We have a websocket server on port 8080 setup on a Linode box. Chrome and Opera work just fine. Firefox however complains that the operation is insecure.
"The operation is insecure: Code 18"
If I try to create a new WebSocket object in the web console before the page is loaded everything is fine. However, after the page loads something is screwy then I cannot create the object anymore. See the attached screenshot.
I have no idea what operation is insecure or even how to go about diagnosing this.
As you point out in another answer, https:// to ws:// is disallowed by default on firefox.
Going to firefox's about:config and toggling network.websocket.allowInsecureFromHTTPS will get rid of the SecurityError.
I fixed this. The app itself is under SSL but the websocket being accessed is not. Chrome and Opera don't care but Firefox does. According to:
https://bugzilla.mozilla.org/show_bug.cgi?id=303952
This is known and is not considered a bug. Mozilla's response: wontfix
Solution, put websocket server under SSL and use wss://
This is a hunch based off limited info, and I probably should put this into a comment, but I don't have enough reputation points to do that yet.
Looking at your log, it seems as if 24 seconds are passing from the receipt of [object Websocket] (time 17:46:36.683) until you get The connection to ws://.....(time 17:47:00:952) error message.The long delay leads me to believe that the server could be timing out and closing the websocket connection. Look at this answer for a potential solution.
Had the same problem and attempted to fix by changing network.websocket.allowInsecureFromHTTPS in about:config which did not work.
Ended up finding this post => Unhandled Rejection (SecurityError): The operation is insecure. On a fresh create-react-app project
Changing this in index.js ended up working for me
serviceWorker.register();
//serviceWorker.unregister();
Open "about:config" url in firefox. Search for allowInsecureFromHTTPS and set it to true
Beside secure ssl context and cross-origin policies, assigning some port can trigger the error as well.
What are valid http ports for Firefox? I don't know precisely, but have to be between 1500 and 64000, or the console will display:
SecurityError: The operation is insecure.
And http links will say:
This address is restricted
This address uses a network port which is normally used for purposes other than Web browsing.
Firefox has canceled the request for your protection.
Related
I am running a WordPress on an Azure Web app connecting to a MySQL server on a different Windows server. When loading the mentioned page in Chrome, it shows 2 popups 403 & Forbidden. Checking the console throws this error - ecbcc.js:2 POST /wp-admin/admin-ajax.php 403 (Forbidden)
This works fine on FireFox & IE but not on Chrome. Any ideas why?
This is because of your cache. Minified version of JS is causing the issue in chrome browser. Check or purge the cache and check for the permissions applied to cached files as well.
I faced the same issue but it took a long time for me to fix it. Because my solution was not caused by common things like cache, .htaccess, files permissions, etc. I apply all the possible solutions as described here. When nothing worked for me, then I talked with my hosting provider and the issue was on their side. Actually, the server has black-listed my IP.
Below is the reply from the support of my hosting provider:
After checking it, it looks like the issue is caused by trigger
ModSecurity rules.
ModSecurity is an Apache module that works as a web application
firewall. It blocks known exploits and provides protection from a
range of attacks against web applications. However, sometimes,
mod_security may incorrectly determine that a certain request is
malicious, while it is actually legitimate. In such a situation, we
can whitelist the triggered mod_security rule on the server, so that
you can bypass the block.
In order to properly investigate, we need you to share your IP address
with us. You can copy it from here: https://ip.web-hosting.com/
Looking forward to your response.
This error can appear for more than one reason. Except for the accepted answer, if you are using a shared hosting solution as a server then it would be best to contact the support of the service. Also if you use Plesk or Cpanel you can check the server logs to see if there is any false positive rule that from mod_security that catches the error. Then you can find the error that could look something like that:
ModSecurity: Warning. Match of "test file" against "REQUEST_FILENAME" required. [file "/etc/httpd/conf/modsecurity.d/rules/custom/006_i360_4_custom.conf"] [line "264"] [id "77140992"]
You can apply the ID on your firewall exclusion list (if this is provided by your hosting service) and then the server will not block the request anymore.
IMPORTANT: If you are not sure what you are doing, ask your hosting provider for support. Experimenting on live servers/sites is not the best option and I would strongly recommend avoiding it.
Google chrome is not able to open page "http://www.google.com/" instead able to open "https://www.google.co.in/" page.It returns "This site can’t be reached" page in response.
Every URL that contains "google.com" in it fails to open each time.
