my company's website is experiencing problems with Chrome when users use POST actions (forms and XHR) over https. In most cases the response never arrives. The app server logs the responses as 200, though.
The problem never occurs with local (non-https) instances, and I can only reproduce it with certain settings (typically access from inside firewalled networks).
Did that problem occur to anybody else ? Maybe Chrome has problems with SSL handshakes over such firewalled settings ?
Edit:
The problem could be solved by updating lighttpd to the latest version.
The problem could be solved by updating lighttpd to the latest version.
Related
The development on chrome has become harder and harder, my react application on localhost is not working because its been hosted on http://localhost:3000. It works in Firefox
I know chrome is getting smart and preventing from loading insecure content by changing to https, but that's painful for testing in localhost
I know we can fix this by disabling some feature in chrome://flags/, can someone tell me which one is it and can I just do it for localhost. Chrome version Version 79.0.3945.130
The flag to check is allow-insecure-localhost.
Check out this answer also: https://superuser.com/questions/772762/how-can-i-disable-security-checks-for-localhost
Edit: You're using the wrong tag as it's not a React related question, also as I'm reading again the question it's unclear if your problem is that you're being redirected from http to https, or you're having some CORS related problem or something else.
We're having some issues on some machines related with ssl when connecting to our sites through https. sometimes, some of the users get the err_ssl_protocol_error when they try to load one of the sites. now, the weird thing is that hitting f5 solves the issue and the page that was returning the ssl error gets miraculous loaded. we've already tried most online suggestions (checking date and time, cleaning the browser/ssl cache, etc).
we have changed the ssl certificate recently (a month ago), but the issues have only started now. btw, all our requests go through our firewall (forti adc) which is responsible for enforcing the https to all our clients.
any clues on why we're getting this error?
edit: adding more info
sites are hosted in iis (windows server 2016)
our firewall is running forti adc
the requests go through a load balancer before hitting firewall
the firewall has the wildcard certificate used for ssl (all. sites)
sites are built with aspnet
it only happens on some pcs, and only with chrome (Firefox is working without any problems)
edit 2: More info from wireshark
So, I've used wireshark to capture the traffic and when I get the ERR_SSL_PROTOCOL_ERROR on chrome, I've noticed that wireshark is showing me an alert with a decrypt error in response to the server hello message:
Any clues on what's going on here?
After lots of digging and testing, it seems like there's an issue with openssl and ECDHE algorithms. Changing the algorithm to a non ECDHE seems to have solved the issue for our chrome users...
Normal js code (no service worker, but the app has a manifest with an empty service worker).
A simple timeout to an ajax call that's the code.
I close all chrome tabs, I close the process in task manager, no more chrome processes and yet I still get requests on my server. This happens locally and on the server, I know this because I can see the cookies sent and for which user id is needed.
Also I know that chrome is running the code because there is a date in the request and is updated as it go.
Triple checked that chrome is closed on all users and all processed in task manager.
Is not a coincidence because at this moment I have 2 different users (different chrome profiles) doing this. Also in my dev server there are a lot of users with the same behaviour.
I'm also not sure is chrome, but has to be, node.js alone can't change the time of the request.
Win 10 and Chrome Version 60.0.3112.90 (Official Build) (64-bit)
Terrible and I don't know what to do...
if I restart my node.js server all the requests stops.
Was my mistake! As I have server side rendering (with react) I forgot that the timeout was also run on the server side. The fix was to don't run any timeouts on the server side.
Thanks anyway for the answers. I was concerned how chrome was still running my js code even shut down, made no sense at all!
For the last few months we've has a client site working fine over HTTPS and HTTP, however as of a week or two ago we've had intermittent reports of it failing in Google Chrome.
As of last week I also got the issue, which is Chrome claiming ERR_EMPTY_RESPONSE to all requests sent through HTTPS.
This isn't replicated in any other browsers and the Security tab of the inspector declares the certificate valid and all page resources secure.
Anyone got some suggestions? I'm at a loss as to what to do, it feels like it might be a browser bug itself...
[Originally provided by a user called #daFlame, but it then got deleted within a few hours?]
The issue is caused by Chrome struggling with the cipher suites cPanel uses by default. CPanel are aware of the issue, and I've reported a ticket to Chrome.
CPanel's work around can be found here, but I'll provide a summary:
Go to WHM >> Service Configuration >> Apache Configuration >> Global Configuration
Then find the value SSL Cipher Suite and change it from the default to:
ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS`
Once Apache is rebuilt, the errors stop.
Our system uses an AWS Elastic Load Balancer.
We are encountering a maddening issue where our HTML video tags are failing to play randomly. I can't reliably reproduce the issue unless I bypass the ELB, which makes me suspect it, naturally.
I've verified that the same files are on both of our IIS servers, and I have verified that the MIME types are the same on both.
The video files are H.264 MP4s, but they will sometimes work, so I don't think it has anything to do with Chrome's support of the codec.
Anybody have an idea on what I can do, or where to look next?
This is a session issue on the AWS ELB. Enable the Sticky Sessions on the ELB and this issue will be resolved. Here is the developers guide.
http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/elb-sticky-sessions.html
I would enable full logging on both IIS and the ELBs, and carefully check the access logs on each to confirm.
You would expect to see a 200 http response code on the ELB and the IIS server for each request made. Check for any requests that result in a 400 or 500 error. You need to pair each individual request from the ELB to the IIS server and review.
See Monitor Your Load Balancer Using Elastic Load Balancing Access Logs