New issue
Advanced search Search tips

Issue 922568 link

Starred by 1 user

Issue metadata

Status: Unconfirmed
Owner: ----
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 3
Type: Bug



Sign in to add a comment

Chome's CORS security feature is affecting a CORS-include on my webpage on slow networks

Reported by subraman...@gmail.com, Jan 16 (6 days ago)

Issue description

Chrome Version       : 71.0.3578.98 (Official Build) (64-bit)
'about:version'>
URL : https://contactus.kglobalservices.com/templates?nocache=1547655514000
Behavior in Safari 4.x/5.x: Webpage blocked due to CORS
Behavior in Firefox 3.x/4.x: web page blocked due to CORS 

What steps will reproduce the problem?
(1)Goto developer tools on chrome browser , click on network tab and filter the url: https://contactus.kglobalservices.com/templates

(2)On browser navigation bar open URL:https://www.kelloggs.com/en_US/contact-us.html

(3) On developer tools window,on network tab click on request pertaining to "https://contactus.kglobalservices.com/templates?nocache=..."
(4) you can see that only Provisional headers are shown under response headers. On console
 we get this error
Access to XMLHttpRequest at 'https://contactus.kglobalservices.com/templates?nocache=1547656448000' from origin 'https://www.kelloggs.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

 
CORS-error.png
289 KB View Download

Comment 1 by dtapu...@chromium.org, Jan 16 (6 days ago)

Components: Blink>SecurityFeature

Comment 2 by viswa.karala@chromium.org, Jan 17 (6 days ago)

Labels: Needs-Triage-M71

Comment 3 by ricea@chromium.org, Jan 18 (4 days ago)

Components: Platform>DevTools>Network

Comment 4 by swarnasree.mukkala@chromium.org, Jan 18 (4 days ago)

Cc: swarnasree.mukkala@chromium.org
Labels: Needs-Feedback Triaged-ET
Tried testing issue on reported chrome version #71.0.3578.98 using Windows 10 by following below steps.

Steps:
=====
1.Launched chrome.
2.Opened Devtools->Network tab.
3.In the filter enter "https://contactus.kglobalservices.com/templates".
4.Navigated "https://www.kelloggs.com/en_US/contact-us.html".
5.Under the network tab, observed that there are no results related "https://www.kelloggs.com/en_US/contact-us.html" link.
6.Under console there are no errors found.

Attached screencast for reference.
@reporter: Could you please review attached screencast and let us know if anything is missed from our end.
Thanks.!

922568.mp4
3.2 MB View Download

Comment 5 by subraman...@gmail.com, Jan 18 (4 days ago)

Hi,
This issue is occurring at our production site. 
This is affecting the business. 
Our network team identified that traffic specific to CORS is not as per standards. 
Hence they have handled it by applying some changes to some network configuration. Hence it is working.
But we have done a workaround and not fixed the issue at server level.
I wanted to know how I can verify request and response from my chrome browser when CORS issue is happening.
We wanted to know what is causing CORS issue at browser with respect to request/response 

Comment 6 by subraman...@gmail.com, Jan 18 (4 days ago)

Please help us identify the issue with request and response that is causing CORs issue.
Project Member

Comment 7 by sheriffbot@chromium.org, Jan 18 (4 days ago)

Labels: -Needs-Feedback
Thank you for providing more feedback. Adding the requester to the cc list.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment