New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 781904 link

Starred by 2 users
Status: Duplicate
Merged: issue 726302
Owner:
yhirano@chromium.org
Closed: Nov 2017
Cc:
elawrence@chromium.org
tyoshino@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Android , Windows , Chrome , Mac
Pri: 2
Type: Bug-Security



Sign in to add a comment

Security: Code in fetch().catch() block executes even after reload or navigation

Reported by a...@brainfood.com, Nov 6 2017 
Version 60.0.3112.78 (Official Build) (64-bit)
OS: Debian Linux(jessie/stretch)

A page-reload event causes any outstanding UPLOAD requests to send an error event.  The error event then runs in a nebulous state, where the javascript context has been partially deconstructed(no console.log output), but you can see it still running via network requests that continue to show up in the debugger network panel.

This bug requires a CORS configured server that allows for large(1M) POSTs.
bug-test.html
2.4 KB View Download

Comment 1 by a...@brainfood.com, Nov 6 2017 

Interesting gotcha.  If you try to do these steps, *without* using a real server name(in place of the $server)), then the bug actually happens much more simply.  I get an error, name not resolved, and after the reload, the code continues to run.

This bug does *not* happen when the file is local, accessed via file:.  Only if it's on a remote server.

So, now I don't even need an example server to connect to.  Place the attached file on *any* remote server.  Start the loop(by clicking, but the loop could be started automatically), then hit reload/ctrl-r.

Comment 2 by a...@brainfood.com, Nov 6 2017 

I was going to attach an example express-based server, but then noticed it wasn't even needed.

Comment 3 by elawrence@chromium.org, Nov 8 2017

Components: Blink>JavaScript
Labels: Needs-Feedback
Interesting. Are you able to replicate this issue in a current version of Chrome (e.g. Chrome 62+)?

Comment 4 by hablich@chromium.org, Nov 8 2017

Components: -Blink>JavaScript Blink
I don't think this is V8-related. To me it sounds like this is something the embedder (blink) should handle.

Comment 5 by a...@brainfood.com, Nov 8 2017 

I just upgraded a windows machine to: Version 62.0.3202.89 (Official Build) (64-bit)

My debian system has over 100 tabs(in various windows), so upgrading that is difficult(I'm in the middle of website development).

The bug still occurs in 62, on windows, and 60, on linux.
Project Member

Comment 6 by sheriffbot@chromium.org, Nov 8 2017

Cc: elawrence@chromium.org
Labels: -Needs-Feedback
Thank you for providing more feedback. Adding requester "elawrence@chromium.org" to the cc list and removing "Needs-Feedback" label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Comment 7 by a...@brainfood.com, Nov 8 2017 

Firefox 45 does not have this problem.  A reload stops the the background code.

Comment 8 by elawrence@chromium.org, Nov 8 2017

Components: Blink>Network>FetchAPI
Status: Untriaged (was: Unconfirmed)
Summary: Security: Code in fetch().catch() block executes even after reload or navigation (was: Security: code continues running after a page reload)
In reproducing this, I find that the requests continue if I reload the page or perform a same-origin navigation. However, if I navigate to a foreign page (either on a different host, or about:blank), the background requests stop. 

Have you found a way to keep the requests going when that's not the case? If not, then the security implications of this seem especially mild (since the current page in the domain could simply continue issuing the requests directly).

Comment 9 by est...@chromium.org, Nov 8 2017

Labels: M-64 Security_Severity-Low Security_Impact-Stable OS-Android OS-Chrome OS-Linux OS-Mac OS-Windows Pri-3
Owner: tyoshino@chromium.org
Status: Assigned (was: Untriaged)
Tentatively triaging as low severity, though it's not clear to me that there are meaningful security implications. tyoshino, could you please take a look and see if you can suggest an appropriate owner?

Comment 10 by a...@brainfood.com, Nov 9 2017 

I can confirm that browsing from my test server seems to stop the background.  I was also trying to make a setInterval(busyLoop) thing, but I have to switch back to real work for end-of-day.  I can try poking a bit more tomorrow, but this does appear limited to $currentDomain.

Comment 11 by kochi@chromium.org, Nov 9 2017

Components: -Blink

Comment 12 by tyoshino@chromium.org, Nov 9 2017

Cc: tyoshino@chromium.org
Owner: yhirano@chromium.org
Yutaka, could you please take a look?

Comment 13 by yhirano@chromium.org, Nov 9 2017 

Is this dup of  issue 726302 ?

Comment 14 by elawrence@chromium.org, Nov 9 2017 

RE #13: Yes, it looks like a duplicate to me.
Project Member

Comment 15 by sheriffbot@chromium.org, Nov 9 2017

Labels: -Pri-3 Pri-2

Comment 16 by yhirano@chromium.org, Nov 10 2017

Mergedinto: 726302
Status: Duplicate (was: Assigned)
Project Member

Comment 17 by sheriffbot@chromium.org, Feb 16 2018

Labels: -Restrict-View-SecurityTeam allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment