Chrome: ERR_BLOCKED_BY_XSS_AUDITOR details

google-chrome xss
piraces picture piraces · Apr 6, 2017 · Viewed 93.5k times · Source

I'm getting this chrome flag when trying to post and then get a simple form.

The problem is that the Developer Console shows nothing about this and I cannot find the source of the problem by myself.

Is there any option for looking this at more detail? View the piece of code triggering the error for fixing it...

Answer

A1Gard picture A1Gard · Jun 22, 2017

The simple way for bypass this error in developing is send header to browser

Put the header before send data to browser.

In php you can send this header for bypass this error ,send header reference:

header('X-XSS-Protection:0');

In the ASP.net you can send this header and send header reference:

HttpContext.Response.AddHeader("X-XSS-Protection","0");
or 
HttpContext.Current.Response.AddHeader("X-XSS-Protection","0");

In the nodejs send header, send header reference :

res.writeHead(200, {'X-XSS-Protection':0 });
// or express js
res.set('X-XSS-Protection', 0);

Related questions

How do you use window.postMessage across domains?

It seems like the point of window.postMessage is to allow safe communication between windows/frames hosted on different domains, but it doesn't actually seem to allow that in Chrome. Here's the scenario: Embed an <iframe> (with a …

Read More
Chrome Developer Console throws X-XSS-Protection error when embedding youtube link

I'm using Chrome Version 31.0.1650.63 m. Recently, I've noticed a few errors being thrown in the Chrome developer console, but nothing seems wrong with my site. Upon investigation, they seem to be related to an embedded youtube link. The markup in …

Read More
Disable same origin policy in Chrome

Is there any way to disable the Same-origin policy on Google's Chrome browser?

Read More