Issue metadata
Sign in to add a comment
|
chase.com site is broken missing Referer on CSS requests |
||||||||||||||||||||||
Issue descriptionChrome Version: (copy from chrome://version) OS: Win10 What steps will reproduce the problem? (1) Visit chase.com (2) (3) What is the expected result? loads correctly What happens instead? loads wrongly Please use labels and text to provide additional information. For graphics-related bugs, please copy/paste the contents of the about:gpu page at the end of this report. I have bisected this to You are probably looking for a change made after 460343 (known good), but no later than 460344 (first known bad). CHANGELOG URL: The script might not always return single CL as suspect as some perf builds might get missing due to failure. https://chromium.googlesource.com/chromium/src/+log/88d07c763d35621da2c62b9f18822109bbd7a261..57c4423dceffc997459ae34640abdfc1f067cc2e https://codereview.chromium.org/2780533002 -> jochen
,
Apr 7 2017
The site fails the download request if the request for the CSS file does not specify the proper referer header. GET https://www.chase.com/c/032417/etc/designs/chase-ux/css/blue-ui.min.css 504 Fiddler - Receive Failure (text/html) GET https://www.chase.com/c/032417/etc/designs/chase-ux/css/site.min.css 504 Fiddler - Receive Failure (text/html)
,
Apr 7 2017
Both stylesheets are referenced directly in the HTML:
<link rel="stylesheet" href="/c/032417/etc/designs/chase-ux/css/blue-ui.min.css" type="text/css">
<link rel="stylesheet" href="/c/032417/etc/designs/chase-ux/css/site.min.css" type="text/css">
Loading my site (https://bayden.com) which uses nothing special, I see that my .CSS download also no longer sends a referer on the request for the CSS file.
,
Apr 7 2017
Removing the change to PreloadRequest.cpp: - m_resourceType == Resource::CSSStyleSheet - ? m_baseURL.strippedForUseAsReferrer() - : ...resolves the regression. In the failure scenario, logging m_baseURL.getString() returns "<null>". The preloader apparently uses a "speculative" base URL (m_predictedBaseElementURL) for CSS requests?
,
Apr 10 2017
thanks for the report and the detailed analysis. Fix is here: https://codereview.chromium.org/2808663003
,
Apr 10 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/b4c4f2c525c4bc3e1494291cb8b83ebbb298c050 commit b4c4f2c525c4bc3e1494291cb8b83ebbb298c050 Author: jochen <jochen@chromium.org> Date: Mon Apr 10 14:48:41 2017 Explicitly tell the preload request where to take the referrer from BUG= 709625 R=estark@chromium.org,yoav@yoav.ws Review-Url: https://codereview.chromium.org/2808663003 Cr-Commit-Position: refs/heads/master@{#463264} [modify] https://crrev.com/b4c4f2c525c4bc3e1494291cb8b83ebbb298c050/third_party/WebKit/Source/core/html/parser/CSSPreloadScanner.cpp [modify] https://crrev.com/b4c4f2c525c4bc3e1494291cb8b83ebbb298c050/third_party/WebKit/Source/core/html/parser/HTMLPreloadScanner.cpp [modify] https://crrev.com/b4c4f2c525c4bc3e1494291cb8b83ebbb298c050/third_party/WebKit/Source/core/html/parser/HTMLPreloadScannerTest.cpp [modify] https://crrev.com/b4c4f2c525c4bc3e1494291cb8b83ebbb298c050/third_party/WebKit/Source/core/html/parser/HTMLResourcePreloaderTest.cpp [modify] https://crrev.com/b4c4f2c525c4bc3e1494291cb8b83ebbb298c050/third_party/WebKit/Source/core/html/parser/PreloadRequest.cpp [modify] https://crrev.com/b4c4f2c525c4bc3e1494291cb8b83ebbb298c050/third_party/WebKit/Source/core/html/parser/PreloadRequest.h
,
Apr 10 2017
,
Apr 11 2017
,
Apr 18 2017
Tested the issue on Mac 10.12.4,Windows 7 & Ubuntu 14.04 using chrome version# 59.0.3071.9. Observed that "chase.com" site loaded successfully without any issue.Hence adding TE-Verified labels. Please find the attached screen cast for the same. Thanks!! |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by wfh@chromium.org
, Apr 7 2017Labels: Security