Issue metadata
Sign in to add a comment
|
TLS client certificate dialog popups storm for cached sites (without cached images)
Reported by
ka.gema...@gmail.com,
Dec 6 2017
|
||||||||||||||||||||||
Issue descriptionSteps to reproduce the problem: 1.Browse a website that requires a TLS client certificate and serves images with 'cache-control:public, max-age=0'. 2. Close Chrome, re-open it and browse-back to the web site. 3. A storm of TLS client dialog popups arises, requesting to choose and select one certifcate. 4. Selecting a valid certificate doesn't discard other TLS client dialogs which have to be selected as well. (Or simply close Chrome). What is the expected behavior? Only one TLS client dialog should popup, and not as many dialogs as there are HTTP requests requiring a TLS authentication for non-cache assets. What went wrong? Seems to be related to non-cached images when re-browsing (cached, but partially) TLS authenticated sites. There seems to be as many TLS client dialogs popups as there are non-cached images on the website. This does not happen on Chrome Desktop Linux. Did this work before? Yes Unclear, perhaps 2 months ago Does this work in other browsers? Yes Chrome version: 63.0.3239.71 Channel: beta OS Version: 6.0.1 Flash Version: In my case, it happens in a dev environment where images are not cached. On the prod environment, images are served to be cached, and that popups storm doesn't happen. Also, the website uses WSS connection (with that TLS client also) with RX/JS WebsocketSubject http://reactivex.io/rxjs/file/es6/observable/dom/WebSocketSubject.js.html#lineNumber40 that I'm using with a 1 second delay reconnection policy (using 'retryWhen'). I don't believe that the popups storm comes from the WSS auto-reconnection every second, but from HTTP requests for non-cached images.
,
Dec 7 2017
@ka.gemayel -- Thanks for reporting this issue. Could you please provide the sample URL where this issue can be reproduced. That would help us in further triaging the issue. Thanks in advance.
,
Dec 7 2017
Those are private servers I can't give access to, which are running webapps written with Ionic, with an Express server behind nginx. TLS client authentication is handled by nginx. I'll post some code sample and the nginx config in the next days, hoping I can reproduce the bug with simple code. Cheers.
,
Dec 7 2017
Thank you for providing more feedback. Adding requester "pnangunoori@chromium.org" to the cc list and removing "Needs-Feedback" label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Dec 8 2017
Thanks. Hopefully that should help us in further triaging the issue.
,
Dec 8 2017
rsleevi: is this expected behavior?
,
Dec 8 2017
Still needs the feedback requested in Comment #4, but if the Cache headers are such that they require revalidation at the time of relaunch, then yes, it's WAI as a result of Android platform limitations.
,
Dec 8 2017
Please also provide a NetLog per these instructions: https://dev.chromium.org/for-testers/providing-network-details On desktop, we actually deduplicate the client certificate requests by hostname, since they'll ultimately go into the SSLClientAuthCache anyway. We probably can do something similar for Android (issue #624495).
,
Dec 18 2017
Have you had an opportunity to provide additional details, as per Comment #7/#8?
,
Jan 8 2018
Closing due to lack of feedback for one month.
,
Jan 19 2018
Hi, I'm very sorry for the late reply. Actually, I'm in the middle of refactoring and porting a code server from JS to TS in the meantime. It takes lots of time, specially typing, and I've been procrastinating to do the task you asked. It requires to set up an Ops environment, write a new web app sample, test on the device and gather some logs, and for now the context switch cost is too high (I'm of the focus-type). BTW, I've noticed new odds behaviours with TLS popups, but there's no obvious regular pattern, sometimes those popups storms happen, sometimes not. Could you plz accept a later feedback ? Cheers |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by msrchandra@chromium.org
, Dec 7 2017