I'm creating an ASP.NET application which uses Facebook Connect and fbml tags. It also uses the LinkedIn widget. When I run this app in any browser, there are no warnings and everything works. However, in IE, a message like this comes up:
Security Warning:
The current webpage is trying to open a site in your Trusted sites list. Do you want to allow this?
Current site:http://www.facebook.com
Trusted site:http://localhost
(same for LinkedIn.com). I know how to fix this from a client perspective and to stop the security warning showing up. However, is it possible to ensure this message doesn't come up as it could be off putting for users who don't know how to suppress this warning? I haven't tried uploading it to my webhost, so not sure if this message will appear for everyone in production. However, I always get it on my local machine.
(None of my pages use SSL, so I don't think that's the issue. I tried using FB's HTTPS urls but that didn't make a difference).
Thanks
I have come across the IE message many times. Whilst this might not be the case here I always check in Firebug to see if any requests are going to Https (using Net tab). If may be the case that something you are referencing is itself making a call to something else.
Often you get that message if you are serving an https page and then going to fetch an image over http.
Might not help but is the first thing I do in this situation.
Related
I shared a link with someone to a firebase site that I was hosting, and it worked for some time, but then all of a sudden they said they were getting the message:
We're sorry... ... but your computer or network may be sending
automated queries. To protect our users, we can't process your request
right now. See Google Help for more information.
I was also getting it, and started checking my other firebase hosted sites and started getting the message on all of them. I didn't understand. I couldn't find a common link to understand why it was happening. So many sites linked it to a reCAPTCHA problem, but my sites don't use reCAPTCHA...
I found this link:
GitHub forum Link
The user recommended making sure the url started with "https". As soon as I typed my url with "https://" at the start, everything came up. At that point, I tried all the other URLs, and they worked too. This may be a rule for all Google-related sites.
I'm not sure if it's relevant that Chrome often trims the url in the "omnibox" or address bar, hiding the protocol, making it easy to miss when copying/pasting? E.g. :
Note, I tried accessing these pages without https (by typing "http://") but my browser now seemed to correct it and force it to be "https://", so I couldn't replicate the problem again.
I don't know exactly why it started, but I know that I wish I found this information sooner, because it was very frustrating, and the info out there wasn't helpful, except for the link I posted above. So hopefully, when someone like me searches for "firebase" and the error text "your computer or network may be sending automated queries", they might see this and possibly be saved a headache.
I wish I had a more generic way of asking this question but I really can't figure out what could be going on.
Using dev-channel Chrome 26 (and IE 10) I'm hitting a simple html site in my public dropbox here
In my browser Handlebars.js (from cdnjs.com) never loads and I get an error. Heck, according to the Network tab it never even tries to load it. Yet click through the source and the script file - it is definitely a live link. Why handlebars? Additionally, running the same exact site with a local server loads just fine.
I'm at a loss here what could possibly have this effect. You'd think the issue would be running the server in dropbox but it seems to be the actual browser misbehaving. And why on earth does it not make any request at all?
My repo by the way is on github on the preformance-tuning branch
It looks like Chrome is throwing an insecure content warning on your scripts. Most likely because you are trying to access content hosted over HTTP while your site is being served from dropbox using ssl. Most likely a Chrome security setting silently block scripts it considers "insecure"
I have an odd situation with a DEV site at work. Last week, our sys admin was experimenting with moving our DEV servers but didn't get chance to finish the job so rolled back his changes.
When I type in this URL http://mylocalsharepointsite/anypage.aspx then I get the page easily. However, when I change the protocol to https I first get a message warning me about the certificate, then when I click ignore warning I get a 404 error.
I know the site and pages are there because I go to IIS and can see the site, the directory it is mapped to and the SSL certificate, which since it's DEV we generated ourselves.
I suppose my question should be this, what are the things I should look at first, is there anything obvious I've overlooked.
The problem here was with IIS and the certificates. I re-generated the certificates, even though there didn't seem to be anything wrong with them.
This page helped me a lot, especially the two tools: SelfSSL and SSLDiag.
http://www.iis-aid.com/articles/how_to_guides/creating_self_signed_certificates_iis
https://www.facebook.com/apps/application.php?id=212108875466071
As far as I can tell, we are doing everything right, and FB's new new mini-feed App browser seems to be injecting ONE or TWO insecure resources from time to time.... NOT all the time.
How can I be positive it's FB's fault, so I can file a bug? We are only showing broken https with the new iframe.... and most of what is being is supplied by that setup IS secure, but they have stupid little things like an insecure 'credits' ikon, which breaks the whole damn thing.
If it's our fault, I need to fix it. If it's FB's, I need to stop wasting so much time debugging their platform for them.
Look at chrome's javascript console, it show warnings when an insecure resource is loaded on a secure page.
See the warning before the syntax error.
See also http://googleonlinesecurity.blogspot.com/2011/06/trying-to-end-mixed-scripting.html (where this image come from).
I have a web application that runs perfectly fine when I use the Visual Studio 2010 development server (Cassini). However when I try to use IIS Express to host the site Chrome just displays a "Bad Request - Request Too Long" error. The IIS Express site does display in other browsers (FireFox and IE9) so I'm kind of confused. The error occurs in Chrome when I try request pages in my application or even basic resources like an image, so I don't think it is an issue with URL rewriting or routing.
Just to see if the problem was somehow a result of my site's code, I created a new MVC3 website and tried running that. This worked in the VS development server, but once again produced the "Bad Request" error when running under IIS Express.
I am about to start testing the site using some mobile devices so I need to get this running under IIS. Any suggestions would be greatly appreciated.
EDIT:
The root url of the site (http://localhost:50650/) is being requested using GET. I am currently using Chrome v12.0.742.112.
I get this all the time ONLY in Chrome and I have to clear browsing data to fix it.
Wrench > Tools > Clear Browsing Data
Check the following:
Clear browsing history
Clear download history
Empty the cache
Delete cookies and other site data
Then click "Clear Browsing Data" button and refresh your page.
UPDATE:
I figured out that it has to do with writing too many cookies to the browser and that if you just close all instances of Chrome, the error goes away for a while. To prevent it, you'll need to clear out your cookies programmatically.
Instead of clearing all the cookies, just do the following:
Right click the lock in the address bar area (see picture below)
Under cookies there is a link saying how many cookies are used
Click that link
Remove all cookies in there (or just the troublesome if you can identify them)
Problem gone
This error is caused by a corrupt cookie for the website you are trying to view, so to clear it all you need to do is clear the bad cookie(s) for that website.
In Chrome, go to...
chrome://settings/cookies
(Or manually go to Settings->Advanced Settings->Privacy->Content->All Cookies and Site data)
From there, you can search for cookies that match the site you are having problems on. Finally, click "remove all" for the matching cookies.
The problem is usually that the site in question has accumulated too many cookies or created cookies which are too large, making the HTTP headers swell beyond the allowed maximum.
One-time work-around
As has been mentioned, you can go to Settings|Advanced|Content Settings|All Cookies and Site Data, search for the site in question, and delete the cookies using the X button on the right. This reduces the header size of the HTTP request when contacting the site.
Long-term work-around
In addition to removing them one-time, however, you can prevent further problems with heavy cookie sites by going to Settings|Advanced|Content Settings|Manage Exceptions, and add the base site url (e.g. "msdn.microsoft.*" without the quotes) and select Behavior as "Clear on Exit". You might have to login more often to these sites, but this should prevent the problem.
I encountered this problem when using ADB2C login from ASP.NET WebApp. In Firefox you can do similar use case to delete related coockies and problem is gone for a while. Click on HTTPS (i) lock icon with, select ">" button on the right, select More information, select Security tab, click on View Cookies and click on Remove All. Done 4 a while.
If Above methods didn't work then enter
chrome://settings/resetProfileSettings
and Click on Reset Settings
This will reset your startup page, new tab page, search engine, and pinned tabs. It will also disable all extensions and clear temporary data like cookies. Your bookmarks, history and saved passwords will not be cleared.