Console errors. Failed to load resource: net::ERR_INSECURE_RESPONSE - http

I'm getting them on my links in my head.
GET https://fr.s.us/js/jquery-ui.css net::ERR_INSECURE_RESPONSE
GET https://fr.s.us/js/jquery-1.9.1.min.js net::ERR_INSECURE_RESPONSE
GET https://fr.s.us/js/jquery-ui.js net::ERR_INSECURE_RESPONSE
Someone please enlighten me on these jquery console errors..
Failed to load resource: net::ERR_INSECURE_RESPONSE

I am assuming you're using Chrome.
If so, the root problem is a certificate mismatch / expired certificate.
You can see this for yourself in the code here.
Note in particular the use of the very constant you reference in the code on line 48 of the C++ file I sent you:
case net::ERR_INSECURE_RESPONSE:
The current version of this file is here. The error status ERR_INSECURE_RESPONSE may not any longer be on line 48 but the error code still exists in the SSL certificate portion of the code.
Note:
Make sure to use the hostname which is listed in the SSL certificate, chrome automatically switches to the right hostname if you are browsing but not when using javascript.

The supplied host is not resolving for me (custom DNS or self configured host?) so I can only hazard to guess.
But as you are requesting the resources over SSL it is likely the certificate is invalid. Either it is self-signed and has not been added to your browser/OS exceptions or it is otherwise invalid.
Try the URI directly in the same browser and inspect the certificate.
Edit: this is in no way related to jQuery, JavaScript or CSS directly.

I had this problem with chrome when I was working on a WordPress site. I added this code
$_SERVER['HTTPS'] = false;
into the theme's functions.php file - it asks you to log in again when you save the file but once it's logged in it works straight away.

This can also happen if you have Chrome update automatically. Open Check chrome://help. The status should be:
Google Chrome is up to date.
Sometimes the status is requesting for a Chrome restart. In this case I had similar issues with several resources failing to load due to net::ERR_INSECURE_RESPONSE. After restarting Chrome, everything worked normally.

When I had the problem recently it was a cross site issue where our dev server hosts our analytics software as well as the application. In the other environments the chrome console would show this error and the javascript file (tracker) on the dev server as the source. This was causing issues for QA personnel who were trying to view the analytics data for their environment (nothing was being captured because of this issue).
The solution to fix this in-house was to add the SSL certificate the DEV site was using to the Trusted People store on the QA people's machine.
If this was a problem in production I would most likely move the javascript into the actual web apps.

Try to open it in an incognito window. I hope this will help. Alternatively, you could modify application/.htaccess like so:
RewriteEngine on
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php?/$1 [L]

In my case, sometimes when i tests my MVC project by a localhost https url (E.g. https://localhost:44373/), the Chrome raise this error: net::ERR_INSECURE_RESPONSE for the website resources (such as JS files).
So i resolve it by Clear Cache. Then i refresh the page and Chrome show me a special page about insecure url and i just allow it by click on Proceed to localhost (unsafe).

Learn about CORS, try crossorigin.me is work fine
Example:
https://crossorigin.me/https://fr.s.us/js/jquery-ui.css
Not show a message error and continue page white, u need see error is try
http://cors.io/?u=https://fr.s.us/js/jquery-ui.css
enjoin us ;-)

For me the problem was the <base href="https://domain.ext/"> tag.
After removing, it was OK. Cannot really understand why it was a problem.

You are trying to get data from an https that does not have certificate. Change "https://" to "http://". Worked for me.

It was on Chrome for Android in my case.
All the static files served from a CDN with a CNAME that's SSL encrypted were not showing up. On Chrome desktop, it all showed fine.
Broken SSL cert
When I properly added the certs in ca_bundle the files displayed correctly.
Chrome for Android takes encryption seriously unlike Desktop.
I hope this saves you time and stress

If you use chrome, you can make a shortcut,right click and edit the shortcut's target, append this after target's string:
--ignore-certificate-errors
The complete string looks like this:
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --ignore-certificate-errors

Encode and make it like this: $_GET[].

