Issue 637623 link

Starred by 2 users

Issue metadata

Status:	Archived
Owner:	----
Closed:	Aug 21
Components:	UI
EstimatedDays:	----
NextAction:	----
OS:	Windows
Pri:	2
Type:	Bug
Via-Wizard Arch-x86_64 M-54

Pressing and holding F5 on a website causes the browser to DoS that site

Reported by runem...@gmail.com, Aug 14 2016

Issue description

UserAgent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.57 Safari/537.36

Steps to reproduce the problem:
1. Go to https://github.com/
2. Press and hold F5 for a few seconds
3. Get the GitHub rate limit message

What is the expected behavior?
Holding down F5 for too long should only refresh the page once, and re-refresh only when the button is let go and pressed again, or at least wait for the page to be fully loaded before refreshing again.

That way, a stuck F5 button won't get the user blocked from a website.

What went wrong?
When F5 was pressed, the website refreshed. After having fully reloaded, keeping F5 pressed caused it to start refreshing tens of times per second, spamming the server with HTTP requests.

Did this work before? N/A 

Chrome version: 53.0.2785.57  Channel: beta
OS Version: 6.3
Flash Version: Shockwave Flash 22.0 r0

Comment 1 by tkonch...@chromium.org, Aug 16 2016

Labels: M-54
Status: Untriaged (was: Unconfirmed)

Able to reproduce the issue on win8.1 chrome version 53.0.2785.57 and canary 54.0.2830.0 -  GitHub rate limit message is displayed

This can be seen from M30 builds

Firefox behavior: Page loads and no rate limit page displayed.

@dev, Could you please confirm if this is the expected behavior

	637623.png 85.6 KB View Download

Comment 2 by runem...@gmail.com, Nov 18 2016

This seems to be fixed in the latest version of chrome which has the new UI.

Comment 3 by mich...@phoenixproductions.org.uk, Dec 9 2016

I've just been able to reproduce these same steps on Version 54.0.2840.100 (64-bit) under Ubuntu.

When you say fixed in the latest version, what is version is that meaning exactly? or is that still an unreleased one.

Comment 4 by runem...@gmail.com, Dec 11 2016

I'm using Version 55.0.2883.87 m (64-bit) on Windows.

Comment 5 by robliao@chromium.org, Aug 21

Status: Archived (was: Untriaged)

Archiving old bugs that haven't been actively assigned in over a year.

If you feel this issue should still be addressed, feel free to reopen it or to file a new issue. Thanks!

Comment 6 by robliao@chromium.org, Aug 21

Archiving old bugs that haven't been actively assigned in over a year.

If you feel this issue should still be addressed, feel free to reopen it or to file a new issue. Thanks!

Comment 7 by robliao@chromium.org, Aug 21

Archiving old bugs that haven't been actively assigned in over a year.

If you feel this issue should still be addressed, feel free to reopen it or to file a new issue. Thanks!

►

Issue 637623 link

Issue metadata

Pressing and holding F5 on a website causes the browser to DoS that site

Issue description

Comment 1 by tkonch...@chromium.org, Aug 16 2016

Comment 1 Deleted

Comment 2 by runem...@gmail.com, Nov 18 2016

Comment 2 Deleted

Comment 3 by mich...@phoenixproductions.org.uk, Dec 9 2016

Comment 3 Deleted

Comment 4 by runem...@gmail.com, Dec 11 2016

Comment 4 Deleted

Comment 5 by robliao@chromium.org, Aug 21

Comment 5 Deleted

Comment 6 by robliao@chromium.org, Aug 21

Comment 6 Deleted

Comment 7 by robliao@chromium.org, Aug 21

Comment 7 Deleted

Sign in to add a comment