HP was just a google search "FTP:// .PDF" result.

If you look at the screen shot, you will see the address is an LAN FTP.

I have duplicated this issue from my laptop to several FTP sites. 

This issue is not occurring on the 300 PCs which have not received the Version 54.0.2840.59 m UPDATE. Yet, it is occurring on the 230 that have. 

This is a Version 54.0.2840.59 m issue. Please advise

As the calls come in, I have resorted to remotely accessing each node to disable the built in Chrome viewer and set Chrome to automatically open downloaded PDF files with ADOBE DC PDF VIEWER. 

I would prefer to find a resolution before all 500+ nodes receive the Version 54.0.2840.59 m UPDATE.

Thanks,

Stephen

Try this link:

ftp://ftp.cc.gatech.edu/pub/gvu/tr/1999/99-22.pdf

perform the following google search and click any resulting link:

"ftp://"%22.pdf%22

I should clarify "Click on any resulting FTP:// link"

@SSchibe...

Now that I'm looking into it

1. Edge

2. Opera

3. Firefox

Not sure if FTP URLs are causing the issue or PDF files in general.

Deleted: 656956 -- IE.jpg 136 KB

	656956 -- IE.jpg 136 KB View Download

Deleted: 656956 - Opera.jpg 242 KB

	656956 - Opera.jpg 242 KB View Download

Deleted: 656956 -- FF.jpg 571 KB

	656956 -- FF.jpg 571 KB View Download

All nodes are still Windows 7 -64bit due to software/hardware requirements.

This could be why you cannot duplicate the issue.

Same on Google Drive: https://drive.google.com/file/d/0B5nH5Ydlz7YIOTluMmZ3ZTZIUk0/view?usp=sharing

Also opens from local PC.

@SSchibe I'm using Win 10 and I can duplicate the issue on Chrome & Chrome Canary (56.0.2894.0).

@tsrwe Thanks, hopefully someone will grab it soon.

ftp://ftp.cc.gatech.edu/pub/gvu/tr/1999/99-22.pdf
ftp://ftp.zyxel.com/ONU-6040BF-22/datasheet/ONU-6040BF-22_2.pdf
ftp://public.dhe.ibm.com/software/analytics/spss/documentation/amos/22.0/en/Manuals/IBM_SPSS_Amos_User_Guide.pdf

Yep, you're right. It consistently hangs on ftp://*/*.pdf

Unfortunately, no obvious regressor.

You are probably looking for a change made after 408647 (known good), but no later than 408659 (first known bad).
CHANGELOG URL:
  https://chromium.googlesource.com/chromium/src/+log/8d569f5901989954c0b39a83f16ebd36375e98b8..675757bdce38cba9d4cd4d619314734c2922b36b

Win64 bisect returns:

You are probably looking for a change made after 408652 (known good), but no later than 408660 (first known bad).
https://chromium.googlesource.com/chromium/src/+log/66b07a326160fed57046fbb454f424a302d4cc6b..0ef0ba7f069d3474c3b4aa7a7e9224d6f499da8f

Upon failing to load FTP-served PDF files, I see in the debug console:

"Refused to load plugin data from ftp://.../filename.pdf' because it violates the following Content Security Policy directive: "object-src * blob: externalfile: file: filesystem: data:".", source: chrome-extension://mhjfbmdgcfjbbpaeojofohoefgiehjai/pdf.js (203)

I don't see this message when files are successfully loaded over HTTP/HTTPS.

So I don't understand how this relates to the regression range, but the function bool CSPSourceList::matches looks wrong.

Specifically:

  // Wildcards match network schemes ('http', 'https', 'ws', 'wss'), and the
  // scheme of the protected resource:
  // https://w3c.github.io/webappsec-csp/#match-url-to-source-expression.  Other
  // schemes, including custom schemes, must be explicitly listed in a source
  // list.
  if (m_allowStar) {
    if (url.protocolIsInHTTPFamily() || url.protocolIs("ws") ||
        url.protocolIs("wss") || m_policy->protocolMatchesSelf(url))
      return true;

...

But if one looks at the CSP specification, "network scheme" is defined as "a scheme that is "ftp" or an HTTP(S) scheme."

So it looks like the CSP test is missing FTP.

I've confirmed that fixing the CSPSourceList function allows FTP-sourced downloads to render properly in the PDF viewer. Waiting for my CL to upload as the server is presently down.

Great to see! thanks for the quick troubleshoot. 

