I have a strange issue, we are running a asp.net core razor app.
There are no issues logging into Firefox or Edge.
But rather randomly, we have an issue in Chrome that we can't figure out.
(Random as in, it has occurred on user's machines randomly before and now it is occurring on a lot of machines, but still not all of them)
The issue is that it seems that our "auth-token" cookie is not being set.
To me, it seems that the error is with this line which runs after a successful username and password, but before a redirect.
...
Response.Cookies.Append("auth-token", inToken, option);
...
There is no error, but a line that runs almost immediately after falls over
public async Task Invoke(HttpContext context)
{
var name = "auth-token";
var cookie = context.Request.Cookies[name]; //THIS LINE DOESN'T HAVE THE COOKIE CALLED "auth-token" IN CHROME
...
}
We have tried:
Incognito Chrome/Clearing Cache/Cookies in Chrome
Restarting Machine
Uninstalling and Reinstalling chrome
Installing old versions of Chrome (chromium)
Running an old version of our code (which previously worked on chrome)
There doesn't seem to be a clear cause for when this issue occurs.
I would love to figure out why this is happening or if possible any information on how I could capture what is happening.
Thank you!
After many hours researching it seems I have finally fixed my issue.
By setting the following in our cookie
SameSite = SameSiteMode.Lax
or
SameSite = SameSiteMode.Strict
Our Chrome issues have been fixed
I was reading about Google Chrome's "SameSite" cookie options.
https://www.chromium.org/updates/same-site
Originally I thought this was unrelated as SameSite has been forced in Chrome for quite a wile now, and it has never bothered our code. But I still tried setting:
SameSite = SameSiteMode.None
To no changes
After bringing this up to my boss he informed me that he noticed an old warning that appeared in the chrome console for <1 second.
'A cookie associated with a resource at ... was set with
'SameSite=None' but without 'Secure'. It has been blocked....'
(Note: This was before I tried messing around with SameSite Options at all and was part of some code to fix a Safari bug)
So naturally we managed to capture the error with a quick screenshot and then we added in the SameSite option with Strict.
So I while it works for me now it still doesn't explain;
Why didn't it break earlier, we have been using versions of chrome with it for several months
Why does it still not break if I run an old version of the code with .net 2.1 (without any SameSite Options adjusted)
Why does our new version of the code without the adjusted SameSite option still work on some user's machines
Related
So I have been testing a website using Selenium, specifically a page with a credit card form embedded in an iframe. I want to access the content of said iframe but due to CORS I get the error message:
Uncaught DOMException: Blocked a frame with origin "<url>" from accessing a cross-origin frame.
I made a quick google search and realized you can bypass CORS using the "--disable-web-security" flag, so my code now looks like the following:
options = webdriver.ChromeOptions()
options.add_argument("--disable-web-security")
self.driver = webdriver.Chrome(os.getenv("CHROME_DRIVER"), options=options)
Surprisingly, the CORS exception keeps on popping and I'm currently stuck on how to go from here. I really do have to access the iframe's content, there isn't a workaround for this.
Since I was confused as to why this didn't work, I replicated the problem with another website, in this case Amazon, which functions similarly (credit card form embedded in an iframe). I ran the code with web security enabled and I get the same CORS error, as expected. But then I disable web security, exactly as mentioned before, and it works! I can now access the iframe.
I also downgraded to an older version of Chrome (86) from the current most stable (88) and nothing happens again. I'm using Ubuntu 20.04.
So now I'm wondering - why isn't the flag working for the first scenario I mentioned? Is there a chance the first website is forcing the browser's web security or something related? I'm not an expert in web development so any input on this would be valuable.
Turns out, all I needed was to add --disable-site-isolation-trials and a non-empty --user-data-dir along with --disable-web-security as stated here
For me, adding these flags to my Chrome launcher fixed my CORS issues:
--disable-web-security --user-data-dir=~/chromeTemp
Pls note, this only turns warnings off, this is definitely not a CORS solution
I get the NET::ERR_CERT_INVALID message for every single site. On the screenshot I'm at support.google.com, and it still says the connection is invalid.
I have tried typing the thisisunsafe code, but it only unlocks the current page, and whenever I go to another it gives the same error message.
Also, other browsers, like Safari or Brave works perfectly at the same time. (firefox gives the same message tho)
Happened to me and what fixed it was turing off Avast One Web Shield.
I suggest turning off all VPNs and web antivirus and checking if pages that were previously problematic start working again. If they do then you have pin pointed the problem. Otherwise it is worth checking your chrome version is up to date.
We have a site that is not working in Google Chrome V44. It works well in IE and Firefox. All of sudden after updating chrome browser to V44, we unable to login to the system and just receiving this problem.
We're trying to figure out as why this is happening. We have 2 instances of our system in our server. Our live site is the one that is not working in Chrome V44 while the other - our demo site is fine. The only difference of the these sites is that our live has SSL. So our first impression is that there's a problem with Chrome V44 with our site with certificate.
I think Chrome can't establish secure connection with the site.
Has anyone experienced this issue?
Please help. Thanks.
