Opera Browser 10.6.8

Posted on by admin

Opera Description. Opera is a cross platform web browser and Internet suite. It includes a variety of programs to accomplish common Internet tasks such as web browsing, IRC, email. Opera, in particular, is another solid choice. It has built-in malware protection and a great feature that compresses web pages for faster loading times. It’s worth a try, especially on older.

  • Sending CORS response headers
  • How to set response headers
  1. What version is available for mac os 10.6.8? First time here? Check out the FAQ. Asked Jul 15 by anonymous about Opera edited Jul 15 by Nadia Caul. What version is.
  2. The default expiration varies from browser to browser, but cross-origin requests made after the result cache expires will be preceded by another preflight request. Access-Control-Max-Age explicitly informs the user agent how many seconds it should store the preflight result (try viewing my Access-Control-Max-Age demo ).
  3. Opera Mini Opera News. Get Opera for your operating system. The Opera browser for Windows, Mac, and Linux computers gives you the most from the Web with features that maximize your privacy, content enjoyment, and productivity. Over 2,500 extensions make it easy to customize Opera. Download the extensions and themes you like from Opera.

Introduction

Same-origin policies are a central security concept of modern browsers. In a web context, they prevent a script hosted at one origin — meaning the same protocol, domain name, and port — from reading from or writing to the DOM of another.

This restriction is sensible and useful most of the time. Without a same-origin policy, a script hosted on http://foo.example could hijack cookie data or sensitive document information from http://bar.example and redirect it to http://evilsite.example.

Sometimes, however, a same-origin policy can be burdensome. Making requests across subdomains, for example, is prohibited by a same-origin policy. You also can't use XMLHttpRequest to pull in JSON data from a third-party API. To make matters worse, workarounds such as JSONP or document.domain can leave us vulnerable to XSS attacks.

What we need, then, is a mechanism for requesting data across origins, but with the ability to deny requests that don't come from the right source. This is the problem that Cross-Origin Resource Sharing (or CORS) solves.

Cross-Origin Resource Sharing is new in Opera 12. Support is also available in Chrome, Safari, Firefox, and the forthcoming Internet Explorer 10.

What is CORS?

CORS is a system of headers and rules that allow browsers and servers to communicate whether or not a given origin is allowed access to a resource stored on another. Understanding CORS is critical to working with modern web APIs. Cross-domain XMLHttpRequest, and Internet Explorer's XDomainRequest object, for example, both rely on it.

CORS consists of three request headers, and six response headers (see Table 1 below). Browsers automatically set request headers for some cross-origin requests, such as those made using the XMLHttpRequest object.

Response headers, of course, are returned by the URI in question. You can set them in your server configuration file or per URI using a server-side language. Which approach you choose will depend on the kind of application you're building. We'll cover each response header in the Sending CORS Response Headers section.

Though cross-origin resource sharing is a permissions system of sorts, understand that it is not a form of content protection: it is a form of cross-site scripting protection. Browsers will still complete the HTTP request, but will expose the resulting response body only if the response includes the appropriate headers. You will experience this if you run the CORS demos.

Speaking of running demos, I recommend using an HTTP monitor to observe headers, as built-in developer tools can sometimes mask what's happening under the hood. A good open source choice is Wireshark, and pay-for alternatives include Charles (Mac/Win/Linux; US$50 / ~€38) and HTTPScoop (Mac; €12 / ~US$15)

How browsers make simple cross-origin requests

When a script attempts a cross-origin request, the user agent will automatically include one or more request headers, depending on how the request is formed. If the server or application sends the appropriate response headers, subsequent attempted changes to the DOM will succeed.

Here’s an example. The code below uses XMLHttpRequest to retrieve a JSON-formatted file from http://foo.example. We'll assume that this script is hosted on http://bar.example.

Now let's look at how Opera and other browsers handle this cross-origin request. What follows is an example of Opera's request headers.

