For some reason, Google Chrome sends 2 requests to every webpage on my solution. I originally experienced this issue on an MVC web application but then I made a test project without using MVC and this continued to happen.
This does not happen with Edge or Internet Explorer.
Did anybody experience the same problem and how did you go about it?
Most of my research pointed in the direction of having an href="#" tag that would cause the browser to reload the page but this is not the case in my situation.
This normally would not be an issue, but it seems to be causing the AntiForgeryRequestToken to not get validated
2 requests means the total SAME requests or an 'OPTIONS' method and a normal medthod?
if you are in the second situation, you will need use IIS/ngnix to Url Rewrite to make sure your chrome Url and your ajax request url are in the same domain.
Related
Here is the problem I have.
We have a server-side Blazor web application in which we want to register new users. The users come to us from another web site. When the users subscribe to our application through this web site a POST request is sent, and the user is redirected to a page of our Blazor application. The problem is we have no clue how to then get the form data contained in the POST. We can see it using the tools in the browser, but we can't use it in my code.
We have tried creating a controller with an HTTP endpoint, but the method we have set up does not get called. My colleague and I are at a loss with what to do or what resource would be helpful and comprehensive in showing us how to set this up. Instead we keep finding little bits of information that don't lead us to a successful implementation.
Any help would be amazing.
Okay, it would be a very general question, I won't share any source code because It needs a theoretical explanation.
I am loading a web page in my browser be it chrome or firefox and the page is loading fine. the thing that is not working and made me curious is, When I get the source of that specific page using HttpWebRequest or HttpClient or any library such as RestSharp, My Requests to that page got blocked and instead of getting the actual HTML I get back an error page.
So, I wanted to ask what is this happening? When I load it in browser it works fine, but when I switch back to the HttpClient it gets blocked(At least that is what I think). Please share your experiences and also let me know how can I do this in my Web Applications to detect from where the request is coming? Any help would be appreciated.
PS: It even fails on Postman.
Here is the error:
The requested URL was rejected. Please consult with your
administrator.
I'm getting a periodic issue with my IIS hosted website whereby one of my clients browsers (Google Chrome 77/78 or higher) suddenly begins submitting dozens of requests per second to my website for the same page.
The user is always a valid, authenticated user with my application. The requests also don't seem to follow any standard pattern that I can determine from our logs. For instance, it's not a authorization redirect issue for instance, it's almost like the browser is sending through dozens of requests which have somehow been initiated by the user. For instance, opening a bookmarked version of our page dozens of times.
Looking at the request details I can see the following fetch headers:
HTTP_SEC_FETCH_USER: ?1
HTTP_SEC_FETCH_SITE: none
HTTP_SEC_FETCH_MODE: navigate
Which from what I can understand means that the action was user-initiated, and that it did not come from my own application, in terms of a ajax request or page refresh. I can only get the above combination of fetch headers when I open my page in a new tab in Chrome for instance.
Could this actually be related to the Chrome browser itself? I cannot replicate the issue in development, but it's happened a few times now and I'm not sure where to start in terms of determing a cause.
As other users have pointed out in comments, this can be in fact caused by Mobile Chrome Predictive Loading mechanism.
A recent version of Chrome for Android (78.0.3924.108) has experimented with predictive loading, changing the rules when links are selected for prefetching. This can cause arbitrary links to be "loaded" (issuing a GET request, distorting stats and causing any side effect that action has) without any user input when visiting your website.
This has been rolling out over the past week, and has caused many issues in many different scenarios (logging users out, clicking on paid or aggregator links, etc.)
More info on the Chromium issue tracker:
https://bugs.chromium.org/p/chromium/issues/detail?id=1027991
Requests made by prefetching issue a Purpose: prefetch header - at least by Chrome, other browsers might issue other headers
This has since then been fixed today morning (25th november 2019).
Custom table's data hangs on the loading screen after saving any changes. This is happening on some of tables and it seems that the majority of records are saved, however I have noticed a couple that didn't save within some custom table until reapplying the change!
I was wondering what can cause the issue.
I have found the issue using browser's developer tools.
Issue
Clicking save button was creating
Mixed Content: The page at 'https://address' was loaded over HTTPS, but requested an insecure form action 'http://address'. This request has been blocked; the content must be served over HTTPS. JS error on the browser and browser was blocking the content. However, the form action was not pointing to absolute URL address.
Solution
As the server SSL config was fine, therefore, there was not any other way than changing core CustomTableForm.ascx.cs Kentico file. Although it is not recommended. The problem solved by developing RedirectUrlAfterSave property of customTableFormobject to make sure it will redirect correct protocol instead of Absolute URL
Hope it will help you guys.
This was just brought to my attention, not sure how I missed it before. So, I will post my answer just for the future reference :-)
I guess there is some SLL offloading going on before the actual IIS where Kentico is running. In this case, SSL Accelerator must be implemented. The link goes to Xperience 13 version but the same idea applies for older versions. Just use the version selector in the top bar - there could be some API differences.
And the same applies e.g. when uploading media files - the browser console will show mixed content warning. This is for security reasons. Browser sees the HTTPS but behind the offloader there is HTTP communication and the GetAbsoluteURL method takes the protocol from the request. Thus, mixed content. Using the ssl accelerator will tell Kentico to use HTTPS internally.
I maintain a legacy (7yr old) ASP.NET 4.0 WebForm site. Our user base is around 2K-3K concurrent users during peak activity, usually in the spring of each year.
I've been able to trap in the code, a user submitting the same webform more than once to the server...however the user is only clicking the submit button once. I've witnessed the activity to verify single-click submission.
For some odd reason, the browser (chrome) is posting the same web form 2,3, sometimes 4 times to the server. It seems to happen to most everyone using the app and varies from once every 5th button click to as high as every 20th button click. These duplicate submissions happen within milliseconds of one another.
Is there a good way for the server to recognize another request from the user and ignore it? Since it appears the browser is the culprit, the page content for the submission would be identical on subsequent submissions.
fwiw, I'm aware of the anti-forgery methods for crossSiteScripting in MVC, but this app is strictly WebForm (no MVC).
I'm not a heavy web programmer, but can learn just about anything. Most of my time is spent in T-SQL. But such is the way with funding for maintaining older apps. :)
(WebApp/LoadBalancer uses sticky-sessions, with ASP.NET State Server supporting 3 web servers for this app, if it matters. Once a user logs in against a specific web server, all traffic from that user stays on that specific web server.)
edit: i did find this: Generating AntiForgeryToken in WebForms which I think is a good solution...need to absorb it for a bit and see how it works in my prototype project.