Bug ID 976553: Portal Access: Chrome/Edge browser: cookie transport: sync XMLHttpRequests should not be used in onbeforeunload handlers

Last Modified: Oct 04, 2024

Affected Product(s):
BIG-IP APM(all modules)

Known Affected Versions:
16.1.0, 16.1.1, 16.1.2, 16.1.2.1, 16.1.2.2, 16.1.3, 16.1.3.1, 16.1.3.2, 16.1.3.3, 16.1.3.4, 16.1.3.5, 16.1.4, 16.1.4.1, 16.1.4.2, 16.1.4.3, 16.1.5, 16.1.5.1, 17.0.0, 17.0.0.1, 17.0.0.2, 17.1.0, 17.1.0.1, 17.1.0.2, 17.1.0.3, 17.1.1, 17.1.1.1, 17.1.1.2, 17.1.1.3, 17.1.1.4

Opened: Dec 23, 2020

Severity: 3-Major

Symptoms

Error message in browser console: Uncaught DOMException: Failed to execute 'send' on VM41 cache-fm.js:618 'XMLHttpRequest': Failed to load ''https://appportal.omo.nl/private/fm/volatile.html': Synchronous XHR in page dismissal. See https://www.chromestatus.com/feature/4664843055398912 for more details.

Impact

Web-application does not function as expected. Behavior varies, depending on web-application control flow.

Conditions

Setting and/or getting cookies in onbeforeunload/onunload handlers defined by the web-application.

Workaround

Important: This workaround will work until later versions of Chrome and Edge Browser are released. You can refer to the release notes for these browsers to determine when functionality is removed. Use an iRule to allow sync requests from onbeforeunload, onunload, and other page dismissal events. This is intended to inject into responses from the BIG-IP virtual server header, Origin-Trial, using a token obtained from the Google Chrome developer console. This token allows for use of synchronous requests in page dismissal events. It should work for Chrome and Microsoft Edge browsers where such sync requests are disabled now. To obtain the token you need to use the following iRule with your virtual server: 1. Go to the Chrome Origin Trials page: https://developers.chrome.com/origintrials/#/trials/active. 2. Click the 'REGISTER' button to the right of 'Allow Sync XHR In Page Dismissal'. 3. Enter the origin of your virtual server and other information: https://domain_of_your_virtual_server. 4. Click REGISTER. By doing this, you obtain a token to use in place of the token provided in the following iRule. Note: For additional info about Origin Trials and how they work: https://github.com/GoogleChrome/OriginTrials/blob/gh-pages/developer-guide.md when HTTP_RESPONSE_RELEASE { HTTP::header insert Origin-Trial Aq5OZcJJR3m8XG+qiSXO4UngI1evq6n8M33U8EBc+G7XOIVzB3hlNq33EuEoXZQEt30Yv2W6YgFelr2aGUkmowQAAABieyJvcmlnaW4iOiJodHRwczovLzEwLjE5Mi4xNTIuMzk6NDQzIiwiZmVhdHVyZSI6IkFsbG93U3luY1hIUkluUGFnZURpc21pc3NhbCIsImV4cGlyeSI6MTU5ODk5NzIyMX0= }

Fix Information

None

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips