User profile for user: Axel Luttgens
Axel Luttgens Author
User level: Level 2
200 points

XSS Auditor

Hello,


When connecting with Safari to the administrative web interface of a network device, the console often shows messages like this one:


The XSS Auditor refused to execute a script in 'someurl' because its source code was found within the request. The auditor was enabled as the server sent neither an 'X-XSS-Protection' nor 'Content-Security-Policy' header.


Of course, a lot of functionalities are therefore unavailble through the web interface...

And since I don't have any control upon the pages served by the device, I'm stuck.


Is there a way to (temporarily) turn off the XSS Auditor in Safari?

It looks like there is a xssAuditorEnabled setting in Webcore, but I didn't manage to go very far with that "knowledge"...


TIA,

Axel

Posted on Jul 17, 2014 8:01 AM

Reply
5 replies
User profile for user: Axel Luttgens
Axel Luttgens Author
User level: Level 2
200 points

Jul 17, 2014 9:55 AM in response to Linc Davis

Linc Davis wrote:


There's no way to disable it in the browser that I know of. It can be disabled on the server.

Not in this case: I have no control over the pages served by the network device.

You might get different results with another browser, such as Firefox.

True; for example, IE under Windows XP doesn't care about such futile security concerns. ;-)

But I would be very pleased to be able to go with Safari (hence my question).

Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

XSS Auditor

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up