How long would it take to see the issue pushed through?

Regressions are traditionally P1; marked for M-56.

Also, which versions will be targeted for Regression backfixing?

Proposed fix: https://codereview.chromium.org/2425683006/

The regressing CL was checked in on July 29th in 54.0.2812.0 {408751} before getting reverted on August 3rd. Then it landed for good on August 9 {410913} https://chromium.googlesource.com/chromium/src/+/39d12f5665910578d2e18251a0225a7aebe6964b, initially in 54.0.2825.0.

In terms of scope, this bug blocks all FTP-sourced PDF documents because the PDF viewer uses a content-security policy of object-src: * and we incorrectly excluded FTP from matching *. The regression would also block any FTP-sourced content in a Content-Security-Policy directive from web content, although FTP subresources are likely pretty rare.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/79209ba0cefc48a9fdedf602658e84ddf9b8879b

commit 79209ba0cefc48a9fdedf602658e84ddf9b8879b
Author: elawrence <elawrence@chromium.org>
Date: Tue Oct 18 22:13:41 2016

Relax '*' in CSPSourceList to match the FTP protocol.

'*' should match 'ftp://whatever/file.pdf' because 'ftp' is a
network scheme under the CSP specification.

BUG= 656956 

Review-Url: https://codereview.chromium.org/2425683006
Cr-Commit-Position: refs/heads/master@{#426069}

[modify] https://crrev.com/79209ba0cefc48a9fdedf602658e84ddf9b8879b/third_party/WebKit/Source/core/frame/csp/CSPSourceList.cpp
[modify] https://crrev.com/79209ba0cefc48a9fdedf602658e84ddf9b8879b/third_party/WebKit/Source/core/frame/csp/CSPSourceListTest.cpp

Fixed in 56.0.2895.0

Let's take this for the next M54 stable as well.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/e6476b2adb81289ca8b3419c0c15d0a750ac3813

commit e6476b2adb81289ca8b3419c0c15d0a750ac3813
Author: Emily Stark <estark@google.com>
Date: Wed Oct 19 18:18:13 2016

Relax '*' in CSPSourceList to match the FTP protocol.

'*' should match 'ftp://whatever/file.pdf' because 'ftp' is a
network scheme under the CSP specification.

BUG= 656956 

Review-Url: https://codereview.chromium.org/2425683006
Cr-Commit-Position: refs/heads/master@{#426069}
(cherry picked from commit 79209ba0cefc48a9fdedf602658e84ddf9b8879b)

Review URL: https://codereview.chromium.org/2437803002 .

Cr-Commit-Position: refs/branch-heads/2840@{#759}
Cr-Branched-From: 1ae106dbab4bddd85132d5b75c670794311f4c57-refs/heads/master@{#414607}

[modify] https://crrev.com/e6476b2adb81289ca8b3419c0c15d0a750ac3813/third_party/WebKit/Source/core/frame/csp/CSPSourceList.cpp
[modify] https://crrev.com/e6476b2adb81289ca8b3419c0c15d0a750ac3813/third_party/WebKit/Source/core/frame/csp/CSPSourceListTest.cpp

Confirming that fix is works perfect in canary - 56.0.2895.0 (Official Build) canary (64-bit).

Confirmed FTP-served PDF files are not hanging .

URLs Tested
===========
ftp://ftp.cc.gatech.edu/pub/gvu/tr/1999/99-22.pdf
ftp://ftp.zyxel.com/ONU-6040BF-22/datasheet/ONU-6040BF-22_2.pdf
ftp://public.dhe.ibm.com/software/analytics/spss/documentation/amos/22.0/en/Manuals/IBM_SPSS_Amos_User_Guide.pdf

Note: We may need a merge in M55 also.

Approving merge to M55 branch 2883 based on comment #29. Please merge ASAP. Thank you.

Verified the merge on the latest M-54(54.0.2840.71) on Windows-10(32/64 bit PGO) with the PDF files listed in C#0 and C#29. This is working as intended.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/924cc037c66aec7d46ba2df1cbf17bfa938f6687

commit 924cc037c66aec7d46ba2df1cbf17bfa938f6687
Author: Emily Stark <estark@google.com>
Date: Thu Oct 20 16:54:25 2016

Relax '*' in CSPSourceList to match the FTP protocol.

'*' should match 'ftp://whatever/file.pdf' because 'ftp' is a
network scheme under the CSP specification.