See that Origin header? It lets http://foo.example/data.json know that this request is coming from an external source. Notice too that the Referer and Origin headers have different values, and that the value of Origin does not include a trailing slash.

Now let's look at the URI's response headers.

Here we have an Access-Control-Allow-Origin response header. That header indicates whether or not http://bar.example is allowed to use this resource. Because the value of Access-Control-Allow-Origin matches http://bar.example, subsequent DOM operations requiring data.json will succeed (as you can see in my CORS example). If the Access-Control-Allow-Origin value did not match, or the header was missing, then the contents of data.json would not be made available to the DOM. We’ll discuss the Access-Control-Allow-Origin header in greater detail below.

How browsers make complex cross-origin requests

For simple request methods (GET, HEAD and POST), and simple request headers (Accept, Accept-Language, Content-Language, Last-Event-ID, or Content-Type) the exchange between the Origin header and the Access-Control-Allow-Origin header is enough.

Complex request methods and request headers (including custom headers) work a bit differently. They require that the cross-origin request be pre-approved using a preflight request.

A preflight request asks the target server whether it is okay to make a full request using a particular method or header. In a typical cross-origin request, the user agent says to the server, Hi there! It’s http://foo.example. Please send me this resource. In a preflight request, the user agent will start off by saying, Hey, hey! It’s http://foo.example. I am going to ask for this resource using the PUT method. I also plan to include an If-Modified-Since header. Will you tell me whether you can handle this method and header before I send the actual request?

During a preflight operation, the user agent first sends a request using the OPTIONS method. In addition to the Origin header, the preflight request will include the Access-Control-Request-Method and/or an Access-Control-Request-Headers header.

Access-Control-Request-Method is included when the HTTP method used is one that may have a side effect — using PUT or DELETE, for example. Browsers also send Access-Control-Request-Headers when the header is a complex header, such as If-Modified-Since, or a custom header such as Opera Mini's X-Forwarded-For.

Let's look at an example using the PUT method. This request will be made from servera.example to serverb.example using XMLHttpRequest.

Now let's look at the preflight request headers.

The URI returns a standard set of response headers. But it also includes the Access-Control-Allow-Origin and Access-Control-Allow-Methods headers.

Here the values of Access-Control-Allow-Origin and Access-Control-Allow-Methods match the values of Origin and Access-Control-Request-Method, respectively. As a result, this preflight request will be followed by an actual request that includes the request body (in this case, data=some+data).

We will cover Access-Control-Allow-Methods and a similar header, Access-Control-Allow-Headers, in the Sending CORS response headers section. For now, it's enough to understand that if either of these headers were missing or contained values that did not match, the browser would cancel the actual request.

Sending CORS response headers

Scripts can initiate cross-origin requests, but the target URI must permit fetching by sending the appropriate response headers. Let’s look at each possible response header.

Access-Control-Allow-Origin

As its name suggests, the Access-Control-Allow-Origin header is a response to the Origin request header. It tells the user agent whether the requesting origin has permission to fetch the resource.

Access-Control-Allow-Origin can be set to one of three values:

  • null, which denies all origins;
  • *, the wildcard operator, which allows all origins; or
  • An origin list of one or more space-separated origins.

The following examples are all valid headers.

  • Access-Control-Allow-Origin: null
  • Access-Control-Allow-Origin: *
  • Access-Control-Allow-Origin: http://foo.example
  • Access-Control-Allow-Origin: http://foo.example http://bar.example

In practice, however, origin lists (Access-Control-Allow-Origin: http://foo.example http://bar.example) do not yet work in any browser. Instead, servers and applications must return an Access-Control-Allow-Origin header conditionally, based on the value of the Origin request header. An example of how to do this follows, in the Conditional CORS implementation section.

Also keep in mind that, though it is possible to use a wildcard value, it isn't necessarily a good idea. Doing so will allow scripts from any origin access to your document tree. It is safest to limit access to origins you know, and authenticate requests for sensitive data.

