New issue
Advanced search Search tips

Issue 798497 link

Starred by 3 users
Status: Available
Owner: ----
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Windows , Mac
Pri: 3
Type: Bug



Sign in to add a comment

"Did you mean" infobar shows on all single-word searches due to weird ISP behavior

Project Member Reported by mge...@chromium.org, Jan 2 2018 
Last week I encountered a network where the infobar shows up on all single-word searches. GET requests to URLs like "http://search/" (or any other word) go to a spammy search page run by the ISP. The normal detection for this behavior doesn't work on this network because on HEAD requests, instead of the search page, the response is a 301 redirect to "http://localhost/" which results in ERR_CONNECTION_REFUSED. (Not relevant to the bug, but interesting: it also does that if you send it a GET request with a User-Agent string from curl or a few popular languages' HTTP libraries. It sends the search page for User-Agent strings from more obscure HTTP libraries and all browsers I tried.)

I have a net-export log and some more notes if you need more info, but I'm back home now so I probably can't do more debugging beyond what I already checked.

It looks like the cause of this is that ChromeOmniboxNavigationObserver and IntranetRedirectDetector treat a redirect followed by a network error differently. ChromeOmniboxNavigationObserver doesn't follow the redirect, so it treats it as an existing page. IntranetRedirectDetector treats it as a network error and doesn't look at whether a redirect happened.

As I understand it, IntranetRedirectDetector is only used for this feature, so changing it to treat a redirect followed by a network error as a redirect wouldn't break anything I can think of. But I know this area is full of edge cases.

Comment 1 by pkasting@chromium.org, Jan 2 2018 

I'm not sure the proposed solution works, because the two classes are looking at different things.  ChromeOmniboxNavigationObserver merely needs to know whether the target exists in some form.  IntranetRedirectDetector wants to know where requests are being directed to so it can see if disparate requests go to the same place.  Thus it doesn't just care about "a redirect happened so this exists" but "where did it go".

For IntranetRedirectDetector to stop on the first redirect, it would need to treat the target of the redirect as the destination.  This in turn would mean it would detect as "bad ISPs" all cases where Chrome starts up in a captive portal or has some sort of proxy or extension redirecting traffic.  (This has been a problem for ChromeOmniboxNavigationObserver too.)

There are a few things I can think of to deal with this:

* Change from HEAD to GET.  While servers are supposed to send the same headers in response to both, this is not the only case where they don't (though it's the first one that looks intentional/malicious to me).  We may burn more bandwidth this way, though since the IntranetRedirectDetector requests garbage hostnames, that's probably rare.

* Provide users some sort of way of telling Chrome they're on a bad ISP.  The couple UI treatments I can think of for this wouldn't be used very much or work very well, though, so it's probably not worth doing.

Comment 2 by mpear...@chromium.org, Jan 5 2018 

A third option:

Currently the code does:
  // If any two fetches result in the same domain/host, we set the redirect
  // origin to that; otherwise we set it to nothing.
but it restricts this analysis only to successful fetches.

What's the harm in looking at the file URL attempted to be fetched and seeing if those final URLs are the same domain/host?

Comment 3 by pkasting@chromium.org, Jan 5 2018 

Failed fetches that all get sent to a central location may be some legit "no site for this intranet host" handling?

Comment 4 by mpear...@chromium.org, Jan 5 2018 

Isn't that effectively the same thing as what the intranet redirect detector is trying to catch?  Some "no site for this intranet host" handling (in typical case showing search results at the same time)...

Comment 5 by pkasting@chromium.org, Jan 5 2018 

Hmm.  I guess the assumption is that a failed load won't trigger the infobar.  But as noted elsewhere, a redirect to something that fails _will_ trigger the infobar.  That is, maybe the original proposed solution is the right one after all, because it keeps the two classes in sync.  Though maybe doing GET instead of HEAD is also a good change.

Comment 6 by tommycli@chromium.org, Jan 22 2018

Status: Available (was: Untriaged)

Comment 7 by zac.spit...@gmail.com, Jul 20 

showing suggestions for localhost seems a bit risky
localhost suggestions.jpg
11.6 KB View Download

Sign in to add a comment