[D8] Chrome 83 cancels jquery.form ajax requests over https

Created on 20 May 2020, over 4 years ago
Updated 4 July 2024, 6 months ago

Problem/Motivation

In the latest Chrome (83), jquery.form doesn't work properly on https pages.

For D7 see #3143016: [D7] Chrome 83 cancels jquery.form ajax requests over https β†’ .

D7 example: try to upload an image at /node/add/article over https.

The POST request to upload the image shows as (cancelled) in red in dev tools, and the upload fails.

D8's jquery.form appears to have the same code which is causing the problem, so is likely also affected.

Proposed resolution

Per https://github.com/jquery-form/form/issues/571 it looks like the problem is:

a = b.extend(true, {
      url: d,
      type: this.attr('method') || 'GET',
      iframeSrc: /^https/i.test(window.location.href || '') ? 'javascript:false' : 'about:blank'
    }, a);

When iframeSrc is set to javascript:false on https pages, Chrome now seems to cancel the request. Changing this so that it's always set to about:blank seems to resolve the issue, but what other consequences might this have?

Remaining tasks

* Decide whether to patch existing jquery.form plugin or update to a newer version.
* Test affected modules on Chrome 83
* Test jquery-form functionality on all browsers

Release notes snippet

(none yet)

original report by arcataroger

When Chrome updated to 83, I can no longer add or remove paragraphs to any node. Another user (@brocakun) has indicated this also affects images/media widgets. The inspector's Network tab shows that an ajax request is attempted to /system/ajax but then is immediately (canceled) before a response can be made. That same request exported into Postman for testing works just fine, to the same endpoint.

This issue does not happen in Chrome 81 (tested side-by-side in Browserstack), Firefox, Safari, or Edge. It also does not happen on my local dev machine, accessed through http://localhost. I have been able to replicate it 100% of the time online, though, through our https:// test site. Local dev server: PHP-FPM 7.3 + nginx. Remote server: PHP 7.3 + nginx on Pantheon (not sure of the rest of their stack). This seems to be a clientside issue anyhow, something in how Chrome 83 in particular handles this kind of AJAX request.

Not sure if this is an HTTPS, XSS, jQuery, or other issue. I have not been able to find anything useful in the Inspector or chrome://net-internals logs.

My temporary workaround is to just use another browser for adding/removing paragraphs =/

This seems to be caused by an old version of jquery-form (thank you, @ljames28), possibly related to this jquery-forms iframe issue also caused by Chrome 83?.

Temporary confirmed fix from @Collins405 is to use jquery_update with an newer jquery-form override β†’ .

πŸ› Bug report
Status

Closed: cannot reproduce

Version

8.8 ⚰️

Component
AjaxΒ  β†’

Last updated about 20 hours ago

Created by

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

Production build 0.71.5 2024