Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: Axel Luttgens
Axel Luttgens Author
User level: Level 2
200 points

XSS Auditor

Hello,


When connecting with Safari to the administrative web interface of a network device, the console often shows messages like this one:


The XSS Auditor refused to execute a script in 'someurl' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.


Of course, a lot of functionalities are therefore unavailble through the web interface...

And since I don't have any control upon the pages served by the device, I'm stuck.


Is there a way to (temporarily) turn off the XSS Auditor in Safari?

It looks like there is a xssAuditorEnabled setting in Webcore, but I didn't manage to go very far with that "knowledge"...


TIA,

Axel

Posted on Jul 17, 2014 8:01 AM

Reply
5 replies
User profile for user: Axel Luttgens
Axel Luttgens Author
User level: Level 2
200 points

Jul 17, 2014 9:55 AM in response to Linc Davis

Linc Davis wrote:


There's no way to disable it in the browser that I know of. It can be disabled on the server.

Not in this case: I have no control over the pages served by the network device.

You might get different results with another browser, such as Firefox.

True; for example, IE under Windows XP doesn't care about such futile security concerns. ;-)

But I would be very pleased to be able to go with Safari (hence my question).

Reply
User profile for user: Axel Luttgens
Axel Luttgens Author
User level: Level 2
200 points

Jul 20, 2014 8:17 AM in response to Axel Luttgens

So, for those who might be facing the same problem...


Very empirically, I managed to find that way for Safari 6.1.5:


defaults write com.apple.Safari "com.apple.Safari.ContentPageGroupIdentifier.WebKit2XSSAuditorEnabled" -bool FALSE


Of course, better to set above value to TRUE once the XSS Auditor deactivation isn't needed anymore. ;-)


HTH,

Axel

Reply

XSS Auditor

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up