SecurityError: The operation is insecure - window.history.pushState()

javascript html url history pushstate
152,531

Solution 1

Make sure you are following the Same Origin Policy. This means same domain, same subdomain, same protocol (http vs https) and same port.

How does pushState protect against potential content forgeries?

EDIT: As @robertc aptly pointed out in his comment, some browsers actually implement slightly different security policies when the origin is file:///. Not to mention you can encounter problems when testing locally with file:/// when the page expects it is running from a different origin (and so your pushState assumes production origin scenarios, not localhost scenarios)

Solution 2

We experienced the SecurityError: The operation is insecure when a user disabled their cookies prior to visiting our site, any subsequent XHR requests trying to use the session would obviously fail and cause this error.

Solution 3

In my case I was missing 'www.' from the url I was pushing. It must be exact match, if you're working on www.test.com, you must push to www.test.com and not test.com

Solution 4

You should try not open the file with a folder-explorer method (i.e. file://), but open that file from http:// (i.e. http://yoursite.com/ from http://localhost/)

Solution 5

I had the same problem when called another javascript file from a file without putting javascript "physical" address. I solved it by calling it same way from the html, example: "JS / archivo.js" instead of "archivo.js"

Share:
152,531
Atadj
Author by

Atadj

Updated on July 05, 2022

Comments

  • Atadj
    Atadj almost 2 years

    I'm getting this error in Firefox's Console: SecurityError: The operation is insecure and the guilty is HTML5 feature: window.history.pushState() when I try to load something with AJAX. It is supposed to load some data but Javascript stops executing on error.

    I'm wondering why this may be happening. Is this some server misconfiguration? Any help would be appreciated.

    UPDATE: Yes, it was a server error with domain name not matching: http://en.wikipedia.org/wiki/Same-origin_policy

  • Sashko Lykhenko
    Sashko Lykhenko over 5 years
    how to use pushState with file:/// then?
  • jeremysmith
    jeremysmith over 5 years
    When a user disables their cookies, you can wrap XHR request code in a try/catch block and use the catch to prompt the user to enable cookies. Wrap window.localStorage, window.history.pushState() or any XHR requests.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

What are the differences between history.pushState & location.hash?
history.pushState - not working?
How to call url in javascript?
Creating a search form that opens a new url based on search input
How to update the twitter share button URL with dynamic content?
How to change css for active link based on the hashtag
How to download entire HTML of a webpage using javascript?
Javascript button and document.location
HTML Base URL and links
Simulate PHP Include Without PHP