@dogi4
Нуб

Как пофиксить Error parsing header X-XSS-Protection?

hdWkpbPTpmE:1 Error parsing header X-XSS-Protection: 1; mode=block; report=https://www.google.com/appserve/security-bugs/log/youtube: insecure reporting URL for secure page at character position 22. The default protections will be applied.


появилась ошибка в консоли разработчика chrome
  • Вопрос задан
  • 4897 просмотров
Пригласить эксперта
Ответы на вопрос 2
@nurasyl
Fullstack разработчик
подробнее тут.
Ответ написан
Комментировать
LifeAct
@LifeAct
Создаем и раскручиваем, не ставим на конвейер
It's a known bug in the current Google Chrome and Chromium:
https://bugs.chromium.org/p/chromium/issues/detail...

In the current version of their browser, the Chrome developers had restricted the X-XSS-Protection's report field URL to the same domain origin for some security reasons. So, when you embed a video with some embed code, as it downloads from another server where the header "report=https://www.google.com/" is set, and while your page is not hosted at the google.com domain - the error message occurs.

Yet, all minor sites (including youtube.com) are sending report URL with different origin domains in it. Probably, they are not even aware of this recent change in Chrome. So either YouTube will change their headers or Chrome developers will revert this. There's nothing that we, as end users, can do. Just wait till they sort this out.

The issue has been fixed in Google Chrome new update.

Version 66.0.3359.117 (Official Build) (64-bit)

Make sure you have updated Chrome to this version.

Источник - https://stackoverflow.com/questions/48714879/error...
Ответ написан
Комментировать
Ваш ответ на вопрос

Войдите, чтобы написать ответ

Похожие вопросы