Issue metadata
Sign in to add a comment
|
Error "Well, well, well. What do we have here? An Origin Policy violation. And what do we not have? A page!" is being seen in public and is too informal |
||||||||||||||||||||||||
Issue descriptionChrome Version: Unknown OS: Unknown Reported here: https://twitter.com/kennethrohde/status/1064598154719432704 What steps will reproduce the problem? Unknown (but go to https://www.google.dk/) A page is shown with: Well, well, well. What do we have here? An Origin Policy violation. And what do we not have? A page! - You're trying to go to: https://www.google.dk/ - The policy applies to: https://www.google.dk It's likely that the user has flags turned on, so this isn't actually exposed by default. Still, the error page is informal and unhelpful, and appears to be content delivered by the site itself, not Chrome. This was added in r593531, with the message: "The functionality is behind a flag. The interstitial content is preliminary and will be replaced in a subsequent CL with something more suitable for the public." That's fair enough, but note that the public are seeing this anyway, so I think replacing it with something more formal should be a priority. The page is in: components/security_interstitials/core/browser/resources/interstitial_origin_policy.html
,
Nov 20
,
Nov 20
Thank you for the report, and my apologies for screwing this up. This was already reported in https://crbug.com/901477 . That issue also contains more info on the exact nature of the bug. It issue does look to be a "cooperation" between the browser and the server. There's further (email only) discussion on it, if you're interested in understanding the full story I'll be happy to add you. According to my current understanding of the bug, this should: - only occur if --enable-experimental-web-platform-features is set - only on dev-versions up to 71.0.3578.58 - only on beta-versions up to 72.0.3609.0 - only occur on Google properties In particular, it should not occur on any release version, any recent beta, or any recent dev version, or for anyone not having extra flags enabled. If you have contact to the original reporter, I'd appreciate if you could confirm the client version where it occurs. I'll mark this as duplicate. Please re-open the bug if it's seen on any current version or without the flag.
,
Nov 20
Thanks for quickly confirming. Reporter confirmed this is on 71.0.3578.21 and with #enable-experimental-web-platform-features. So this matches your expectation. He later confirmed it's fixed after a reboot (and presumably an update).
,
Nov 20
#3: I mixed up beta + dev version numbers. dev is 72.*, beta is 71.*. #5: Thank you. Unfortunately, it's not yet fixed for him since the beta with the fix isn't out yet. :-/ (The browser restart helps because the feature is supposed to remember whether a policy applies to a domain or not. The error condition is that the browser erroneously "sees" a policy being set, and will then dutifully (and correctly) apply it on every load on that domain. The restart will "forget" about the policy; but eventually the error condition will hit again. For me, the error condition hits in about 1 in every 10 navigations to google.com.) |
|||||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||||
Comment 1 by mgiuca@chromium.org
, Nov 2021.4 KB
21.4 KB View Download