xss auditor

  • Resolved chochochocosensei

    (@chochochocosensei)


    7 years, 6 months ago

    Suddenly, when a user submit an event they get a ERR_BLOCKED_BY_XSS_AUDITOR message saying that “Chrome detected unusual code on this page and blocked it…”. (the booking goes through and the emails are sent, but the rsvp response page does not appear, but the error page.)

    I am not sure if this is a eme only error, or a site wide error, but it only occurs (it seems) on the booking page.

    A little research has indicated that this is a new “improvement” that chrome is rolling out and the fix seems to be to add header("X-XSS-Protection: 0"); to the php, but I dont know where, i.e. should it be inside the plugin or if it should be somewhere else.

    Any clues?

Viewing 3 replies - 1 through 3 (of 3 total)
  • Thread Starter chochochocosensei

    (@chochochocosensei)

    I was able to set the header and stop the message using some kind of headers plugin, but I am not sure how it fixed it, i.e. if I should be turning this off really, or if I should try to find the source of the error… ??

    Anyway, if it is eme-related, do let me know. If not, sorry for the trouble.

    Plugin Author Franky

    (@liedekef)

    I never replied to this (since you googled the fix yourself), but: the next version will have ajax-based form submission and should thus be “ok” for chrome to work with.
    If you want to give it a go, just let me know.

    Thread Starter chochochocosensei

    (@chochochocosensei)

    Hmm. sure, as it would mean one less plugin for me…(thx)

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘xss auditor’ is closed to new replies.