Allow Google Chrome to do cross-site requests - http

For developing purposes, is there a flag for Google Chrome that will allow for cross-site HTTP requests?

I don't know of A way to allow cross site requests, but if you are trying to pull in data from on particular site (ie. the live version of the site you are developing for) you can edit you /etc/hosts file to have test.whateveryourdomainis.com point to localhost, this way you can also have domain specific links in your code that more closely match what they will be on the live site.
By doing this your local files will appear to be hosted remotely, and any cross domain issues will be ignored

Under OSX start Canary/Chrome app with the flag --disable-web-security.
Be careful with this option though.
/Applications/Google\ Chrome\ Canary.app/Contents/MacOS/Google\ Chrome\ Canary --disable-web-security

Related

Qlikview authentication request blocked because it's a cross-origin request

I've developed an website in Asp.net using VB. One of the requirements was for a qlikview to be displayed.
It's under a type of report hub, where I've got a list on the side of the page where the user can select a report and the rest of the page is an iframe. When the user selects a report, a javascript function is fired which sets the address of one of the reports into the iframe. The reports are all on their own page so I'm basically calling the page from the same domain and showing it in the iframe, no issue here. The problem comes when I've got to display the Qlikview which is hosted on another server.
This throws an error in the inspector but it still displays fine, it works like this on Chrome, Edge, Explorer and Firefox.
The issue comes with Safari, it blocks the authentication request because it is a cross-origin request.
I've tried the answer from this question. I've tried changing the domain name as listed here.
I've tried allowing cross origin access as listed here, but it didn't help.
I'm still very new to this, so i apologize if this is a simple solution.
Take a look here - Maybe this can help you
Using cors with all modern browsers
If it is working ok on Chrome and Firefox it is set ok on server. Qlikview officially support IE and Chrome. Safari have some issue with headers.
If you host your add-on (what is in iframe for Qlikview) on S3 for example for Safari you need to allow origin header, probably on different hostings something similar:
<AllowedHeader>origin</AllowedHeader>
Workaround is also that on Qlikview server it can use IIS for displaying Qlikview access point. If you want you can just go to IIS settings on Qlikview server and just set folder where you deploy your add-on pages so this way it can be configured that both will be served from the same domain (your add-on and qlikview access point). There is also Qlikview server configuration without IIS with Qlikview Web Server which will not allow to deploy another site.

firefox - how to clear http / https cache?

I've recently completely switched to Firefox Developer Edition but I have a problem I've not been able to handle yet on FF.
I'm a web developer so it happened to me to have several subdomains which corresponds to a test env of a live website.
exemple : http://local.example.com is my local for https://www.example.com
As it's a common problem to have modules licensed for a domain and its subdomains, I have to process this way to have a correct development environment (with the same modules than the live env).
My problem is the following : if I go to https://www.example.com Firefox will remember that it accessed it in https and will force my local to https://local.example.com instead of http://local.example.com (and of course the https on my local is not configured)
Cleaning the browser cache does not help (it solved the problem on chrome).
Changing the ttl of the dns to 0 in Firefox config did not help.
Restarting the browser does not help neither.
In the developer panel settings, i checked "disable http cache when dev tools is open", it did not worked.
At the moment, I have to work on my local in a private window, which is not very practical.
Does anybody knows how I can flush this cache in Firefox ?
Even better : is there a way to disable this cache ? As I'm using the developer edition, that would be awesome to be able to disable it at least on this version.
Thanks!
Since the root domain seems to affect the other domains, it may seem you are using HSTS to make sure all requests are https.
You have 3 solutions to fix this:
Exclude subdomains on the main HTST header
The simplest solution for you and all other developers working on your site may be removing the includeSubDomains on the HTST header on your main domain. (But beware that this decreases security if you actually use other subdomains)
Use a private window
HTST domains are not shared by to a private window for privacy reasons
Get an free SSL certificate for local.example.com
Temporary redirect the global local.example.com domain to your computer, and use letsencrypt to get a certificate for your pc

SSO working functionality in browser

i have some doubts on the SSO functionalities in different browsers,
-> if i enter my SSO application URL in IE browser it is automatically taking my windows credentials and it is allowing me to access the applications without re-authenticating.
-> same URL i have tried in Mozilla and Google Chrome browsers but it is asking for credentials. its weird for me by not taking the windows credentials.
could you please help me with this, do i have to change any settings in mozilla and chrome browsers to access the SSO application without asking credentials.
Note: It is from both the internal network and outside network.
Thanks,
Gowthaman. p
Ping Identity has two URLs that explain the settings required...
IE/Firefox:
https://documentation.pingidentity.com/display/PFIWA31/Step+Five+--+Configure+User+Browsers
Chrome:
https://ping.force.com/Support/PingIdentityArticle?id=kA3400000008RWWCA2
Though, generally, if IE is working, then so will Chrome (on Windows), since it uses the same configuration. If you have the PingFed Server in your "Trusted" sites, remove it.

How to switch off Akamai caching for dynamic html files?

I run wordpress site and am using Akamai for caching. I have a link on every page so the user can switch between desktop and mobile site at any point. This link once clicked stores cookie which is passed to server with every request and so server knows if needs to return mobile site or desktop version.
Now when I access via "origin" it all works fine as it skips Akamai caching. However when accessing site as normal, so with Akamai caching, the link doesn't do anything. I'm assuming its because as far as Akamai is concerned its exactly the same url request and as Akamai has already its cached version it returns the same page ignoring the cookie all together.
Is there any way to tell akamai directly from my php files in wordpress not to cache html and do it only for images,css etc?
Or maybe is there a setting in Akamai itself where this can be specified?
If not then what other options would I have to get this working?
Yes there are a number of ways to do this. The easiest way would be to do a no cache on specific file extensions such as .html
You can tweak the files to be or not to be cached in AKAMAI through "Configuration Attributes and Digital Properties" screen.
On "Time To Live Rules", you can define path and their caching policy.
Apart from that if you want to validate if a particular web resource id rendered from AKAMAI or not, you can use Fiddler and a particular PRAGMA header.
Refer link Validate if web resource is served from AKAMAI (CDN)?? for more details.

Website on IIS different than on Apache

I developed a website and published it on a LAN computer running IIS 6.0 all through my testing phase to make sure it looked correct and worked with all browsers. I heavily used CSS for my layout, a small amount of javascript and ASP only for Server Side Includes. The layout was tested in Chrome, Firefox, Opera, IE8 and Safari. All working as intended.
When I went to upload my completed website onto my domains host, the website came out looking completely different as well as the css drop-down menu not working. The following URL shows the differences (sorry both screen caps are combined because of link limit on SO):
Pic
After investigating a little bit, I discovered that hosting site runs Apache as their server. I also ran the ASP command Request.ServerVariables("SERVER_PROTOCOL") on both hosts and discovered that my IIS testing host returned SERVER_PROTOCOL: HTTP/1.1 while the Apache host returns SERVER_PROTOCOL: HTTP/1.0
I am somewhat stuck on where to go from here. Is this difference in server protocols causing my css to be interpreted incorrectly on the Apache server? Can I do anything about it considering my domain hosted server is out of my control? Am I completely off track and should look elsewhere?
CSS is interpreted by the browser, not the web server. The problem probably has to do with the way your hosting provider supports ASP sites (if it supports that at all).
This smells like wrong file references.
Are you sure the live server is not just getting a fatal error and aborting the execution of the page?
Have you checked your error log in your host control panel?
there could be some \ (backslash) instead of / (slash) in some path definition. IIS interprets backslash or slash in the same way (Apache doesn't).

Resources