Related

How to enable caching in google chrome in cypress

I have an application that loads the main.js file. Running tests on Cypress every time a "cy.Visit" loads it, if using Google. Other browsers don't have this problem, they cache this file, how do I get cypress to cache it on google?
I can't find information about this problem anywhere. It confuses me that in other browsers everything works as it should.
I want to enable caching of this file when running a test. Otherwise, every "visit" it downloads it again.
i use cypress": "^10.3.0"
You can do this by using the chrome command line switches listed here. The one you are looking for is --app-cache-force-enabled.
To use this in cypress, you have to configure it in your config file.
The examples of how to do that are available here. Your code should look something like below.
if (browser.family === 'chromium' && browser.name !== 'electron') {
launchOptions.args.push('--app-cache-force-enabled');
}
return launchOptions
Found a solution to the problem
Google's security policy implies that if there is a problem with the certificate, caching is disabled. see chromium bugs https://bugs.chromium.org/p/chromium/issues/detail?id=110649#c8 and https://github.com/cypress-io/cypress/issues/7307
The problem can be solved by adding the certificate to the trusted ones. Certificates can be found along the path cy/production/proxy/certs/

After migrating WordPress website, got a new error when trying to view some images

I've just migrated a website live, and some images are coming up with a strange error:
"Error occured while calculating source (passed through env): No image roots defined in config."
Example URL: https://piktochart.com/wp-content/uploads/2019/07/Template-09-Lead-gen-handbook.jpg
Anyone seen this before?
This is only happening on some of the images. I cannot find the cause, I've disabled/re-enabled caching.
I've downloaded the images from the server and they look fine.
I have faced this issue on my own site,I managed, as well.
You can use a plugin that manipulates images, such as WebP Express? Check your htaccess file for rewrite rules involve jpg or png files. I used the above plugin, but it was disabled and the htaccess rules were left in place; trying to redirect images to a page that it couldn’t handle.
For me it was caused by Webp Express, the plugin also gave a notice: It seems your server setup does not support headers in .htaccess. You should either fix this (install mod_headers) or deactivate the "Enable direct redirection to existing converted images?" option. Otherwise the Vary:Accept header will not be added and this can result in problems for users behind proxy servers (ie used in larger companies)
Setting the Operation mode to "No conversion" solved my issue.

Response for preflight has invalid HTTP status code 401 preflight OPTION call error

I'm working with Ionic 3 framework project and have encountered one error whenever i m trying to send my data to the server by POST method (as postAsync), this is related to the OPTION call as the error says:
Response for preflight has invalid HTTP status code 401
I don't know how to solve this error, as I have added CORS extension to my browser, still I'm facing this error issue.
Is there any solution to solve this issue from browser side like from chrome devtools as i can filter it from network by -mode:OPTIONS but at console I'm having the same error.
If this not possible, then how to solve this error ?
Code:
this.WooCommerce.postAsync('customers', customerData).then( (data) => {...}
More error messages:
polyfills.js:3 OPTIONS tusharstar.freesite.host/wc-api/v3/…... 401
(Unauthorized) (anonymous) # polyfills.js:3 ... (index):1 Failed to
load tusharstar.freesite.host/wc-api/v3/…) Response for preflight has
invalid HTTP status code 401 bluebird.js:1545 Unhandled rejection
TypeError: Failed to fetch
After googling a lot and i really mean a lot, the answer to my 1st point is yes! It is all about the web security issue/precaution which lets the developer get the error/precaution point of OPTION call with chrome browser. Simple way to solve the problem (just for development purpose) is to disable web security for browser, restart chrome with new extension of disabled web security .exe and everything will work fine. Steps for windows user:
1.Close chrome.
2.Open cmd
3.add this code:
C:/Program File/Google/Chrome/Application>chrome.exe --disable-web-security --user-data-dir="D:\chrome"
You can get through this very easy! Let's follow me right now
Create a shortcut on your desktop
Right-click on the shortcut and click Properties
Edit the Target property
Set it to "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --5. disable-web-security --user-data-dir="C:/ChromeDevSession"
In VIsual Studio Code, run ionic serve -l
You're gonna see new tab open http://localhost:8100/ionic-lab. You should be aware that this link is opened in the normal chrome tab, not the "disable-web-security" chrome we have set up.
Double click to the shortcut that we have set up to open the "disable-web-security" chrome tab. Then paste http://localhost:8100/ionic-lab into this tab.
So the reason that we get multiple errors when working with woo-commerce-api is this "web-security" by Google. Then you just disable it and you actually don't need any CORS Extensions. So remove them right now if you have installed.
And this solution i write for people who learn this course https://www.udemy.com/ionic-3-apps-for-woocommerce-build-an-ecommerce-mobile-app/. This is an ionic e-commerce app that using woo-commerce-api to set and get data from Wordpress (local or live server). If you have trouble in other language not ionic, it still works fine.
Actually i have done a lot of searchings on Google to find this solution. I hope this helps all of you. Now, i need to go to bed because tomorrow i have a final report about this ionic project with my lecturer 😃
See ya!
Quy Le
I had the same problem and I solved it by adding some lines of code in the top of .htaccess file of my WordPress root path (C:\xampp\htdocs\wordpress)
Add this code in the top of your .htaccess file :
RewriteEngine On
RewriteCond %{REQUEST_METHOD} OPTIONS
RewriteRule ^(.*)$ $l [R=200,L]

