Web Security Issues

Using the CEF V87 with flash support.

Web security disabled is not working. Even adding --disable-web-security --allow-insecure-localhosthas no effect.

How can this be fixed? I understand that the google url could be changed to https:// but this is only an example. Need the web security set to “state_disabled” working. Or at least for the software to recognize additional chromium args.

Cannot use with mixed content - does not load and displays blank pages.

Come on guys, 4 days and no reply. I really need to use your software.

9 days… Could you PLEASE check this issue out and get back to me?

After some testing to reproduce the issue, it’s rather a problem in your code because you are requesting external resources (on googleapis.com) with HTTP:// and not HTTPS://
So I think you should untick this option:

Or modify your HTML code so that external URLs begin with HTTPS:// (that’s the secure way).

This did not happen in past version, never had an issue. Some resources on the net do not have https setup and we included them without issue. Our box was ticked to use https for internal protocol. Not a single issue.

We updated a software using the latest release and nightmare began.

So you are saying what use to work no longer works? The new version is totally ignoring disable security, which it did not before.

The main problem is that we use more recent CEF versions than in previous versions of ExeOutput, so it may be the reason of your nightmare… Otherwise, we did not make any specific change to that disable web security flag.
Please try without HTTPS for internal protocol, since you call HTTP resources. Normally, you can’t call HTTP resources from pages loaded with HTTPS.

Ok, I can see your point. I really needed the internal https working.

But, in past releases what I had setup was working, just stopped on the older version that works with flash. Guess it is just a trade off will have to accept:) Have used an alternative solution for software titles in question.

Thanks for hearing me out.

Although I had to use different software solution to complete my project, here is a meta tag that may help others:

<meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">

The meta tag forces Google Chrome to execute your sites content without the SSL Mixed Content Error Message.

Had old version of exeout installed on another computer and disabling web security worked just fine, but does not on latest release.