party cookies by default. One has to go to the browser and enable it, obivously on an enterprise application you can't ask your users to do that.
There were known workarounds for this using iframes, for eg -
Safari 3rd party cookie iframe trick no longer working?
But apple has since circumvented these too.
I am trying to test an ASP.NET Web Api locally using IIS Express. When I use Chrome and hit the url (localhost:5000/api/test, for example) the json displays fine, but when using Postman I keep getting unauthorized 401.2 when hitting the same url. The api controller has Anonymous access on the route.
On the error message, one of the likely causes is:
Integrated authentication is enabled and the request was sent through a proxy that changed the authentication headers before they reach the Web server.
Is Postman somehow changing the headers?
[2019 Update]
Got the same issue, I couldn't debug an ASP Core 2.1 API using Postman when running on the local machine using IIS Express. I kept on having "Could not get any response" despite it was working fine on a browser.
Following troubleshooting steps explained here PostmanLabs Github, I noticed into Postman console that this was coming from a certificate issue.
Disabling SSL Verification from Postman Settings > General allowed the request to pass through.
Looks like it's your proxy.
I haven't found the proxy setting in postman. So I deleted postman for Win and installed postman for Chrome. Possibly Postman gets the environment from Chrome.
Anyway the resolution is to use Postman for Chrome instead of Postman for Win.
I have a localhost WebAPI site up with IIS Express (HTTPS). Postman started to respond as expected to GETs and POSTs after I changed (in Postman)
File --> Settings --> Proxy
to: "Use the system proxy"
and turning on: "Respect HTTP_PROXY ...".
I had earlier set up a custom proxy that wasn't working with HTTPS.
Im doing a web based mobile application. uses tomcat as well. when i edit the tomcat to use https for my front end application basically all the jsp and servlets, it totally lags in mobile browser suchs as android. In iphone safari, it is worse, server connection error.
f.y.i, http works fine and fast.
Does anyone has any experience in this? does the certificate plays a part in the lagging?
Try to use online tools to make sure nothing is wrong with your certificate. example DigiCert.
Also check in your browser if there is a problem with the certificate (Chrome makes easy to check this, click on the secure icon at the left of the URL).
If all I said above is file I think the problem is from your HTTP server configuration.
Are you using port 443 and did you change default values?
I'm trying to figure out why Chrome (26.0.1410.64) and IE10 don't seem to recognize the cookie I set in my response from an ASP.NET Web API controller. Here is the situation:
I have a drop-down menu login form on my page that makes an ajax call to my Web API method (via HTTP POST) and that Web API method returns some JSON data and also sets a cookie in the response (using the HTTP headers). It works perfectly in Firefox and Safari (so, WebKit) but not in Chrome or IE. Chrome and IE appear to completely ignore the cookie that's sent back in the response. I've verified (using Fiddler) that the cookie is sent back on the response so I know it's there - I can't figure out why IE10 and Chrome don't pick it up though.
Any ideas? Does it have something to do with how Chrome and IE10 handle response cookies in ajax requests?
So I figured out the issue, although it's not something I really would like to accept as a solution. I guess I will just have to deal with it and always test the site on my local machine using Firefox.
So here's the issue:
When I run my site locally by running it from Visual Studio and IIS on my local machine, it creates a website at an address like http://localhost:1839/. For some reason, ajax cookies get ignored by IE10 and Chrome when it's "localhost" - but not when it's a real-looking host name or IP Address. So if I edit my host file and create a generic entry like localhost.com and point it at 127.0.0.1:1839 then everything works fine in IE and Chrome (and Firefox still as well).
It's when I use the localhost:1839 address that ajax cookie only works in Firefox.
So what I ended up doing was deploying my website to a different test IIS server (on another machine) that I have a test.mydomain.com entry in my local host file for - that points to the test IIS server's IP address. Now IE, Chrome and Firefox all accept the ajax cookie from this faked "test.mydomain.com" domain.
So for those of you sending cookies back on an ajax request - beware of this "localhost" issue with Chrome and IE.
The Domain on the set cookie is most likely conflicting against using localhost. If you edit your hosts file and add a alias it will make test.mydomain.com point to your local machine:
Within c:\windows\System32\drivers\etc\hosts add the following:
127.0.0.1 test.mydomain.com
Start your webserver within Visual Studio
Close all browsers, then load test.mydomain.com