Access-Control-Allow-Methods

If a preflight request contains an Access-Control-Request-Method header, the target URI must return an Access-Control-Allow-Methods header for the request to be completed successfully. The header's value must be one or more HTTP methods such as PUT, DELETE, TRACE or CONNECT (again, GET, POST, and HEAD are considered simple methods, and will not cause this header to be included).

It's perfectly valid to allow multiple methods. However, you must separate them with a comma: Access-Control-Allow-Methods: PUT, DELETE.

Access-Control-Allow-Headers

Access-Control-Allow-Headers has a similar function to Access-Control-Allow-Methods, but instead tells the browser whether a particular header is allowed.

Standard or custom headers are appropriate values for Access-Control-Allow-Headers. For the cross-origin request to succeed, its value must match (or include) the value of the Access-Control-Request-Headers header. Let’s look at an example.

The response headers might look like this:

In this case, the request succeeds. If the value of Access-Control-Allow-Headers was X-Not-A-Secret instead, or missing entirely, this would have failed. As with Access-Control-Allow-Methods, multiple header values must be separated by a comma.

10.6.8

Access-Control-Allow-Credentials

Cross-origin requests do not include cookies or HTTP authentication information by default; they can, however, if the credentials flag is set to true. In the case of XMLHttpRequest, the credentials flag can be set using the withCredentials property. Below is an example of such a request. If a user cookie is available, it will be sent to the server.

Setting Access-Control-Allow-Credentials tells the user agent whether the response should be exposed when the credentials flag is true. If sent in response to a preflight request, it indicates that the actual request can include user credentials. In these cases, the Access-Control-Allow-Origin header must match the origin in order for the request to succeed; a wild card value will not work. Again, if the header is missing entirely, the request will fail (view my Access-Control-Allow-Credentials demo).

Access-Control-Expose-Headers

Browsers, by default, limit which cross-origin response headers are available to the DOM. Using the XMLHttpRequest.getResponseHeader() to read the Content-Length header will result in a null value. You may however want your application to know how many bytes of content to expect. Access-Control-Expose-Headers is designed to let developers white-list headers that can safely be exposed to the requesting origin.

Unfortunately, Access-Control-Expose-Headers does not yet work as you might expect in some browsers. To date:

  • Opera and Firefox will permit both standard HTTP headers and custom headers to be exposed.
  • Chrome and Safari will not expose headers it deems unsafe, including custom headers.
  • Internet Explorer will expose custom headers, but not standard ones that it deems unsafe.

Content-Length, for example, can be exposed in Firefox and Opera, but not Internet Explorer, Chrome, or Safari. A custom header such as X-Secret-Request-Header can be exposed in Opera, Internet Explorer, and Firefox, but not Chrome or Safari. To see this for yourself, compare how my Access-Control-Expose-Headers demo works in different browsers.

Access-Control-Max-Age

When a user agent makes a preflight request, the result is stored in the preflight result cache. The default expiration varies from browser to browser, but cross-origin requests made after the result cache expires will be preceded by another preflight request.

Access-Control-Max-Age explicitly informs the user agent how many seconds it should store the preflight result (try viewing my Access-Control-Max-Age demo). Access-Control-Max-Age: 15, for instance, tells the browser If you make another request in the next fifteen seconds, you can skip the preflight process. Just send the request. Setting Access-Control-Max-Age to zero (Access-Control-Max-Age: 0) disables the preflight result cache.

How to Set Response Headers

The easiest way to enable cross-origin resource sharing is to set response headers per file type or directory using a server configuration file. The example that follows is specific to Apache, and requires mod_headers. To permit requests for all JSON files from http://foo.example, your .htaccess file should contain the following.

If you use another web server, consult its documentation for instructions.

Setting CORS headers in the server configuration is adequate in some situations, although in most cases you’ll want to set access control response headers per URI. This should be done at the application level using a server-side language of your choice.

