Captcha is not visible when referrer - no-referrer
Reported by
mveer.ja...@gmail.com,
Aug 27
|
||||||||
Issue descriptionUserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36 Steps to reproduce the problem: 1. Apply referrer - no referrer in web.config of a web project 2. Get the ASP.net captch from Package Package details - id="CaptchaMvc.Mvc4" version="1.5.0" targetFramework="net45" What is the expected behavior? Captcha should visible What went wrong? Captcha is not visible Did this work before? N/A Chrome version: 68.0.3440.106 Channel: stable OS Version: 10.0 Flash Version: visible on IE/EDGE/Safari. We are having a forgot password page with captcha information on it.
,
Aug 27
Looks like a network bug, not a devtools bug.
,
Aug 27
I suspect this is an issue with the ASP.net captcha server, however if you can attach a net-internals as described at https://dev.chromium.org/for-testers/providing-network-details, we can check and see if there's an issue in the network stack.
,
Aug 28
this issue is not network bug as issue is only produciable on chrome. It is working on IE/Edge
,
Aug 28
Thank you for providing more feedback. Adding the requester to the cc list. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Aug 28
I don't think there's any actionable information here - there are no network errors. We aren't sending referrer headers, as desired. Think you're going to need to figure out why your script isn't working when we're not sending referrers, and only then can we determine if it's a Chrome issue.
,
Aug 30
our ASP.net code is sending the captcha if browser is IE/Edge it does means our script is working fine but in case of chrome, captcha is not visible. If i keep the referrer-policy other than no-referrer, it works in chrome.
,
Aug 30
Thank you for providing more feedback. Adding the requester to the cc list. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Aug 30
,
Aug 30
Please find the POC link https://drive.google.com/drive/folders/1bDRESrGxnJd8CjAO2R5fDVJtAVZ822pp?usp=sharing
,
Aug 31
Unfortunately, I can't download, build, and run code from untrusted sources (Particularly ones that contain pre-compiled binaries, like that project does). Digging into a large third party project for something that may or may not be a Chrome issue also isn't something we can reasonably spend time on - one thing to look at a repro, quite another to download and build code.
,
Sep 4
To echo what Matt said, that is a giant amount of code there. The NetLog shows a successful request to /DefaultCaptcha/Generate?t=900d77534de644b2b8f0674ab9723a61. And indeed your screenshots from DevTools show something similar. That suggests the issue is elsewhere. Perhaps the server is not giving back a valid image, perhaps it's not being incorporated into the site properly, etc. If you can give us a URL to look at, that might make more progress. If not, I would suggest looking into your server logs or inspecting the DOM in DevTools to figure out what's wrong with the image in question.
,
Sep 14
It sounds like a server-side failure. It is my understanding that IE/Edge don't support the Referrer-Policy response header. So it is not surprising that they would behave as when the header is omitted. My suggestion is to continue debugging the client/server interaction and try to reduce this to a single request. Unfortunately there isn't much else we can do on the Chrome side with the information we have. |
||||||||
►
Sign in to add a comment |
||||||||
Comment 1 by susan.boorgula@chromium.org
, Aug 27