I found a workaround, but only for Firefox for now.
There is an Add-On for Firefox called "No Referrer (Misspelled Referer)" which lets you configure per-site referrer blocking. I loaded it in Firefox and created a rule in it for anything that is on my LAN. Worked like a charm. :-)
So far nothing I can do about Chrome or IE, though. Looks like an "all or nothing" setting for them. And no "plug-ins" of any kind that I can find which will do it like the Firefox one. :-(
Oh well, I normally use Firefox anyway. Just would have preferred a workaround that was browser agnostic.
Cross site scripting attacks happen from visiting sites with your own browser. If you browse the web and have an old build then you're vulnerable to the attack. It's very unlikely the devs will spend any time on this but if you want you can create a ticket for it.
Looks like we get the option to disable it by entering a NVRAM variable. Thanks guys!
Hi DWolfman
I need to disable the "Cross Site Action detected!" on my DD-WRT. where do i need to enter the NVRAM variable and what is the variable code? the link you posted is no longer valid
I am getting this "Cross Site Action detected!" when i FRAME REDIRECT a domain to my DD-WRT webserver. Only solution i found was to switch from FRAME REDIRECT to HTTP REDIRECT but the URL shown in the address bar become the DynDNS.org address so thats not really a solution :(
I made the change, rebooted the router and made sure the config was still running by doing:
nvram get no_crossdetect
1
However, when I load the website using FRAME redirect, i still get the red screen: Cross Site Action detected!
Any idea what i am missing ?
My goal is to host my website on the DD-WRT and have my registrar FRAME redirect the domain name to the dyndns domain which point to my dynamic IP. Like I said earlier, when i set HTTP redirect on the registrar control panel, it works fine but the url in the address bar is the one from Dyndns, not the original domain
You need build 14962 or higher as indicated in the ticket. _________________ Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting. (Don't PM about complicated setups otherwise)
Looking for bricks and spare routers to expand my collection. (not interested in G spec models)
You should read the build threads in the Atheros forum to find out other users experiences with each build but you can find all beta builds here:
ftp://dd-wrt.com/others/eko/BrainSlayer-V24-preSP2/ _________________ Read the forum announcements thoroughly! Be cautious if you're inexperienced.
Available for paid consulting. (Don't PM about complicated setups otherwise)
Looking for bricks and spare routers to expand my collection. (not interested in G spec models)
You need build 14962 or higher as indicated in the ticket.
Finally got around to trying this out. Loaded build 15962 of Brainslayer's builds to my WRT54G v8. Set the no_crossdetect to 1 like it says in my bug report, rebooted the router and closed my browser, then reopened the browser and went through my server's web page link. It does not work. I still get the error page.
The web page I have in my server is simply using plain HTML 3.2 code with just an href statement for the URL. Standard non-frame link in a web page.
Would it be best to reopen bug 1483 or just make a new one?
It works on: DD-WRT v24-sp2 (10/10/09) vpn - build 13064
It seems like no other problems.
Regards
Another workaround, thanks. I'm still using the one I found in Firefox, but keep getting reminded that this nvram variable doesn't work when I use IE or Chrome.
Just an FYI, it appears this is working again in 17201. I decided to try the last build available to see if it would work, and the setting does work.
As a bonus, the router is much more stable now. Previously, I had it restarting itself every day, because it would seem to "lose it's mind" after only 2 or 3 days of average usage (downloading a couple Linux ISOs, updating my local repositories, a little torrenting, along with typical web browsing). When it "lost it's mind", browsing would get sluggish and the router's web interface would usually not come up, or would appear but without the CSS info so it looked like crap. When it got like that, I'd have to power cycle it to get it back.
Here's the current uptime, straight out of the web interface: up 14 days, 6:59
I'd say that's a little more stable, since torrenting seemed to be this little WRT54G v8 router's main weakness (it lasted longer if I didn't do that). Plus I've pulled in a LOT of stuff over the last two weeks, as the traffic meter shows:
Total Traffic
Incoming (MBytes) 89692
Outgoing (MBytes) 8481
About 1/3rd of that was from some torrent downloads I had running, some going the whole time it's been up!