Conditional CORS

Opera Browser Mac 10.6.8

As discussed above, no major browser yet supports multiple origins as a value for the Access-Control-Allow-Origin header. So what do you do if you want to share data across several origins? The solution is to set the value conditionally.

Opera Browser For Mac Os X 10.6.8

The simple example that follows uses PHP to send an Access-Control-Allow-Origin response header only if the supplied origin is in our white list ($allowed):

A more robust version of the above example might keep a list of allowed origins for each URI in a datastore. Again, this is not an effective way to protect sensitive data. But it is a bullwark against XSS attacks.

Learn More

Opera Browser 10.6 8

For a greater understanding of cross-domain scripting and cross-origin resource sharing, visit the resources below.

Opera Browser For Mac 10.6.8

Macintosh sites
A-E F-NO-ZMac OS X
Download my résumé as a Word compressed zip file and Adobe Acrobat. My freelance availability calendar is also available. Tech support jobs.
advanced
If you need technical support for issues after reading this FAQ, please visit my Tech Support page, where I offer fee based support.

Note: this page was formerly on the Mac OS X speed FAQ
This page was started as a one stop resource for many Apple compatible web browsers. In an effort to make it easier to find out why certain websites won't work on your Mac.

A user tip on Apple Support Communities was added on 3/26/2021 by me to address current browsers for Macs.

It is divided into these sections:

References for coding websites

Many websites may not be totally compatible with any of those web browsers, but that's because their webmasters (the commonly used term for the programmer of a webpage) neglect to follow WWW Consortium Standards. You should write the webmaster of any website that doesn't follow those standards and let them know that the web is more than just for Windows users, and that following those standards will help their web pages be more accessible. First off, those who can't afford another operating system, can now see their website as viewed from nearly every browser on the planet at Browsershots.org.
A great page on helping webmasters become more crossbrowser compatible is Anybrowser.org. Others include Webstandards.org, and Webmonkey.
Mac users may be interested in Pure-Mac's Editors - Software for Macintosh for a variety of webpage editors for the Mac
Meanwhile if the webmaster doesn't respond, here are links to all the major web browsers for the Mac and tools to make them work more efficiently. In addition to requesting webmasters to make websites more compatible, let the authors of the web browsers know when a website doesn't work. Below the table below are Java updates.
The contact link to the various web browser authors is in the table below next to each web browser:

Browser name with download linkPowerPC and/or Mac OS 9 versionContact/feedback link


Older versions included on earlier updates for Mac upgrades may not work as well as current browsers available for them. A history of security updates also covers when Safari was updated.


