Issue metadata
Sign in to add a comment
|
Error parsing header X-XSS-Protection when accessing YouTube
Reported by
guscorre...@gmail.com,
Apr 2 2018
|
||||||||||||||||||||||||
Issue descriptionUserAgent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36 Example URL: https://www.youtube.com/ Steps to reproduce the problem: 1. Open chrome 2. Go to https://www.youtube.com/ 3. Fails to load What is the expected behavior? YouTube home page opens. What went wrong? Message: Error parsing header X-XSS-Protection: 1; mode=block; report=https://www.google.com/appserve/security-bugs/log/youtube: insecure reporting URL for secure page at character position 22. The default protections will be applied. Did this work before? Yes Previous chrome version Chrome version: 65.0.3325.181 Channel: stable OS Version: 6.1 (Windows 7, Windows Server 2008 R2) Flash Version:
,
Apr 3 2018
Unable to reproduce the issue on Win-7 and Win-10 using chrome reported version #65.0.3325.181 and latest canary #67.0.3386.0. Following are the steps followed to reproduce the issue. ------------ 1. Opened chrome 2. Navigated to https://www.youtube.com/ 3. The youtube site loaded without any issues. guscorrea96@ - Could you please check the issue on latest canary #67.0.3386.0 by creating a new profile without any apps and extensions and please let us know if the issue still persist or not. Thanks...!!
,
Apr 3 2018
Hi, The issue doesnt appear in incognito mode and works fine in canary #67.0.3386.0. However, the 65.0.3325.181 build is still not working. Im attaching a screenshoot for reference.
,
Apr 3 2018
Thank you for providing more feedback. Adding the requester to the cc list. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Apr 4 2018
Able to reproduce the issue on win-10, mac 10.13.3 and ubuntu 14.04 using chrome reported version #65.0.3325.181 but the same is not reproducible on latest beta #66.0.3359.66 and latest canary #67.0.3387.0. There will be no more stable refreshes in M-65 and stable build will be moving to M-66 tentatively within 2-3 weeks. guscorrea96@ - Could you please check the issue using latest beta #66.0.3359.66 and please let us know if the issue got fixed in M-66. The latest chrome builds can be downloaded from the below URL: https://www.chromium.org/getting-involved/dev-channel Thanks...!!
,
Apr 8 2018
Youtube and chrome are working fine now. I think we can close this issue.
,
Apr 11 2018
Relevant code is at https://cs.chromium.org/chromium/src/third_party/blink/renderer/core/html/parser/xss_auditor.cc?l=428. Not a network stack issue, though I'm not sure what is the right SecurityFeature sublabel for this.
,
Apr 12 2018
I think this is caused by the same change as issue 811440 and has been fixed by that fix. |
|||||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||||
Comment 1 by viswa.karala@chromium.org
, Apr 3 2018