SecurityError: The operation is insecure – window.history.pushState()

by

Make sure you are following the Same Origin Policy. This means same domain, same subdomain, same protocol (http vs https) and same port.

How does pushState protect against potential content forgeries?

EDIT: As @robertc aptly pointed out in his comment, some browsers actually implement slightly different security policies when the origin is file:///. Not to mention you can encounter problems when testing locally with file:/// when the page expects it is running from a different origin (and so your pushState assumes production origin scenarios, not localhost scenarios)

More Related Contents:

  1. What are the differences between history.pushState & location.hash? [closed]
  2. Is there any way to specify a suggested filename when using data: URI?
  3. Good tutorial for using HTML5 History API (Pushstate?) [closed]
  4. Pass vars to JavaScript via the SRC attribute
  5. Convert HTML to data:text/html link using JavaScript
  6. Original purpose of ? [closed]
  7. How to detect when history.pushState and history.replaceState are used? [duplicate]
  8. Get HTML code using JavaScript with a URL
  9. How do I retrieve if the popstate event comes from back or forward actions with the HTML5 pushstate?
  10. Remove fragment in URL with JavaScript w/out causing page reload
  11. How to trigger change when using the back button with history.pushstate and popstate?
  12. Javascript-Setting background image of a DIV via a function and function parameter
  13. How could I change window’s location without reloading and # hack?
  14. jQuery Mobile: document ready vs. page events
  15. jQuery Mobile: Markup Enhancement of dynamically added content
  16. JavaScript – Get Portion of URL Path
  17. How do I make an HTML text box show a hint when empty?
  18. How do I get query string value from script path?
  19. jQuery click anywhere in the page except on 1 div
  20. How to select all text in contenteditable div?
  21. Javascript – Dynamically assign onclick event in the loop
  22. javascript code not work in HEAD tag
  23. ‘img-src’ was not explicitly set, so ‘default-src’ is used as a fallback
  24. Getting “Uncaught ReferenceError: google is not defined” error using Google Maps API
  25. Trigger a button click inside an iframe [duplicate]
  26. How to determine if user selected a file for file upload?
  27. Remove scrollbar but not scrolling functionality [duplicate]
  28. How can I get DPI from image in JS?
  29. JavaScript form submit WITH a field called submit
  30. Change/Get check state of CheckBox

Leave a Comment