Better Preview

Chrome warning when trying to preview

1 year 3 months ago #70946

Simon Logan's Avatar Simon Logan

On trying to preview a page we are getting the following error in the popup:

Chrome detected unusual code on this page and blocked it to protect your personal information (for example, passwords, phone numbers and credit cards).

I've checked the code of that page and although it's an extensive page (lots of content) there is nothing unusual or fancy about it and certainly no scripts. Using inspector there's an error:
The XSS Auditor blocked access to 'https://www.mysite.org.uk/index.php?option=com_content&view=article&id=666&catid=12&Itemid=105' because the source code of a script was found within the request. The auditor was enabled as the server did not send an 'X-XSS-Protection' header.

https://www.screencast.com/t/SPwAGiS2F

1 year 3 months ago #70961

Peter van Westen's Avatar Peter van Westen Admin

Looks like your site is loading some script that is acting up.
Try disabling the twitter module. See if that is causing this.

1 year 3 months ago #70978

Simon Logan's Avatar Simon Logan

Hi Peter

Thanks for the guidance - have tried this with no luck so far. I've disabled pretty much every module which is being loaded on that page one by one then tested the Preview again but each time get that error. I've also tested previewing other pages which load the same modules and they preview okay so not sure if that means it is something in the content area which is causing the issue? Here's the full content if you can see anything obvious:

Confidential information:
(hidden)

1 year 3 months ago #70979

Peter van Westen's Avatar Peter van Westen Admin

That would indeed imply it is specific to the content.
Probably the iframe.

1 year 3 months ago #70980

Simon Logan's Avatar Simon Logan

The iframe is where we have embedded an Youtube video using JCE's INSERT MEDIA button. Is there any way for Better Preview to accept the usage of this (even if it's just a preview bock shown instead of the video itself)?

1 year 3 months ago #70981

Peter van Westen's Avatar Peter van Westen Admin

Better Preview 'simply' opens the frontend page in the iframe and pushes the content in your editor to it.
What content you have in that article and how your browser deals with that is outside the control of Better Preview.

Please read: stackoverflow.com/questions/17016960/chr...-to-execute-a-script

1 year 3 months ago #70982

Simon Logan's Avatar Simon Logan

Okay, fair enough.

The video displays fine on the frontend (real view, not via RealPreview) so I'm assuming the issue is that it's loading that content within the popup or something? I looked at the Stackoverflow link but amn't sure I even have the ability to add that header tag since it's all going through BetterPreview?

1 year 3 months ago #70983

Peter van Westen's Avatar Peter van Westen Admin

You could try adding it to the index.php of your template.
Or figure out why the warning is thrown and fix that.

1 year 3 months ago #71280

Jim Hill's Avatar Jim Hill

I began to have this issue just this week as well in Chrome. The only changes I made were: Upgraded to Joomla 3.70, upgraded from PHP 7.0 to 7.1. I have other Joomla sites, they run on PHP7.1 and the Better Preview works correctly. Hard one to track down. This is the error that I see during the preview in the Javascript console:

The XSS Auditor blocked access to ' www.ufcinc.com/index.php?option=com_cont...catid=34&Itemid=1403 ' because the source code of a script was found within the request. The auditor was enabled as the server did not send an 'X-XSS-Protection' header.

This seems to be the way to fix it, have not tried to implement it yet:
stackoverflow.com/questions/17016960/chr...-to-execute-a-script

Now I see that the Chrome developers are aware of this and working on it.
github.com/freeCodeCamp/freeCodeCamp/issues/13727