BUG= 656956 

Review-Url: https://codereview.chromium.org/2425683006
Cr-Commit-Position: refs/heads/master@{#426069}
(cherry picked from commit 79209ba0cefc48a9fdedf602658e84ddf9b8879b)

Review URL: https://codereview.chromium.org/2436053002 .

Cr-Commit-Position: refs/branch-heads/2883@{#211}
Cr-Branched-From: 614d31daee2f61b0180df403a8ad43f20b9f6dd7-refs/heads/master@{#423768}

[modify] https://crrev.com/924cc037c66aec7d46ba2df1cbf17bfa938f6687/third_party/WebKit/Source/core/frame/csp/CSPSourceList.cpp
[modify] https://crrev.com/924cc037c66aec7d46ba2df1cbf17bfa938f6687/third_party/WebKit/Source/core/frame/csp/CSPSourceListTest.cpp

Good afternoon,

Yes, thank you for the very quick resolution of this issue! I have been following the thread as the issue was being worked on!

A little before noon CST this morning while remoting onto a user's PC to fix an unrelated issue, I noticed that Chrome was still on version  53.x.x.x. I allowed Chrome to update to the latest version and then tested the user's access to my FTP server. The PDF document loaded perfectly, as designed, using the built-in Chrome PDF viewer!

I appreciate the effort you and your team have made bringing this issue to final resolution. By finding and revising the oversight of the "FTP" in the code, you all have saved me valuable time and headache!

Thanks again and have a Great Weekend!

Sincerely,

Stephen Schiber 
Archdiocese of New Orleans 
School Food & Nutrition Services 
Director of IT Operations

Tested the same on latest beta #55.0.2883.28 Windows-10(32/64 bit PGO) with the PDF files listed in C#0 and C#29 - Fix works as expected

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/924cc037c66aec7d46ba2df1cbf17bfa938f6687

commit 924cc037c66aec7d46ba2df1cbf17bfa938f6687
Author: Emily Stark <estark@google.com>
Date: Thu Oct 20 16:54:25 2016

Relax '*' in CSPSourceList to match the FTP protocol.

'*' should match 'ftp://whatever/file.pdf' because 'ftp' is a
network scheme under the CSP specification.

BUG= 656956 

Review-Url: https://codereview.chromium.org/2425683006
Cr-Commit-Position: refs/heads/master@{#426069}
(cherry picked from commit 79209ba0cefc48a9fdedf602658e84ddf9b8879b)

Review URL: https://codereview.chromium.org/2436053002 .

Cr-Commit-Position: refs/branch-heads/2883@{#211}
Cr-Branched-From: 614d31daee2f61b0180df403a8ad43f20b9f6dd7-refs/heads/master@{#423768}

[modify] https://crrev.com/924cc037c66aec7d46ba2df1cbf17bfa938f6687/third_party/WebKit/Source/core/frame/csp/CSPSourceList.cpp
[modify] https://crrev.com/924cc037c66aec7d46ba2df1cbf17bfa938f6687/third_party/WebKit/Source/core/frame/csp/CSPSourceListTest.cpp

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/e6476b2adb81289ca8b3419c0c15d0a750ac3813

commit e6476b2adb81289ca8b3419c0c15d0a750ac3813
Author: Emily Stark <estark@google.com>
Date: Wed Oct 19 18:18:13 2016

Relax '*' in CSPSourceList to match the FTP protocol.

'*' should match 'ftp://whatever/file.pdf' because 'ftp' is a
network scheme under the CSP specification.

BUG= 656956 

Review-Url: https://codereview.chromium.org/2425683006
Cr-Commit-Position: refs/heads/master@{#426069}
(cherry picked from commit 79209ba0cefc48a9fdedf602658e84ddf9b8879b)

Review URL: https://codereview.chromium.org/2437803002 .

Cr-Commit-Position: refs/branch-heads/2840@{#759}
Cr-Branched-From: 1ae106dbab4bddd85132d5b75c670794311f4c57-refs/heads/master@{#414607}

[modify] https://crrev.com/e6476b2adb81289ca8b3419c0c15d0a750ac3813/third_party/WebKit/Source/core/frame/csp/CSPSourceList.cpp
[modify] https://crrev.com/e6476b2adb81289ca8b3419c0c15d0a750ac3813/third_party/WebKit/Source/core/frame/csp/CSPSourceListTest.cpp

I filed  bug 694845  for adding an automated regression test for this bug so it does not happen again.