Highest Voted 'browser-security' Questions

84

votes

3 answers

How to override content security policy while including script in browser JS console?

I was trying to include JQuery on an existing website using console this way: var script = document.createElement('script'); script.src = 'http://code.jquery.com/jquery-1.11.1.min.js'; script.type =…

asked Dec 05 '14 at 19:52

Pranjal Mittal

10,772
18
74
99

67

votes

11 answers

Finding All Insecure Content on a Secure Page

What's the most efficient way to find a list of all non-HTTPS URLs requested by an HTTPS page? If this kind of security violation happens, every browser alerts the user, but I can't find an easy way to find what exact URLs cause the violation. The…

browser security browser-security

asked Jan 18 '11 at 20:09

Cerin

60,957
96
316
522

20

votes

2 answers

How does browser generate symmetric key during SSL handshake

I have a small confusion on SSL handshake between browser and server in a typical https web scenario: What I have understood so far is that in the process of SSL handshake, client (browser in this case) encrypts a randomly selected symmetric key…

ssl random browser-security

asked Oct 14 '10 at 17:57

sanjeev

581
4
7

11

votes

1 answer

Does Content Security Policy's connect-src directive allow you to make cross domain requests?

Does specifying a connect-src directive in your content security policy relax the browser's same origin policy and allow you to make cross origin XHR requests? Or is this directive only used to limit already legal XHR (i.e. same origin calls or…

security browser-security content-security-policy

asked Oct 16 '12 at 22:57

Noah Freitas

17,240
10
50
67

9

votes

2 answers

Is there any way to get value of an auto-filled password box in JavaScript?

var inputs = document.getElementsByTagName('input'); for (var i = 0; i < inputs.length; i++) { inputs[i].onfocus = foo; } function foo(){ alert(this.value); } When the input values are manually entered: Above code works and alerts the…

javascript jquery browser-security

asked Feb 19 '16 at 07:37

Akhil Dixit

125
1
2
8

9

votes

1 answer

IE: HTTPS security is compromised by res://ieframe.dll/sslnavcancel.htm

I'm working on an ecommerce application that has many HTTPS-only areas. This particular error only happens in IE (10 at least, haven't tried others) and it only happens on one HTTPS page in the entire application. From research, I gather this is…

internet-explorer https browser-security

asked Jun 12 '14 at 22:25

Patrick

730
1
5
10

7

votes

1 answer

How to remove 'Authorization: Basic username:password' header from browser

I've been trying to make use of the native login prompt that is available in browsers: and have been following Steven Sanderson's blog post. As mentioned in the blog, once a user enters their login details once the browser then sends the header…

javascript http browser security browser-security

asked Oct 16 '11 at 19:02

Mr. Flibble

26,564
23
69
100

7

votes

1 answer

Do Web Workers Increase (or Decrease) Security?

Do web workers alleviate or intensify any of JavaScript's and the Browser Environment's known security issues?

javascript security web-worker browser-security

asked Oct 09 '12 at 01:31

Noah Freitas

17,240
10
50
67

6

votes

0 answers

In IE, getting error as `no such interface supported` - line - window.open

I am using IE 11 on windows server 2008 R2 edition. One of tableau URL i open on IE 11 and then there is a link "Export data". When click at "Export data", then it gives me javascript error as no such interface supported. when debug the error then…

javascript internet-explorer internet-explorer-11 window.open browser-security

asked Apr 18 '14 at 07:38

dsi

3,199
12
59
102

4

votes

1 answer

How can you avoid cross-origin policy error when trying to access localhost?

I want to have a static website uploaded on an external server that will try to get JSON data from localhost:3000 (a server program will already be running on the user's computer). I'm trying to do this with jQuery like…

jquery browser-security

asked Dec 11 '11 at 21:28

user1092719

483
1
5
17

4

votes

0 answers

Security Concern with Cross/Multi Domain Authentication

We have a multi-domain platform that uses a central domain for authentication and api operations. API & Authentication + Account Management https://example.com Read Only + Widget…

javascript authentication cross-domain browser-security

asked Mar 19 '13 at 16:34

Jonathan Vanasco

15,111
10
48
72

3

votes

2 answers

Firefox clears all inline style attributes when send header 'Content-Security-Policy'

Why does adding the following header cause Firefox only to empty all style="" attributes when rendered in the browser? context.HttpContext.Response.Headers.Add("Content-Security-Policy", "style-src-attr 'unsafe-inline'; script-src-elem 'self'…

asp.net firefox browser-security

asked Nov 25 '19 at 14:19

HelloWorld

4,671
12
46
78

3

votes

2 answers

CORS Origin set incorrectly?

I have a JavaScript application let's say that it is deployed on portal.example.com. That includes a

Questions tagged [browser-security]