Please provide the solution.
you can try:
https://www.google.com/ncr
"ncr" means NoCountryRedirect.
Try to reset your chrome settings, Thanks.
reset settings chrome
I think it is happening due to some DNS server error. I also faced this issue, sometimes just disabling and re-enabling network adapter does the job and sometimes just changing DNS server to static solve the issue.(I entered 8.8.8.8 and 8.4.4.4 as DNS server)Here you can check the DNS server details
i've got a little problème im not even abble to clearly formulate.
And this didnt helped me finding an answer on the internet.
So I rely on you people if somehow you have allready encouter this problem or either simply had an idea of where this could came from.
Here is my problem : When I try to connect on my personal website the navigator (Chrome or Firefox, haven't test with others) told me the certificate of security is invalid and is only valid for ssl1.ovh.net (ovh is my web hosting-provider).
The error code is : ssl_error_bad_cert_domain.
Well if any of you has an idea of where this could came from ?
Here is my website if some wants to have a look : maelmayon.fr
Thank you for reading it, I hope someone could help me.
Even though this is not a solution to the underlying problem, this is a nice workaround.
Either add a security exception in your browser, or explicitly link via http://. The security violation report should only show when trying to connect via https://.
I think you'd have to contact your provider for a shared SSL certificate to enable connection via https
Firefox gives me connection untrusted for SSL https, and why is that, Chrome shows https in green so, chrome OK, firefox not, why ?
when i install ff 16.0.2, i seem to have same prob with you(untrusted connection especially firefox addon)..For me, it basically cause by my nod32 antivirus, i try go to setting>protocol filtering>ssl>certificates>untick "add the root certificate to known browser''(make sure ff really close)..then tick it again and click OK..done
Please check this:
https://developer.mozilla.org/En/Displaying_web_content_in_an_extension_without_security_issues
I thing you can bypass the warning:
You can tell Firefox to bypass these certificate warnings. You should only bypass the warning if you're sure that the site is legitimate. Legitimate public sites will not ask you to do this. An invalid certificate can be an indication of a web page that will defraud you or steal your identity.
1.On the warning page, click Or you can add an exception....
2.Click Add Exception.... The Add Security Exception dialog will appear.
3.Click Get Certificate.
4.Read the text describing the problems with this site.
5.Click Confirm Security Exception if you want to trust the site.
http://support.mozilla.com/en-US/kb/Secure%20Connection%20Failed
http://support.mozilla.com/en-US/kb/Firefox%20cannot%20connect%20securely%20because%20the%20site%20uses%20an%20older%20insecure%20version%20of%20the%20SSL%20protocol
If any of these TS won't work, then try to update to FF V7. Don't forget to file a bug in bugzilla with all the necessary information.
However if you wish to access sites without accepting the certificate each time, use the add-on skip-cert-error "https://addons.mozilla.org/en-US/firefox/addon/skip-cert-error"
I had this weird issue "Your connection is not secure" whereas Chrome works like a charm.
Actually, it is because i let the corporate pac script to manage the proxy setup ticking the option "use system proxy settings". Actually, Firefox don't like it !
When i switch back to the manual proxy settings, all get back to work.
Of course, you need to known proxy params.
Go & surf ...
Change your Date to current date :D
I had same issue
For purposes of learning I have created an application which returns a computed output with HTTP protocol. To test that i'm calling in a web browser (IE, FF, Chrome) host with a port:
127.0.0.1:8764. This works on all of the web browsers that were listed earlier. Now i wanted to change the protocol handler to make my application more complex. So I have added a .reg with information about my 'unique' protocol called ProtocolDemoTest. Now when I want to run my application with following URL: ProtocolDemoTest:// I'm getting positive results only on IE and FF, but it seems to somehow fail on Chrome. I have searched a little and only found this http://www.google.fi/support/forum/p/Chrome/thread?tid=4e79db1b44daa2e6&hl=en which I find not exactly as i imagined. I want it to work on IE, FF, Chrome with only adding some data into the registry. Can you help me find an actual way to do this in ALL web browsers?
Support for registerProtocolHandler has now landed in Chrome 13 - http://crbug.com/73710 for more information.
The API you're looking for is this one: https://developer.mozilla.org/en/DOM/window.navigator.registerProtocolHandler
Though available in Chrome, the call doesn't do anything. This issue tracked here: http://crbug.com/44984
Implementation is underway. See this bug: http://crbug.com/73710