Safari 11.1.2 is available for 10.11.6.
Wikipedia lists the latest Safari version, and which operating system can use it Safari 11.1 is in 10.13.4.
Safari 9.1.2 is on 10.11.6's last security update that came out simultaneously with 10.13.4. Safari 9.0 ships with Mac OS X 10.11, and version 9.1 is available for 10.9, 10.10, and 10.11 through Software updates for the operating systems combined with the the security update, and the Safari update through the App Store. 10.10.4 for instance can't get Safari 9.1, but Mac OS X 10.9.5 and 10.10.5 can, and it must be installed separately from the security update unless you install all the updates for the operating system together including remote desktop and other updates which may not be needed by you. Other browsers such as Chrome and Firefox are not as sensitive to the operating system.
Safari 8.0.8 ships with Mac OS X 10.10.5
Safari 8.0.7 ships with Mac OS X 10.10.4
Safari 7.0.5 ships with Mac OS X 10.9.4.
Safari 7 ships with Mac OS X 10.9.
Safari 6.0.5 is part of Mac OS X 10.8.5.
Safari 6.0 ships with Mac OS X 10.8 Mountain Lion.
Safari Safari 6 for Mac OS X 10.7, and Safari 5 for Mac OS X 10.6 are being kept up to date.
Safari 5.1.6 came out with 10.7.4. In 10.7.3 and 10.6.8 it is 5.1.5. Safari 5.1.2 is available in Mac OS X 10.7.2, and 10.6.8 from Apple for 10.6.8 only. Version 5.0.4 is included with 10.6.7. Safari 5.0 is included with 10.6.4, however requires 10.5.8, and 10.6.2 or later on Apple's website. Note, version 5.0.2 has reportedly had issues with some computers slowing downloads of updates. 5.0.3 appears to have fixed the problem for some, as well as issues with the download speed of . Version 4.0.5 could also run on 10.6.2. Version 4.0.4 shipped with Mac OS X 10.6.2. Version 4.0.3 came with 10.6 and 10.6.1. Version 4.0.2 was included with 10.5.8. Safari 3.2.3 is also available for 10.5.7, 10.4.11 (no longer available as English download), Windows XP and Vista (version no longer stored at Apple). Version 3.2.1 was available for 10.5.5. Version 3.0.4 was included with 10.4.11, and 10.5, 10.5.1, and 10.5.2.
Version 3.1 and later include a 'Develop menu' in the Safari menu -> Preferences -> Advanced that allows Safari to spoof a website into thinking it is a different web browser. Prior versions (3.0.4 and earlier), read about enabling the Debug menu. If you want to explore the command line via Applications -> Utilities -> Terminal, you can enable the Debug menu that the previously available software Safari Enhancer does offer you a User Agent menuitem to cloak itself as a different web browser (I'm not sure which versions this works on since I haven't tested it on all):
defaults write com.apple.Safari IncludeDebugMenu 1
Nagarabrowser (original source no longer exists) gives Safari a kiosk mode. With the 10.3.9 update it has been reported that several third party addons such as Saft and Acid Search will need updates. The March 2005 security update fixes Java issues on Safari, and if you applied the 10.3.9 delta update, applying the 10.3.9 combined update will often fix issues. See my Upgrade FAQ for more on how to apply updates without running into issues such as these.

Version 1.1.1 and later are only available as part of Apple's Mac OS X 10.3. Older versions of Safari are only available in non-English varieties from Apple: Version 1.3.2 is available for 10.3.9. Version 2.0 is current as of Mac OS X 10.4, and 2.0.1 is available for 10.4.2)*, and 2.0.4 is available when you upgrade Mac OS X 10.4 to 10.4.7 through 10.4.10. Safari is also available for 10.5.7, 10.4.11, Windows XP and Vista. Version 3.2.1 was available for 10.5.5. Version 3.0.4 was included with 10.4.11, and 10.5, 10.5.1, and 10.5.2.Go to Safari menu and select 'Report Bugs to Apple'
Download Netscape 9 for Mac OS X,Netscape 7.0.2 Mac PowerPC and other versions listed as Mac PowerPC are available for Mac OS 9AOL Developer page
Microsoft Internet Explorer is no longer available for download from Microsoft. A WINE version for Intel Macs offers some I.E. 7 compatibility.The Mac OS X version 5.2.3 is available from Majorgeeks. There are several stores which carry old Apple operating system disks which also included Internet Explorer for Mac OS X. If installing older operating system disks, be sure to observe the System Specific installation notes. The Mac OS X version of Internet Explorer was last preloaded on Mac OS X 10.3's Install Disk 2 as version 5.2.3. The included Internet Explorer for Mac OS 9 on restore disks and Mac OS 9 installer disks is version 5.0. Remember if installing Mac OS X, only an Archive and Install and Upgrade and Install will let you preserve applications from previous versions of Mac OS X on the hard disk. Otherwise, you'll need to either use the Install Additional Applications from the restore disks, or Charlessoft's Pacifist to extract the files from the installer packages to reretrieve Internet Explorer (if it wasn't backed up elsewhere). Macintosh Repository has the only known copies of version 5.1.7 for Mac OS 9.Microsoft product feedback page
Omnigroup's Omniweb for 10.4.8 to 10.9.5E-mail Omniweb support
OperaOpera for Mac OS 7 through 9Opera's Contact page
iCab - one of the few browsers that still has downloads going back to System 7.5 (you read that right, from 1995)Download page lists both Mac OS 9 and Mac OS X versionsE-mail iCab support
Mozilla can immitate other browsers with User-agent switcherClassila and Wamcom Mozilla for Mac OS 9Mozilla Bugzilla feedback page
Google ChromeGoogle Chrome Discussions
Camino (formerly known as Navigator)Camino Bugzilla feedback page
Firefox (formerly known as Firebird) can immitate other browsers with User-agent switcher. Its version 45.9 works well with Yahoo on 10.6.8PowerPC versionFirefox Bugzilla feedback page
Waterfox - Mac OS X 10.7.5 compatible Firefox, This tip was written on Apple Support Communities: 'It's October 2017 now, and I run the current version of Waterfox (55.2.2) on OS X 10.7.5. It's derived from Firefox, but is is less tardy than Firefox. I like that the Reader mode has speech output tied to OS X's voices and that it automatically chooses the correct language as well - if only it wouldn't crash sometimes for some reason... Important for Youtube: If Youtube videos don't play in Waterfox (giving you a playback error message) you will have to deactivate the Multiple Process feature in Waterfox's preference settings.'Contact info
Bumpercar - kids web browserBumpercar contact addresses
TenfourfoxSupport
BraveHelp Center
WannaBeContact info

