[javascript] SecurityError: The operation is insecure - window.history.pushState()

I'm getting this error in Firefox's Console: SecurityError: The operation is insecure and the guilty is HTML5 feature: window.history.pushState() when I try to load something with AJAX. It is supposed to load some data but Javascript stops executing on error.

I'm wondering why this may be happening. Is this some server misconfiguration? Any help would be appreciated.

UPDATE: Yes, it was a server error with domain name not matching: http://en.wikipedia.org/wiki/Same-origin_policy

This question is related to javascript html url history pushstate

The answer is


I had this problem on ReactJS history push, turned out i was trying to open //link (with double slashes)


In my case I was missing 'www.' from the url I was pushing. It must be exact match, if you're working on www.test.com, you must push to www.test.com and not test.com


When creating a PWA, a service worker used on an non https server also generates this error.


I had the same problem when called another javascript file from a file without putting javascript "physical" address. I solved it by calling it same way from the html, example: "JS / archivo.js" instead of "archivo.js"


You should try not open the file with a folder-explorer method (i.e. file://), but open that file from http:// (i.e. http://yoursite.com/ from http://localhost/)


We experienced the SecurityError: The operation is insecure when a user disabled their cookies prior to visiting our site, any subsequent XHR requests trying to use the session would obviously fail and cause this error.


I solved it by switching tohttp protocol from the file protocol.

  • you can use "live-server" extension in VS code,
  • or, on node, use live-server [dirPath]

replace serviceWorker.unregister() to serviceWorker.register() in index.js file


Examples related to javascript

need to add a class to an element How to make a variable accessible outside a function? Hide Signs that Meteor.js was Used How to create a showdown.js markdown extension Please help me convert this script to a simple image slider Highlight Anchor Links when user manually scrolls? Summing radio input values How to execute an action before close metro app WinJS javascript, for loop defines a dynamic variable name Getting all files in directory with ajax

Examples related to html

Embed ruby within URL : Middleman Blog Please help me convert this script to a simple image slider Generating a list of pages (not posts) without the index file Why there is this "clear" class before footer? Is it possible to change the content HTML5 alert messages? Getting all files in directory with ajax DevTools failed to load SourceMap: Could not load content for chrome-extension How to set width of mat-table column in angular? How to open a link in new tab using angular? ERROR Error: Uncaught (in promise), Cannot match any routes. URL Segment

Examples related to url

What is the difference between URL parameters and query strings? Allow Access-Control-Allow-Origin header using HTML5 fetch API File URL "Not allowed to load local resource" in the Internet Browser Slack URL to open a channel from browser Getting absolute URLs using ASP.NET Core How do I load an HTTP URL with App Transport Security enabled in iOS 9? Adding form action in html in laravel React-router urls don't work when refreshing or writing manually URL for public Amazon S3 bucket How can I append a query parameter to an existing URL?

Examples related to history

Linux Command History with date and time Original purpose of <input type="hidden">? SecurityError: The operation is insecure - window.history.pushState() Why number 9 in kill -9 command in unix? nginx: send all requests to a single html page What is the origin of foo and bar?

Examples related to pushstate

window.history.pushState refreshing the browser S3 Static Website Hosting Route All Paths to Index.html SecurityError: The operation is insecure - window.history.pushState() Good tutorial for using HTML5 History API (Pushstate?)