207

IS there a way to trick the server so I don't get this error:

Content was blocked because it was not signed by a valid security certificate.

I'm pulling an iframe of an html website into another website but I keep getting the console (chrome) error in the title of this question and in internet explorer it says:

Content was blocked because it was not signed by a valid security certificate.

Improve this question
1
  • it sounds like you are trying to access an insecure resource from a secure resources. I believe they have a similar problem here. Commented May 15, 2014 at 21:07

8 Answers 8

Reset to default
303

Your resource probably use a self-signed SSL certificate over HTTPS protocol. Chromium, so Google Chrome block by default this kind of resource considered unsecure.

You can bypass this this way :

  • Assuming your frame's URL is https://www.domain.com, open a new tab in chrome and go to https://www.domain.com.
  • Chrome will ask you to accept the SSL certificate. Accept it.
  • Then, if you reload your page with your frame, you could see that now it works

The problem as you can guess, is that each visitor of your website has to do this task to access your frame.

You can notice that chrome will block your URL for each navigation session, while chrome can memorise for ever that you trust this domain.

If your frame can be accessed by HTTP rather than HTTPS, I suggest you to use it, so this problem will be solved.

Improve this answer
Sign up to request clarification or add additional context in comments.

12 Comments

I think when you open the other tab, you need to go to https://domain.com and accept the SSL cert.
@RémiBecheras, is there any way to get Chrome to remember to trust the certificate over multiple navigation sessions?
In order to add a such rule, you have to get the certificate. If it's yours, you already have it. If don't, click the https left icon on adressbar > certificate informations > details > export. Then, use this file
This also worked for the weird case where a site was sending a request to the same domain (itself) which I had just approved continuing past the self-signed certificate but then Chrome was throwing this error.
Is there a way to do this kind of bypass through client side code? Meaning, can I program into the client "hey this server you're trying to access looks sketchy, but its ok trust me. I wrote you both, You're technically code brothers/sisters/gender neutral siblings" ?
|
33

Sometimes Google Chrome throws this error, even if it should not. I experienced it when Chrome had a new version, and it needed to be restarted. After restarting the same page worked without any errors. The error in the console was:

net::ERR_INSECURE_RESPONSE
Improve this answer

7 Comments

Confirmed, a restart of Chrome (and killing all the background Chrome processes) fixed it for me.
doesn't work.. its a self signed certificate.. it won't work by restarting
Confirmed also with me!
@Balazs, Is restarting the browser the only way? Assuming we can't afford to restart, is there a way to do it via chrome://net-internals?
A restart of Chrome (without background processes) fixed it for me also. Thanks!
|
8

I still experienced the problem described above on an Asus T100 Windows 10 test device for both (up to date) Edge and Chrome browser.

Solution was in the date/time settings of the device; somehow the date was not set correctly (date in the past). Restoring this by setting the correct date (and restarting the browsers) solved the issue for me. I hope I save someone a headache debugging this problem.

Improve this answer

3 Comments

I'm encountering a similar error on an asus zenbook running Windows 8. Unfortunately, this didn't work for me but can you explain in more detail how you reset the date/time? Just by setting the time zone through the windows ui?
@DEls, I switched timezones in Windows configuration - that reset the system clock for me. Did you restart the browser afterwards? If timing did not solve the problem you might have to look into the other solution described in this topic.
I don't know why, but this worked for me. The year was set to 2048, changed it to current year and all fixed. Thanks @SebastiaanOrdelman
6

Offering another potential solution to this error.

If you have a frontend application that makes API calls to the backend, make sure you reference the domain name that the certificate has been issued to.

e.g.

https://example.com/api/etc

and not

https://123.4.5.6/api/etc

In my case, I was making API calls to a secure server with a certificate, but using the IP instead of the domain name. This threw a Failed to load resource: net::ERR_INSECURE_RESPONSE.

Improve this answer

Comments

6

open up your console and hit the URL inside. it'll take you to the API page and then in the page accept the SSL certificate, go back to your app page and reload. remember that SSL certificates should have been issued for your Dev environment before.

Improve this answer

Comments

4

If you're developing, and you're developing with a Windows machine, simply add localhost as a Trusted Site.

And yes, per DarrylGriffiths' comment, although it may look like you're adding an Internet Explorer setting...

I believe those are Windows rather than IE settings. Although MS tend to assume that they're only IE (hence the alert next to "Enable Protected Mode" that it requries restarted IE)...

Improve this answer

1 Comment

I am using linux ubuntu, not windows, any solution?
0

Try this code to watch for, and report, a possible net::ERR_INSECURE_RESPONSE

I was having this issue as well, using a self-signed certificate, which I have chosen not to save into the Chrome Settings. After accessing the https domain and accepting the certificate, the ajax call works fine. But once that acceptance has timed-out or before it has first been accepted, the jQuery.ajax() call fails silently: the timeout parameter does not seem help and the error() function never gets called.

As such, my code never receives a success() or error() call and therefore hangs. I believe this is a bug in jquery's handling of this error. My solution is to force the error() call after a specified timeout.

This code does assume a jquery ajax call of the form jQuery.ajax({url: required, success: optional, error: optional, others_ajax_params: optional}).

Note: You will likely want to change the function within the setTimeout to integrate best with your UI: rather than calling alert().

const MS_FOR_HTTPS_FAILURE = 5000; $.orig_ajax = $.ajax; $.ajax = function(params) { var complete = false; var success = params.success; var error = params.error; params.success = function() { if(!complete) { complete = true; if(success) success.apply(this,arguments); } } params.error = function() { if(!complete) { complete = true; if(error) error.apply(this,arguments); } } setTimeout(function() { if(!complete) { complete = true; alert("Please ensure your self-signed HTTPS certificate has been accepted. " + params.url); if(params.error) params.error( {}, "Connection failure", "Timed out while waiting to connect to remote resource. " + "Possibly could not authenticate HTTPS certificate." ); } }, MS_FOR_HTTPS_FAILURE); $.orig_ajax(params); }
Improve this answer

Comments

0

This problem is because of your https that means SSL certification. Try on Localhost.

Improve this answer

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.