Google Chrome Error ERR_BLOCKED_BY_XSS_AUDITOR

[kavlito]

Apparently it is a "bug" in Chrome 57, being a bit over zealous on protection. Newest version is supposed to have corrected it and suggest upgrading to newest version of Chrome.

If that doesn't work then edit this file:

public_html/ADMIN_NAME/.htaccess

add in:

# Protection against XSS (Cross-Site Scripting)
Header set X-XSS-Protection "1; mode=block"

If that doesn't work change the line to read:
Header set X-XSS-Protection "0"

Let us know what worked for you as many others may have or start having, the same problem.

The 2nd one worked for me (Header set X-XSS-Protection "0").

My problem was that I could not update product pages. I would get the message: 'Chrome detected unusual code on this page and blocked it to protect your personal information...'

Thank you for this fix. I like the fact that it works at the Admin level instead of the whole site.

I am using Opera with Chrome/58.0.3029.81.

[g2ktcf]

What is your setup regarding use of an SSL certificate?

What plugin's do you have installed?

What is the history of updating the site's files? How was that accomplished?

Well, you know my site and well and I am getting the same error!

[swguy]

Good grief still an issue in July.

[swguy]

A smaller fix than the .htaccess fix which was proposed in previous posts is just to update admin/product.php. Right before

Code:

<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN">^M

add

Code:

<?php echo header('X-XSS-Protection:0'); ?>

and this issue will be fixed for product editing, which I think is where it mostly occurs.

[Website Rob]

What you is true although I would not recommend it. To me it is adding just adding confusion to coding in the sense that putting Apache directives in PHP files makes it confusing to coders on where to find them. The .htaccess file is the place for Apache directives so why not make it easier for future customization?

[swguy]

a) I'm hoping I'll be able to remove this shortly when Google fixes the issue.
b) You're giving up *all* XSS protection because one form doesn't work. To me, this is not a great trade off. But suit yourself.

[wsworx]

In my case I have been using the newest google chrome without issue and then suddenly today I was editing an item, clicked "Preview" and got the error page. Went back to look for the item I was editing and it actually caused all the products information to be wiped from the database. The only thing left was the space in the database and it's ID number. I used swguy's work around for now but damn this is August and it is still an issue?

[DrByte]

Despite popular opinion, the easiest solution is: don't use Chrome.

[swguy]

Resistance is futile. You will be absorbed.

[CaroleAs]

It is September and still not fixed by Chrome. :)