Disable web security does not work (even using user-data-dir switch) OR user is not able to login
Reported by
gilpe...@gmail.com,
May 5 2018
|
|||||||
Issue descriptionUserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36 Steps to reproduce the problem: 1. Install a fresh copy of the latest release of chrome in Windows 10 (or other version, I think this happen with any other version) 2. Dont open the browser, try opening it using the command below: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --disable-web-security --disable-popup-blocking --allow-running-insecure-content --user-data-dir OR "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --disable-web-security --disable-popup-blocking --allow-running-insecure-content --user-data-dir="C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default" 3. After the browser window opens try to login inside the browser. You will see the login screen will open but nothing happens, it's impossible to type/login. 4) Now if you close the browser and open it normally (without any flags) you can login. So go ahead and login; 5) After you login close the browser and open it again using the same line of code I posted above (any of them). 6) You will see that you will be already loged in (of course) but "disable-web-security" is not working (despite the warning message). I know it's not working cause if I open a website A and do window.open to website B then I cant access the content of B from the A. Till the version of 3 months ago (That I've been using before updating) this bug never happened. What is the expected behavior? The expected behaviour is: the user should be able to login and to use the flag disable-web-security. What went wrong? The user cant login and even with the warning saying the disable web security is enabled, it is not working. Did this work before? N/A Chrome version: 66.0.3359.139 Channel: stable OS Version: 10.0 Flash Version: I am not a beginner and this bug didnt happen up to the version of 3 months ago of chrome.
,
May 7 2018
,
May 7 2018
"Labels: Needs-Triage-M66" Do you need anything from me?
,
May 10 2018
Unable to reproduce this issue on reported version 66.0.3359.139 using Windows 10 with steps mentioned below.
1. Launched chrome with chrome.exe" --disable-web-security --disable-popup-blocking --allow-running-insecure-content --user-data-dir , tried signing into chrome but sign in overlay keeps on loading -- unable to sign in
2. Closed and opened browser normally and signed in
3. Again launched chrome with above flag, opened web store and in devtools console typed window.open("https://www.amazon.com") and new tab with amazon.com opened successfully. Attaching screencast for reference.
@Reporter: Please check the screencast and let us know if we miss anything. Any further information on reproducing the issue would help in further triaging.
Thanks!
,
May 10 2018
@sindhu.chelamcherla@chromium.org I sincerally dont understand how you said you "cant reproduce this bug"! I watched your screencast and right at the beginning the BUG HAPPENS! You launched chrome and tried to sign in, and the sign in screen never loads! That's is the bug. I cant sign in on my chrome and you proved that you couldnt too. Put your video at 0:25 and you will see you cant login. I am not even talking about the other bug that I reported related to disable-web-security not working, let's just first clear out this bug related to the sign in, ok? I was ready to record my screen but you did it so nicely and you proved the bug happened. Sorry if I am saying something wrong but in my understanding your video shows exactly what I reported, right?
,
May 10 2018
Thank you for providing more feedback. Adding the requester to the cc list. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
May 11 2018
Able to reproduce the issue on Windows 10, mac 10.13.3 and Ubuntu 17.10 using chrome reported version #66.0.3359.139 and latest canary #68.0.3426.0. Bisect Information: ===================== Good build: 62.0.3194.0 Bad Build : 62.0.3196.0 Change Log URL: https://chromium.googlesource.com/chromium/src/+log/455d1ae8ef19dc07d06bee90b4552b7d78a8df04..eef5607b471f955590278d5e44762c5206272caa From the above change log suspecting below change Change-Id: If0ade80cfd233384f4b74923148b2d79eb4b41d6 Reviewed-on: https://chromium-review.googlesource.com/609317 pdr@ - Could you please check whether this is caused with respect to your change, if not please help us in assigning it to the right owner. Thanks...!!
,
May 11 2018
Can you try bisecting again? I think this is very unlikely to be my change. The core issue may even be server-side.
,
May 11 2018
My friends, is there a "universal" or "standard" test to check wheter "--disable-web-security" is working? Usually I do this: I open a website that has jQuery loaded and try to open a window with another URL and try to access it. Something like this: 1) acess https://www.sitepor500.com.br (which has jQuery enabled with the latest most uniersal version which is the 1.x.x not the 2.x.x and nor the 3.x.x); 2) then I press F12 (to open dev tools) 3) go to the CONSOLE tab 4) then I execute this code below janela = window.open("https://www.google.com.br"); 5) then I wait the window to be opened and come back to the opener tab (the one with the jquery code available) and try to do this: $(janela.window.document) If the browser returns an error it means --disable-web-security is not doing it's job. Is there any other easier way to do this?
,
Jul 14
Replaying to OP, this seems to work for me: 1. Go to any fiddle, e.g: https://jsfiddle.net/westonruter/6mSuK/ 2. Try to access the frame that runs our code: document.getElementsByTagName('iframe')[0].contentWindow.document 3. Get error: VM944:1 Uncaught DOMException: Blocked a frame with origin "https://jsfiddle.net" from accessing a cross-origin frame. at <anonymous>:1:57 (anonymous) @ VM944:1
,
Jul 14
@asfalt...@gmail.com I didnt understand what you said at the beginning. You say the bug happens for you or the bug is not happening?
,
Aug 14
,
Nov 6
Has there been any activity on this bug? It's causing an issue for us in a legacy in-house application that unfortunately requires us to access cross-origin frames.
,
Nov 6
The workaround is to download an old version of Chrome as a portable app : https://sourceforge.net/projects/portableapps/files/Google%20Chrome%20Portable/ (version 66.0.3359.181 still works). It's the one I use when I'm developing... |
|||||||
►
Sign in to add a comment |
|||||||
Comment 1 by susan.boorgula@chromium.org
, May 6 2018