[Solved] 404 Not Found Error with a Strict-origin-when-cross-origin policy

1 Answer 29 Views
Security
Trena
Top achievements
Rank 1
Iron
Iron
Iron
Trena asked on 16 Jun 2026, 06:41 PM

Hi,

Following an audit by our vulnerability risk management unit, we received a report detailing several security vulnerabilities and the necessary steps for mitigation. The recommended actions include:

Enforcing HTTPS across all paths at the application tier, ARR/IIS edge, and load balancer.

Implementing HSTS on all HTTPS responses once HTTPS readiness is confirmed.

Configuring all session, authentication, and anti-forgery cookies with the "Secure" attribute and eliminating duplicate ASP.NET_SessionId issuance.

While the updated solution functions correctly on my local machine, I have encountered multiple issues after deploying to the test web server and installing URL Rewrite.

When accessing and logging into the application via IIS Manager, the application opens but the formatting is incorrect (Screenshot 1); however, when I attempt to login through the URL from my local machine it simply redirects back to the login page. The developer tools indicate a "404 Not Found" error with a "strict-origin-when-cross-origin" policy for the following resources:https://kendo.cdn.telerik.com/2024.4.1112/kendo.all.min.js (Screenshot 2) and

https://kendo.cdn.telerik.com/2024.4.1112/kendo.aspnetmvc.min.js (Screenshot 3).

 

How do I resolve this issue?  Is the issue in my config file (Screenshot 4) or the URL Rewrite module?

 

I am including screenshots of the issues.

 

Thanks,

 

Trena


 

1 Answer, 1 is accepted

Sort by
0
Viktor Tachev
Telerik team
answered on 19 Jun 2026, 08:18 AM

Hi Trena,

Thank you for reaching out and for providing the detailed information.

I reviewed both the screenshots and the web.config settings, and based on what I can see, the 404 error does not appear to be related to the configuration shown in the screenshot.

The configuration you shared modifies the Set-Cookie header and therefore affects only cookie-related behavior. A 404 response, on the other hand, indicates that the requested resource could not be found or accessed.

After examining the network responses in your screenshots, it appears that the URLs used to request the JavaScript files are incorrect. The expected URLs should be:

https://kendo.cdn.telerik.com/2024.4.1112/js/kendo.all.min.js
https://kendo.cdn.telerik.com/2024.4.1112/js/kendo.aspnetmvc.min.js

Please verify that the script references in the application match the URLs above and let me know how the behavior changes.

Regarding the strict-origin-when-cross-origin value, this is the default Referrer-Policy used by modern browsers. It determines how much referrer information is included when making requests to other origins. This setting is unrelated to cookie flags, URL rewrite rules, or the 404 error itself. It is expected to appear in the browser's Network tab for all requests, regardless of whether the request succeeds or fails.

Let me know if you have additional questions.

Regards,
Viktor Tachev
Progress Telerik

Love the Telerik and Kendo UI products and believe more people should try them? Invite a fellow developer to become a Progress customer and each of you can get a $50 Amazon gift voucher.

Trena
Top achievements
Rank 1
Iron
Iron
Iron
commented on 24 Jun 2026, 12:36 PM | edited

Thanks!  Yes, I noticed that the day after I sent the message.

However, I am still having the same issue on my test webserver.  The error went away but, the grids are not formatted properly.

Can you tell me if these are compatible?

    <link href="https://kendo.cdn.telerik.com/themes/12.2.3/bootstrap/bootstrap-main.css" rel="stylesheet" type="text/css" />

    <script src="https://code.jquery.com/jquery-3.7.1.min.js"></script>

    <script src="https://kendo.cdn.telerik.com/2024.4.1112/js/kendo.all.min.js"></script>
    <script src="https://kendo.cdn.telerik.com/2024.4.1112/js/kendo.aspnetmvc.min.js"></script>

    <script src="@Url.Content("~/Scripts/bootstrap.min.js")"></script>

I think my issue may have something to do with these scripts.

Thanks for your assistance!  It is always greatly appreciated and helpful!

Best regards,

Trena

 

 

 

 

 

 

Viktor Tachev
Telerik team
commented on 25 Jun 2026, 08:38 AM

Based on the referenced scripts the theme that is used is version 12.2.3 and Kendo components are version 2024.4.1112. These two versions are not compatible and using them together will likely produce unexpected results. 

If the Kendo version in the application is 2024.4.1112 the compatible themes version is 10.0.1. You can find a table with the compatible themes and components versions:

https://www.telerik.com/aspnet-mvc/documentation/styles-and-layout/sass-themes/compatibility

 

Trena
Top achievements
Rank 1
Iron
Iron
Iron
commented on 01 Jul 2026, 03:55 PM

Thanks.

After looking at the solution I noticed the Kendo version is 2025.2.520 and I changed the scripts.  This is what I am referencing now:

   <link href="https://kendo.cdn.telerik.com/themes/11.0.2/bootstrap/bootstrap-main.css" rel="stylesheet" type="text/css" />

  <script src="https://code.jquery.com/jquery-3.7.1.min.js"></script>
  <script src="https://kendo.cdn.telerik.com/2025.2.520/js/kendo.all.min.js"></script>
  <script src="https://kendo.cdn.telerik.com/2025.2.520/js/kendo.aspnetmvc.min.js"></script>

However, I am still getting the same results that are in the screenshot.  I have had this issue before and when I changed the scripts it worked.  Also, it looks fine when I run the solution from my local machine but, the issue is with my test webserver.

Is there something else I could be missing?

Thanks,

Trena

 

 

Viktor Tachev
Telerik team
commented on 03 Jul 2026, 11:23 AM

Hi Trena,

Based on the screenshot, it appears that the Kendo UI theme styles may not have been loaded correctly.

Could you please open the browser's Developer Tools (by pressing F12) and check the Console tab for any errors? If there are any messages related to missing resources or failed stylesheet requests, please share them with us.

Additionally, please verify the CSS references in your application and ensure that the correct Kendo UI theme stylesheet is being loaded and there are no other styles. 

In case the behavior persists please send us a sample where the issue is replicated. This will enable us to examine the behavior and look for its cause.

Trena
Top achievements
Rank 1
Iron
Iron
Iron
commented on 06 Jul 2026, 07:21 PM

Hi Viktor,

Attached are snapshots of the errors I am receving in the Console tab.

Also I am not sure where you would like me to send a sample.

Thanks,

Trena

Tags
Security
Asked by
Trena
Top achievements
Rank 1
Iron
Iron
Iron
Answers by
Viktor Tachev
Telerik team
Share this question
or