Issue metadata
Sign in to add a comment
|
Nonsense errors messages in frame when resubmitting form data
Reported by
teo8...@gmail.com,
Apr 4 2018
|
||||||||||||||||||||||
Issue descriptionUserAgent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36 Example URL: Steps to reproduce the problem: The easiest way to reproduce this (that I know of) is to use the admincp control panel of an vBulletin 3.7-based forum. I have no time to build an example from scratch and I don't have one that is public accessible. I think the explanation is detailed enough, I know it is quite a lot of work to go and reproduce this but hey, it's your job after all. 1. Navigate to a webpage at https://somedomain.com/somepath that has a self-signed https certificate 2. Go to advanced -> proceed at your own risk 3. Click a link that loads some content from the SAME domain into a frame, for example there's a link to https://somedomain.com/otherpath that is lodaed into a frame within the URL at step 1 which is still visible in the address bar. This content contains a POST-method form (whose "action" is still under the same domain) 4. submit the form with some data. The response is shown as expected within the frame. 5. I don't remember if there's some javascript taking care of pushing the urls (loaded into the frame) into the history or if that comes out-of-the-box when you click a link whose target is a frame 6. Now hit the BACK button What is the expected behavior? Should behave EXACTLY THE SAME as if you do this with a domain that has a proper https certificate, or that works with plain HTTP. That is, when you hit the back button you should get the warning "This webpage requires data that you entered earlier [...] You can send this data again, but [...]" And now if you do right-click->"reload frame", then the POST request should be resent with the data and the response loaded into the frame. Also, if you don't reload and you hit the Back button again, you should be able to go back one step further in the history, and if this was a GET request, this should reload without any issue. All this within the frame (the url on the address bar always remains the same). This IS the actual behavior when I do this on an identical site that has a proper https certificate or with plain http (these are test, development and live copies of the same site so they are identical except for the domain and the https certificates). The fact that I am over https with a self signed certificate is completely irrelevant because I already accepted to go ahead, and the domain of the Even if there was an actual issue or an actual need to explicitly protect me from loading self-signed https within the frame as opposed to within the main document (which there isn't), then you should show me the "back to safety / go on at your own risk" warning in the frame from the beginning, not at some random time when I try to go back to a page that requires to resend a POST request. What went wrong? At step 6, a sad face appears in the frame, and if I move the mouse over it, I see this warning (which by the way should be visible from the beginning, not just when moving the mouse): "This webpage requires data that you entered earlier in order to be properly displayed. You can send this data again, but by doing so you will repeat any action this page previously performed." And so far this is expected. But then, I right-click and choose "reload frame". At this time, instead of re-sending the POST request with the data and loading the response in the frame (as it DOES when on http or properly secured https), it shows this vague, nonsense and basically bullshit error message (again, intermittently depending on where I move the mouse, pathetic): "The webpage at https://somedomain.com/otherpath might be temporarily down or it may have moved permanently to a new web address. This keep showing up if I try to reload or go further back. Additionally, if in the other frame I click any other link that has the affected frame as a target, which would usually load just fine (no reloading involved, no POST requests involved), I now systematically get the nonsense error. And then, if I go to the omnibox and try to load the main initial url from step1 from scratch, I get the HTTPS warning again, which usually you shouldn't get once you have "proceeded at your own risk" once, until you close the browser. Then starting from that, all goes back to functioning normally, until I try to repeat steps 2-6, at which point I encounter the issue again. Did this work before? Yes until very recently Chrome version: 65.0.3325.181 Channel: stable OS Version: Flash Version:
,
Apr 5 2018
Unable to reproduce the issue on ubuntu 17.10 using chrome reported version #65.0.3325.181. Attached a screen cast for reference. Following are the steps followed to reproduce the issue. ------------ 1. Navigated to a webpage at https://www.cacert.org/ that has a self-signed https certificate 2. Go to advanced -> proceed at your own risk 3. Clicked a link that loads some content from the SAME domain into a frame 4. Submited the form with some data. The response is shown as expected within the frame. 5. right-click->reload frame and observed a warning "This webpage requires data that you entered earlier in order to be properly displayed. You can send this data again, but by doing so you will repeat any action this page previously performed." 6. Hit the BACK button and got the connection not private webpage and did not observe any error as The webpage at https://www.cacert.org/ might be temporarily down or it may have moved permanently to a new web address. teo8976@ - Could you please check the attached screen cast and please let us know if anything missed from our end. Also if possible please provide a sample webpage at https://somedomain.com/somepath that has a self-signed https certificate. This will help us in triaging the issue further. Thanks...!!
,
Apr 5 2018
Thank you for providing more feedback. Adding the requester to the cc list. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Apr 5 2018
> 4. Submited the form with some data. The response is shown > as expected within the frame I don't think it's shown in the frame > 5. right-click->reload frame No, you clicked "Reload", and there's no "reload frame", which reveals that there is no frame where you are right-clicking, and since you do get the resend-data alert, it means that response from the POST request was not loaded within the frame but in the main document.
,
Apr 5 2018
Actually I just tried to sign up at that page and there are no frames whatsoever
,
Apr 6 2018
teo8976@ - Could you please provide a sample webpage/url to test the issue from TE-end. This will help us in triaging the issue further. Thanks...!!
,
Apr 6 2018
I know, unfortunately as I said I don't have one that I can share, nor the time to recreate one.
,
Apr 6 2018
Thank you for providing more feedback. Adding the requester to the cc list. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Apr 9 2018
As per comment #8, removing the Needs-Bisect label as there is no sufficient repro url/webpage to test the issue from TE-end. Thanks...!!
,
Apr 11 2018
Tentatively labeling this a certificate issue, given that this seems to be related to the self-signed cert error, though suppose it could be navigation-related. Could you please provide a chrome://net-export log? Instructions: https://dev.chromium.org/for-testers/providing-network-details
,
Apr 11 2018
,
Apr 11 2018
(will try to provide that) I have also observed a buggy behavior that is almost surely related and that doesn't involve frames. - I go to a website with self-signed certificate, and agree to proceed at my own risk - I follow a link and go to a page that has a form - I submit it (the response page shows a confirmation and has a javascript that redirects me elsewhere) - I hit Back and get the resubmit-data warning - I hit Refresh again ** NO FRAMES INVOLVED IN THIS CASE ** Expected: should just resend the POST request Observed: it shows the privacy error (as if I was landing on the website for the first time) Additionally, when I select "Advanced" and "proceed at your own risk", the request that is sent does not contain all the data. I can't check exactly what's wrong with the request re-sent, because if I open the Developer Tools and look at the requests, there is a long-known bug that will send a GET request anyway.
,
Apr 11 2018
Thank you for providing more feedback. Adding the requester to the cc list. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Apr 26 2018
@reporter: Could you please provide a net log with steps mentioned in comment#11
,
May 17 2018
Please feel free to open a new bug if you can provide the requested information.
,
May 17 2018
Look, I'll provide the requested information when and if I have the time to, but in the meantime this bug should stay open. There's enough information for the developers to build a test case from scratch if anybody were willing to do their job. I understand that it would make their life easier if I provided a netlog but I don't have to. There is clearly a bug, and plenty of detailed information in this report to reproduce and investigate it. I may or may not have the time to help you, but you shouldn't depend on it. Also, opening a new bug would be just stupid. Reopen this one. |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by viswa.karala@chromium.org
, Apr 5 2018