You can run PC web browsers on the Mac if you use one of these Intel operating systems on the Mac solutions. Note however, any website which requires you use Internet Explorer for Windows is unlikely to be a very secure website, given the number of times such websites have been hacked.

Java Updates

Note: Java versioning may confuse some people when someone refers to Java 7, they really mean Java 1.7.x. Versions on Apple download site usually refer to the 1.x versioning.

Java version 7 has had a security flaw which is documented on my tip user tip on Apple's Support Communities. Apple explains the latest Java available for Mac OS X 10.4, and 10.5, at Article TS3489.
The latest Java exists for Mac OS X 10.6.8 and 10.7.3 and addresses some of the Flashback trojan issue. For the 10.6.8 download go to DL1516.
Java for 10.7.3 and later is supported by http://www.java.com/
The latest Java for 10.5.8 is http://support.apple.com/kb/DL1359
And for 10.7 go to Oracle's Java page. Apple has a guide to the latest Java updates on their Technote Database. Not all Javas are Mac compatible without Emulation or Virtualization as ActiveX was only developed for Windows, and is not a true Java. Any site that uses ActiveX should be criticized for not using an open standard of Java. Java support may be improved 10.2.3 combo or 10.2.4 through 10.2.6 combo updates, Java update for Mac OS X 10.3 to Java 1.4.1, Java update for 10.3.4 to 1.4.2, Java Update for 10.3.9, Java 2 Platform Standard Edition (J2SE) 5.0 release 1 for Tiger, Software Update search for latest Java updates
The Carbon Java Plugin, and Java Embedding Plugin are both different plugins which can be used to make certain Java sites more accessible in some Mac OS X web browsers. I would be careful not to run both at the same time.

Adobe has dropped all Flash support as of December 31, 2020. If you still have Flash on your computer, visit Adobe's website to download the uninstaller. If you find websites that still require it, please remind them that HTML5 has now supplanted Flash.

A similar problem to that which exists for web browsers, is that most e-mail programs don't have complete support for web browser standards. As a result, getting HTML e-mail can be problematic at best. There is an excellent site that discusses the issues of HTML e-mail at Birdhouse.org. Among them there are security, accessibility, and design elements which simply don't render the same way on all e-mails. If you receive HTML e-mails and have no option to receive text, I recommend contacting the company that sends such e-mails and ask for a link to the webpage which has those documents. Attachments are also problematic as my Mac OS X page reference discusses. It is better for any document being transmitted via e-mail that can't be represented by ASCII text to be saved to a website and referred to by a link in an e-mail, than attempts to render information in e-mail which can't be universally read.