****Bulk Edit****

Setting as P1 for test team to prioritize in triaging.

Please follow the instructions at https://dev.chromium.org/for-testers/providing-network-details and attach a network log of the problem.

Here are the logs you requested.

Deleted: net-internals-log (1).json 510 KB

net-internals-log (1).json 510 KB View Download

The problem here is that Chrome failed to download your PAC script (http://localhost:3128/ra/proxy.pac), so it defaulted to using DIRECT connections. Loading pages over DIRECT connections does not appear to be supported in your network environment.

The fetch of the PAC script failed with ERR_CONTENT_LENGTH_MISMATCH, whereas when using --winhttp-proxy-resolver it lets the windows library fetch the PAC script, which is more permissive in accepting this malformed response.

ERR_CONTENT_LENGTH_MISMATCH means that the "Content-Length" header value did not match the size of the body the server returned before closing the connection. This either indicates a buggy server implementation, or a truncated network response.

In this case it looks like it was an off-by-one error -- the server advertised a content-length of 17125 however only returned 17124 bytes before closing the connection

In general I would say Chrome is working as intended here (being lax and accepting truncated scripts has its own perils), and your focus should be on updating the server to return valid HTTP.

Can you tell me more about the server you are using? If this is a particularly popular server offering we could entertain the possibility of relaxing the constraints.

Oh also: Thanks for the log file!

We are using Symantec Smart Connect proxy service, which is installed on 600 laptops at our company. 

We block all direct requests to the internet so internet requests are forced through the proxy.

Is there a tweak we could do other than --winhttp-proxy-resolver that we could push to our clients via GPO? Right now there is no good way to push that target command to all laptop clients. 

Can you file a bug with the vendor of the PAC script server product, and point them to this bug thread for details? If there is a link to the bug please also cross post it here, thanks!

That should be the best route to getting this resolved, as it should be a simple fix on their server product.


As far as a tweak you can push to GPO for now, I am not aware of an existing one that would help here.

There are a variety of proxy settings you can push:
https://www.chromium.org/administrators/policy-list-3

And certainly if you can describe your proxy settings declaratively with that mechanism, that may be a solution for you. However based on the fact that PAC was being used in the first place, and the size of that HTTP response, I am going to guess that the PAC script is not easily translatable to such a declarative format.

Network bug triager here.   Friendly ping, can you respond to comment #8?

Note for future triagers: I'm in the process of trying to get someone at Symantec to take a look at this bug.  Please don't close this bug without checking with me as to the status of that effort.

I have failed in my attempt to file a bug against Symantec from outside of their customer base.  blehman...: Any chance you'd be willing to push on this from your side?  I understand that once you have a workaround your care factor around this issue is low, but think of all the other people in your position you'd be helping!

blehman86: Please reopen if you can provide the info from comment #8