Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Some requests are returning a CORB error for responses containing text content type #1653

Closed
MSNev opened this issue Sep 1, 2021 · 6 comments
Closed

Some requests are returning a CORB error for responses containing text content type #1653

MSNev opened this issue Sep 1, 2021 · 6 comments
Assignees
@MSNev
Labels
released - NPM
Milestone
2.7.0

Comments

@MSNev
Copy link
Collaborator

MSNev commented Sep 1, 2021

Need to investigate why the server is returning a CORB error for the response from the sendBeacon code.
@MSNev MSNev self-assigned this Sep 1, 2021
@MSNev MSNev added the investigating Investigating the issue label Sep 1, 2021
@MSNev MSNev mentioned this issue Sep 1, 2021
Open
@MSNev
Copy link
Collaborator Author

MSNev commented Sep 1, 2021

Split this out from the discussion occurring in #1595

@MSNev
Copy link
Collaborator Author

MSNev commented Sep 2, 2021

I have found a few related bugs, but have not been able to reproduce with chrome v93.

And in the release notes for v93 I am seeing the following, which seems to suggest that it was a bug in chrome (that is now fixed)

Only apply CORB to no-cors requests (stop applying to CORS requests).

OOR-CORS is now secure against malicious renderers (e.g. the CL
description of https://crrev.com/c/2917236 and
https://crrev.com/c/2925752). This means that CORS doesn't need to
depend on CORB as a defense-in-depth. Because of this, we can restrict
CORB to no-cors requests.

In particular, after this CL:

  1. CORB will no longer inspect the Access-Control-Allow-Origin
    response header and will only apply to no-cors requests.

  2. CORB will no longer inspect the Cross-Origin-Read-Policy (CORP)
    response header:

    • The CORP-based CORB-opt-in heuristic is no longer needed for CORS
      requests
    • CORP already applies to no-cors requests (independently from
      CORB).

Fixed: 953315
Change-Id: I12c79f9708a67ce341ac1d8366ae4a6c498fc83a
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2985760
Auto-Submit: Łukasz Anforowicz lukasza@chromium.org
Reviewed-by: Karan Bhatia karandeepb@chromium.org
Reviewed-by: Charlie Reis creis@chromium.org
Reviewed-by: Matt Menke mmenke@chromium.org
Commit-Queue: Łukasz Anforowicz lukasza@chromium.org
Cr-Commit-Position: refs/heads/master@{#897555}

@MSNev
Copy link
Collaborator Author

MSNev commented Sep 2, 2021

Hmm, after manually installing Chrome v92 I can now readily reproduce even when going back to Chrome v93 -- still investigating

@MSNev
Copy link
Collaborator Author

MSNev commented Sep 2, 2021
edited
Loading

Confirmed: This only occurs for the sendBeacon() commands and it appear to be because the browser doesn't get a the response (so it's empty) and as per the details on the chrome site this warning can be ignored

MSNev added a commit that referenced this issue Sep 4, 2021
@MSNev
Some requests are returning a CORB error for responses containing tex…
d94cf21 
…t content type #1653

- Use fetch with keepalive support during unload by default (Main CORB fix)
- Fix fetch usage to stop tracking the track call
- Minification and minor performance improvements
MSNev added a commit that referenced this issue Sep 4, 2021
@MSNev
Some requests are returning a CORB error for responses containing tex…
5630378 
…t content type #1653

- Use fetch with keepalive support during unload by default (Main CORB fix)
- Fix fetch usage to stop tracking the track call
- Minification and minor performance improvements
@MSNev MSNev added this to the 2.7.0 milestone Sep 7, 2021
@MSNev MSNev removed the investigating Investigating the issue label Sep 7, 2021
MSNev added a commit that referenced this issue Sep 8, 2021
@MSNev
Some requests are returning a CORB error for responses containing tex…
fcef0e0 
…t content type #1653 (#1658)

- Use fetch with keepalive support during unload by default (Main CORB fix)
- Fix fetch usage to stop tracking the track call
- Minification and minor performance improvements
@MSNev MSNev added fixed - waiting release PR Committed and waiting deployment released - NPM waiting - CDN deployment and removed fixed - waiting release PR Committed and waiting deployment waiting - CDN deployment labels Sep 8, 2021
@MSNev
Copy link
Collaborator Author

MSNev commented Sep 13, 2021

v2.7.0 is not fully deployed to NPM and all CDN endpoints

@MSNev MSNev closed this as completed Sep 13, 2021
@github-actions
Copy link

This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Sep 14, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@MSNev MSNev

Labels
released - NPM
Projects
None yet
Milestone
2.7.0
Development

No branches or pull requests
1 participant
@MSNev