This is due to a SSL in Chrome V44 where it incorrectly sends a HTTP_HTTPS header to be set, however the HTTPS header is still set correctly. It has been quite widely reported: http://www.zdnet.com/article/brand-new-chrome-44-release-added-a-bug/
https://ma.ttias.be/chrome-44-sending-https-header-by-mistake-breaking-web-applications-everywhere/
In order to stop this, in PHP, I added the following to the very top of my index.php file:
<?php
if (!isset($_SERVER['HTTPS'])) {
$_SERVER['HTTP_HTTPS'] = 0;
}
?>
Ensuring there is no space between the ?> and the next
I've recently had the chrome redirect loop on gmail.
Possibly significantly, I was doing some work involving changing my system time and it hasn't worked since. This guide helped to do that.
There is an available work-around, which is to use gmail in incognito mode, which does still work, although requires you to log in each time
In that case I would say this is an internal problem with you organization's setup. I would speak with your SysAdmin or IT staff. But just to be sure, use your phone carrier's internet, or a cafe nearby, basically something off your network to check if you can reproduce the error.
The issue with my MVC solution was, i had recently updated complete Nuget packages in my solution. After the update i forgot to update
<assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
<dependentAssembly>
section with new dll bindings which installed while update. So in my hosting server due to connectionstring issue, i was not overwriting the current .config file. So once i did the update in assemblyBinding section in .config file the issue gone.
There might be many reasons for the redirect loop. If you are confident your setup is done properly without any errors, then it might be the issue with your browser. You can try the following
Deleting cache and cookies
Correcting your system time (if it is not set to automatic)
Resetting the browser
Source
You should be able to fix this problem, you can try to clear your cookies in your browser
Open your Chrome browser.
Type "chrome://settings/clearBrowserData" in the address bar and press Enter.
Make sure you are clearing items from the Beginning of time. Then select Cookies and other site data. Click the Clear browsing data button.
If find from google search, this tutorial could helps you https://windows10freeapps.com/fix-err_too_many_redirects-error-google-chrome-browser
We have a page that uses html5 geolocation, which seemed to stop working early this morning for desktop users of Firefox and Google Chrome, but IE9 still seems to work. If I am on a wireless laptop/device it works fine. If I go to a desktop computer using ethernet, and try with Firefox or Google Chrome, it will ask me if I want to allow the browser to share my location, and I click Yes, the browser doesn't to anything. If I do the same thing with IE9, it locates me fine. This was working fine yesterday, and seems to have stopped working around 1:00 AM EST. Any ideas or suggestions?
thanks!
This appears to be an issue with the latest version of Chrome (33.0.1750.154 m). It started happening to me as well.
Here's the documented issue. Scroll down to the latest entries.
Today (18 minutes ago)
Yesterday geolocation on Chrome Version 33.0.1750.152 was working fine. Now, navigator.geolocation.getCurrentPosition( successCallback, errorCallback ) is always triggering errorCallback when running on localhost. Getting the following error: PositionError {message: "Network location provider at 'https://www.googleapis.com/' : Returned error code 404.", code: 2, PERMISSION_DENIED: 1, POSITION_UNAVAILABLE: 2, TIMEOUT: 3}.
The cause is that, to enhance user privacy, Google Chrome and most other browsers now require SSL/TLS (https://, not http://) with at least a self-signed certificate before they will allow getCurrentPosition or watchCurrentPosition to return any results. No error visible to the user is generated if unencrypted http:// is used — it just returns empty results (some browsers may indicate a “Blocked” error in the JavaScript Debugging Console, but that’s only visible in the Developer Tools). Chrome was one of the first to do this, but now nearly all modern browsers do likewise.
Install a free GetEncrypt certificate (or full certificate if desirable for uses such as eCommerce) on your server and force SSL on at least that page, and it should work. Self-signed can be used for test purposes only and will generate a browser security alert that must be bypassed.
I've been working on a set of web development projects over the last few months, and have encountered the following problem: no matter what I do, every browser I have caches every page I load, which makes it impossible to know if an edit hasn't worked or if I'm viewing a cached version. I've tried Google Chrome, in Incognito Mode and with the Developer Tools open. I've tried Mozilla Firefox, gone into about:config and disabled every single kind of caching I could find. I've tried Safari Private Mode. I've cleared my cache several times on each browser. I've tried adding headers that should prevent caching. I've tried appending a random number to the URL so the URL changes every time I open the page; I am still getting cached versions of the page somehow. Does anyone have any tips, in any of these browsers, to make the constant caching of pages stop? I'm running Mac OS X Mavericks, if that helps.
Are you using MAMP?
This happened to me, and had to do with a newer version of MAMP.
In your MAMP Dir go to : /bin/php/php5.5.3/conf/php.ini
And comment the Opcahe lines:
[OPcache]
;zend_extension="/Applications/MAMP/bin/php/php5.5.3/lib/php/extensions/no-debug-non-zts-20121212/opcache.so"
; opcache.memory_consumption=128
; opcache.interned_strings_buffer=8
; opcache.max_accelerated_files=4000
; opcache.revalidate_freq=60
; opcache.fast_shutdown=1
; opcache.enable_cli=1
Original answer by #coding-addicted here