Safari keeps forcing HTTPS on localhost

When I load http://localhost:3000 in Safari, Safari automatically redirects to https://localhost:3000. How can I disable this functionality?
I went into ~/Library/Cookies/HSTS.plist and removed the localhost entry, then restarted Safari but it just re-added it to that plist file and redirected to https.
Any ideas how to fix this so that on localhost I have to explicitly say http or https?
I was able to solve this based on an answer from Ask Different.
In short, closing Safari, then running the commands below, worked.
sudo killall nsurlstoraged
rm -f ~/Library/Cookies/HSTS.plist
launchctl start /System/Library/LaunchAgents/com.apple.nsurlstoraged.plist
Restarting Safari after running that and trying to go to http://localhost:3000 solved the problem and did not redirect to to https.
Hopefully this helps someone fix this problem.
In Safari 13.0.5, deleting website data for localhost (Safari > Preferences > Privacy > Manage Website Data...) solves the problem.
This also happens if the Content Security Policy "upgrade-insecure-requests" is set. There is an open issue here: https://github.com/github/secure_headers/issues/348
You can try
deleting website data for localhost (Safari > Preferences > Privacy > Manage Website Data...)
After that close browser and try it.
If cannot you can try make different port 80 after back port 80 for localhost
After following the fix by Charlie with no luck, what worked for me was running a private window. and after a restart, everything seemed fine on both private and public tabs.
It's possible to use http://127.0.0.1:3000 instead. Or your local computer name.
For example: http://andis-mac-5.local:3000.
You can determine the local computer name from system preferences - Share - Edit:
First of all lets confirm why it is going to HTTPS.
In Developer Tools is it showing a 301 or 302 redirect?
If so it's your web server saying to go to HTTPS. Fix your web server config.
Or is it a 307 redirect which indicates HSTS?
To be perfectly honest I'm not sure if Safari shows this as a 307 (a fake internal redirect to represent HSTS), so it might just go there without showing this, but Chrome does show this.
If so, then deleting that file and restarting should solve that. However can you confirm if the HTTPS site is returning a strict-transport-security HTTP Header? If so then it will just set that next time you happen to go to HTTPS (including if your page loads and image over HTTPS). Can you remove that header? Or better yet, publish it with a max-age of 0 so it removes it from the HSTS browser cache without having to figure out which file it's in or if Safari have moved it from ~/Library/Cookies/HSTS.plist

403 Forbidden when requesting image from server

I have a static resource image on my static server (http://static.coderichard.com/) which I want to use for a Journal Skin which I'm designing on DeviantArt. But when the image is loaded, I got a 403 Forbidden error.
The image is loaded through CSS like so:
background-image: url('http://static.coderichard.com/img/intrvi-journal-skin-bg.png');
When I tried the exact same thing in JSFiddle, it worked fine. I can also load the image through the browser.
Checking error logs yielded no information and the directory the image is in has 755 permission.
Why am I getting this error and how can I fix it?
I read the following thread, having the same issue as me: http://ubuntuforums.org/showthread.php?t=2167595
The solution was to disable the hotlink protection via .htaccess, but I don't have a .htaccess file there so it makes no sense to try that.
My server is CloudFlare protected and uses Hotlink protection. What I did to fix it was add a directory called hotlink-ok and I put all my resources there which were okay to hotlink.
Try setting a referer with a commannd-line client. If it immediately 403s again, find where your "hotlink protection" is implemented.

Resources