Javascript 解析标题 X-XSS-Protection 时出错 - Google Chrome
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/48714879/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Error parsing header X-XSS-Protection - Google Chrome
提问by Cannon Moyer
I upgraded Google Chrome to Version 64.0.3282.140 (Official Build) (64-bit)on a Windows 10 machine. Once I did, I am getting this error on my site within the developer tools console. Not real sure where to start. I did see a similar issue last year that was an issue with youtube (also in the url), but I haven't seen any solutions.
我将 Google Chrome 升级到Version 64.0.3282.140 (Official Build) (64-bit)了 Windows 10 机器上。完成后,我在开发人员工具控制台中的站点上收到此错误。不确定从哪里开始。去年我确实看到了一个类似的问题,这是 youtube 的问题(也在 url 中),但我还没有看到任何解决方案。
Error parsing header X-XSS-Protection: 1; mode=block;
report=https://www.google.com/appserve/security-bugs/log/youtube: insecure
reporting URL for secure page at character position 22. The default
protections will be applied.
16:07:31.905
I'm also seeing the issue when I go directly to youtube via the embedded url so it's not just on my site.
当我通过嵌入的 url 直接转到 youtube 时,我也看到了这个问题,所以它不仅仅是在我的网站上。
UPDATE
更新
I've attached a photo of the headers in the response that indicate the google.com url that appears to be generating the issue.
我在响应中附上了标头的照片,表明似乎产生问题的 google.com 网址。
回答by Maksim Volkov
It's a known bug in the current Google Chrome and Chromium:
https://bugs.chromium.org/p/chromium/issues/detail?id=807304
这是当前 Google Chrome 和 Chromium 中的一个已知错误:https: //bugs.chromium.org/p/chromium/issues/detail?id
=807304
In the current version of their browser, the Chrome developers had restricted the X-XSS-Protection's report field URL to the same domain origin for some security reasons. So, when you embed a video with some embed code, as it downloads from another server where the header "report=https://www.google.com/" is set, and while your page is not hosted at the google.com domain - the error message occurs.
在当前版本的浏览器中,出于某些安全原因,Chrome 开发人员已将 X-XSS-Protection 的报告字段 URL 限制为相同的域来源。因此,当您使用一些嵌入代码嵌入视频时,因为它是从另一台设置了标题“report= https://www.google.com/”的服务器下载的,而您的页面未托管在 google.com域 - 出现错误消息。
Yet, all minor sites (including youtube.com) are sending report URL with different origin domains in it. Probably, they are not even aware of this recent change in Chrome. So either YouTube will change their headers or Chrome developers will revert this. There's nothing that we, as end users, can do. Just wait till they sort this out.
然而,所有次要站点(包括 youtube.com)都在发送包含不同源域的报告 URL。可能,他们甚至不知道 Chrome 最近的这个变化。所以要么 YouTube 会改变他们的标题,要么 Chrome 开发者会恢复这个。作为最终用户,我们无能为力。等他们解决了
UPDATE:
更新:
The issue has been fixed in Version 66.0.3359.117 (Official Build) (64-bit)
该问题已在 Version 66.0.3359.117 (Official Build) (64-bit)
回答by Hussnain sheikh
The issue has been fixed in Google Chrome new update.
该问题已在 Google Chrome 新更新中修复。
Version 66.0.3359.117 (Official Build) (64-bit)
Version 66.0.3359.117 (Official Build) (64-bit)
Make sure you have updated Chrome to this version.
确保您已将 Chrome 更新到此版本。
