SecurityError The operation is insecure - window history pushState

Question

I m getting this error in Firefox s Console  SecurityError  The operation is insecure and the guilty is HTML5 feature  window history pushState   when I try to load something with AJAX  It is supposed to load some data but Javascript stops executing on error   I m wondering why this may be happening  Is this some server misconfiguration  Any help would be appreciated   UPDATE  Yes  it was a server error with domain name not matching  http   en wikipedia org wiki Same-origin policy

User · Answer

When creating a PWA  a service worker used on an non https server also generates this error

User · Answer

I had the same problem when called another javascript file from a file without putting javascript  physical  address   I solved it by calling it same way from the html  example   JS   archivo js  instead of  archivo js

User · Answer

I had this problem on ReactJS history push  turned out i was trying to open   link  with double slashes

User · Answer

I solved it by switching tohttp protocol from the file protocol   you can use  quot live-server quot  extension in VS code  or  on node  use live-server  dirPath

User · Answer

You should try not open the file with a folder-explorer method  i e  file      but open that file from http     i e  http   yoursite com  from http   localhost

User · Answer

We experienced the SecurityError  The operation is insecure when a user disabled their cookies prior to visiting our site  any subsequent XHR requests trying to use the session would obviously fail and cause this error

User · Answer

In my case I was missing  www   from the url I was pushing  It must be exact match  if you re working on www test com  you must push to www test com and not test com

User · Answer

replace serviceWorker unregister   to serviceWorker register   in index js file

User · Answer

Make sure you are following the Same Origin Policy   This means same domain  same subdomain  same protocol  http vs https  and same port   How does pushState protect against potential content forgeries   EDIT  As  robertc aptly pointed out in his comment  some browsers actually implement slightly different security policies when the origin is file       Not to mention you can encounter problems when testing locally with file     when the page expects it is running from a different origin  and so your pushState assumes production origin scenarios  not localhost scenarios

[javascript] SecurityError: The operation is insecure - window.history.pushState()

Examples related to javascript

Examples related to html

Examples related to url

Examples related to history

Examples related to pushstate