Latest Chrome update breaks plugin response handling
webmasterlv opened this issue · 17 comments
Description:
After the latest Chrome update (mine is 83.0.4103.61) the success callback is not called anymore if using iframe:true
although the request gets to the server. Chrome dev tools shows request as cancelled.
I managed to fix this by setting iframeSrc:'about:blank'
.
I cannot find a reason or implication of this change. But maybe iframeSrc default should be changed?
Expected Behavior:
Receive success callback with response from server.
Actual behavior:
Success callback is not called, request shows aborted in Chrome.
Versions:
LoadJSON:
jQuery: 3.4
Browsers: Chrome 83.0.4103.61
Demonstration
Demo here
Steps to reproduce:
Use default setting of iframeSrc
I am also having the same problem.
To elaborate on @webmasterlv post:
Change:
options = $.extend(true, { url: url, success: $.ajaxSettings.success, type: method || 'GET', iframeSrc: /^https/i.test(window.location.href || '') ? 'javascript:false' : 'about:blank' }, options);
to
options = $.extend(true, { url: url, success: $.ajaxSettings.success, type: method || 'GET', iframeSrc: 'about:blank' }, options);
I Googled a little bit about this, and seems like about:blank is the best to be used.
HTML standard says:
If the element has no src attribute specified, or its value is the empty string, let url be the URL "about:blank".
There are major updates at the moment, and apparently Chrome does not like javascript:false anymore in the iframe source.
Originally this always used about:blank
but javascript:false
was added for https URLs in ce43241 - but unfortunately the commit doesn't explain why.
I'm on 83.0.4103.61 on latest MacOS Catalina and cannot reproduce this. I've used the jsfiddle and both buttons work for me.
@klonos both buttons will trigger an alert, but the difference lies in the actual network response. For me, prior to 83, both buttons result in a 404 response from jshell.net. But for 83, the default iframeSrc button request is canceled by the browser, whereas the about:blank
version sends the request and receives a 404
response.
default
about:blank
(Edit: Oh, nevermind, just saw #572, which patches this and already accounts for IE)
Just wanted to chime in and say that over in Drupal land, the about:blank
fix has worked for many of us. We are also unclear about why it was changed to javascript:false
for https sites, but the workaround seems to pass our tests.
Quick note is that about:blank
might break this for IE11 in unclear ways. The Drupal patch added a user agent check to bypass IE.
same problem here
using jquery 1.5 and jquery form for document upload
after chrome 83 upgrade
asp .net forms authentication needs
<authentication mode="Forms">
<forms requireSSL="true" cookieSameSite="None" .....
and document upload needed to be updated to :
$("#ajaxUploadForm").ajaxForm({
iframe: true,
dataType: "json",
iframeSrc: "about:blank",
javascript: false,
.....
not the best fix but works for now...
I was linked to this issue from https://bugs.chromium.org/p/chromium/issues/detail?id=1086008
As others have pointed out, the issue is with using javascript: urls, and using about:blank instead is the workaround.
I have a fix in chrome on the way, and it will likely be available in chrome 84.
@josepharhar is this issue same as #573 ?
@josepharhar is this issue same as #573 ?
Since that issue says that you must have an iframe with src=“javascript:false”, i think it is the same issue.
@josepharhar Yes we have a iframe created by jquery.form plugin with src as javascript:false. I just can confirmed by modifying the plugin to change the javascript:false to about:blank and it worked.
@josepharhar Please suggest me that I need to do upgrade the jquery plugin with the new version or the chrome developers will going to fix in the next release, if yes please suggest me how I need to handle this case for the time being.
It will be fixed in chrome within the next three weeks
@josepharhar Thank you so much for your update.
Yep, I got an update to 83.0.4103.97 on my personal machine today which includes the fix, it is getting rolled out earlier than I originally planned. Check chrome://settings/help to see if you have the update!
Latest Google Chrome update (v83.0.4103.97) appears to have solved this issue for me.
i removed my previous post as i thought i was on the wrong thread - whoops!