browser-security | 易学教程

Browser blocking Mathjax on app engine static page

阅读更多关于 Browser blocking Mathjax on app engine static page

问题 I am trying to serve a static page containing Tex-style Math that is to be rendered by Mathjax. The pages are being served by a Flask app on Google app engine. Problem is - Chrome, Opera and Edge - all browsers are blocking Mathjax from rendering the Math, but it works properly if I manually unblock it from on top of the browser every time the page loads. The site works perfectly offline, but the problem occurs when the page is accessed through the app engine app. Any way to prevent the

Debugging “unsafe javascript attempt to access frame with URL … ”

阅读更多关于 Debugging “unsafe javascript attempt to access frame with URL … ”

问题 So, the error message is the security restriction to access a parent frame or window from within an (i)frame from a different domain. (Unsafe javascript attempt to access frame with URL xxx from frame with URL yyy. Domains, protocols, and ports must match). However, there is no line shown in webkit or chrome from where this error is generated. So how do I get a list of the lines that infringe upon this? I know I can just search, but does this apply to cookies as well (document.cookie, etc) ?

Debugging “unsafe javascript attempt to access frame with URL … ”

阅读更多关于 Debugging “unsafe javascript attempt to access frame with URL … ”

How does browser generate symmetric key during SSL handshake

阅读更多关于 How does browser generate symmetric key during SSL handshake

问题 I have a small confusion on SSL handshake between browser and server in a typical https web scenario: What I have understood so far is that in the process of SSL handshake, client (browser in this case) encrypts a randomly selected symmetric key with the public key (certificate received from server). This is sent back to the server, server decrypts it (symmetric key) with the private key. This symmetric key is now used during rest of the session to encrypt/decrypt the messages at both the

Where do browsers save/store auto fill data

阅读更多关于 Where do browsers save/store auto fill data

问题 where do browsers store passwords and username when we opt for remember password. Is it always cookies or some other encrypted file.Also where is the data filled by auto complete functionality of browsers come from. It doesn't seem to come from cookies as same auto-complete info sometimes appears in fields of websites other than those it was previously filled in. Is it possible to retrieve data from browser itself(sensitive as well as the general one)? 回答1: Password that are autocompleted by

How can you avoid cross-origin policy error when trying to access localhost?

阅读更多关于 How can you avoid cross-origin policy error when trying to access localhost?

问题 I want to have a static website uploaded on an external server that will try to get JSON data from localhost:3000 (a server program will already be running on the user's computer). I'm trying to do this with jQuery like this: $.getJSON("http://localhost:3000/page", function(data){ // process data... }); Why am I getting cross-origin policy errors and how can I stop them? I thought accessing JSON data was supposed to negate those cross-site errors? UPDATE 1 I have just tried the JSONP with

Does Content Security Policy's connect-src directive allow you to make cross domain requests?

阅读更多关于 Does Content Security Policy's connect-src directive allow you to make cross domain requests?

问题 Does specifying a connect-src directive in your content security policy relax the browser's same origin policy and allow you to make cross origin XHR requests? Or is this directive only used to limit already legal XHR (i.e. same origin calls or calls enabled by CORS)? 回答1: The connect-src directive does not relax the same-origin policy; it simply specifies a list of source to which you can connect, assuming that the browser will already allow you to connect to them (via CORS, for instance).

AngularJS - Calling Flickr API fails with warning message

阅读更多关于 AngularJS - Calling Flickr API fails with warning message

问题 I have a simple AngularJS app that allows one to search for Flickr photos. The problem is in IE I get the the following message when I call the Flickr API: This page is accessing information that is not under its control. This poses a security risk. Do you want to continue? If I click Yes, the app works and loads the relevant photos. However, in Chrome and Firefox I do not get any message and nothing happens - no photos are loaded. Here is the code: function PhotoController($scope, photoData)

AngularJS - Calling Flickr API fails with warning message

阅读更多关于 AngularJS - Calling Flickr API fails with warning message

I have a simple AngularJS app that allows one to search for Flickr photos. The problem is in IE I get the the following message when I call the Flickr API: This page is accessing information that is not under its control. This poses a security risk. Do you want to continue? If I click Yes, the app works and loads the relevant photos. However, in Chrome and Firefox I do not get any message and nothing happens - no photos are loaded. Here is the code: function PhotoController($scope, photoData) { $scope.thumbSize = 'small'; $scope.setThumbSize = function (size) { $scope.thumbSize = size; };

In IE, getting error as `no such interface supported` - line - window.open

阅读更多关于 In IE, getting error as `no such interface supported` - line - window.open

I am using IE 11 on windows server 2008 R2 edition. One of tableau URL i open on IE 11 and then there is a link "Export data". When click at "Export data", then it gives me javascript error as no such interface supported . when debug the error then it shows line windows.open(...) script in .js file. I have not created tableau page, i don't have any control over there. This is working fine in all other machines, tested in IE 8, IE 11 at other machine. Please suggst, how i could resolve this error, what is the configuraiton missing in IE to enable - Window.open Thanks 来源： https://stackoverflow