New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 828120 link

Starred by 1 user
Status: Duplicate
Merged: issue 811440
Owner: ----
Closed: Apr 2018
Cc:
krajshree@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Windows , Mac
Pri: 2
Type: Bug-Regression



Sign in to add a comment

Error parsing header X-XSS-Protection when accessing YouTube

Reported by guscorre...@gmail.com, Apr 2 2018 
UserAgent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36

Example URL:
https://www.youtube.com/

Steps to reproduce the problem:
1. Open chrome
2. Go to https://www.youtube.com/
3. Fails to load

What is the expected behavior?
YouTube home page opens.

What went wrong?
Message: 

Error parsing header X-XSS-Protection: 1; mode=block; report=https://www.google.com/appserve/security-bugs/log/youtube: insecure reporting URL for secure page at character position 22. The default protections will be applied.

Did this work before? Yes Previous chrome version

Chrome version: 65.0.3325.181  Channel: stable
OS Version: 6.1 (Windows 7, Windows Server 2008 R2)
Flash Version:

Comment 1 by viswa.karala@chromium.org, Apr 3 2018

Labels: Needs-Bisect Needs-Triage-M65

Comment 2 by krajshree@chromium.org, Apr 3 2018

Cc: krajshree@chromium.org
Labels: Triaged-ET Needs-Feedback
Unable to reproduce the issue on Win-7 and Win-10 using chrome reported version #65.0.3325.181 and latest canary #67.0.3386.0.

Following are the steps followed to reproduce the issue.
------------
1. Opened chrome
2. Navigated to https://www.youtube.com/
3. The youtube site loaded without any issues.

guscorrea96@ - Could you please check the issue on latest canary #67.0.3386.0 by creating a new profile without any apps and extensions and please let us know if the issue still persist or not.

Thanks...!!

Comment 3 by guscorre...@gmail.com, Apr 3 2018 

Hi,

The issue doesnt appear in incognito mode and works fine in canary #67.0.3386.0. However, the  65.0.3325.181 build is still not working. Im attaching a screenshoot for reference.
error.png
262 KB View Download
Project Member

Comment 4 by sheriffbot@chromium.org, Apr 3 2018

Labels: -Needs-Feedback
Thank you for providing more feedback. Adding the requester to the cc list.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Comment 5 by krajshree@chromium.org, Apr 4 2018

Labels: -Needs-Bisect M-65 FoundIn-65 OS-Linux OS-Mac
Status: Untriaged (was: Unconfirmed)
Able to reproduce the issue on win-10, mac 10.13.3 and ubuntu 14.04 using chrome reported version #65.0.3325.181 but the same is not reproducible on latest beta #66.0.3359.66 and latest canary #67.0.3387.0.

There will be no more stable refreshes in M-65 and stable build will be moving to M-66 tentatively within 2-3 weeks.

guscorrea96@ - Could you please check the issue using latest beta #66.0.3359.66 and please let us know if the issue got fixed in M-66.
The latest chrome builds can be downloaded from the below URL:
https://www.chromium.org/getting-involved/dev-channel

Thanks...!!

Comment 6 by guscorre...@gmail.com, Apr 8 2018 

Youtube and chrome are working fine now. I think we can close this issue.

Comment 7 by mmenke@chromium.org, Apr 11 2018

Components: -Internals>Network Blink>SecurityFeature
Relevant code is at https://cs.chromium.org/chromium/src/third_party/blink/renderer/core/html/parser/xss_auditor.cc?l=428.  Not a network stack issue, though I'm not sure what is the right SecurityFeature sublabel for this.

Comment 8 by andypaicu@chromium.org, Apr 12 2018

Mergedinto: 811440
Status: Duplicate (was: Untriaged)
I think this is caused by the same change as  issue 811440  and has been fixed by that fix.

Sign in to add a comment