@tsteur opened this Issue on January 27th 2021 Member

In the browser developer console I see a warning linking to https://www.chromestatus.com/feature/5629709824032768 anyone seen this before?
See https://www.chromium.org/Home/chromium-security/corb-for-developers for more information.

HTTP with 204 seems to work but 200 blocked. send_image=0 is used so it should have sent an HTTP 204 header. Actually... this output happens because of bulk requests. The request with HTTP 200 was sent as a bulk request in this example.

image

response headers:

image

The console warning reads Cross-Origin Read Blocking (CORB) blocked cross-origin response XYZ with MIME type application/json. See https://www.chromestatus.com/feature/5629709824032768 for more details.

For a URL where this can be reproduced feel free to ping me privately. I'm not sure if the tracking request will be executed or if just the response is not loaded.

Goal of this issue is to make sure such requests are tracked and the warning is no longer shown.

@sgiehl commented on February 1st 2021 Member

@tsteur I'm not very deep into CORS/CORB, but based on the description CORB is only applied for this type of content: JSON, HTML, XML. According to your screenshot, the bulk request returns a json, with http 200. Maybe the response type is the problem in that case. BulkTracking currently has it's own response handler, which always uses json. See https://github.com/matomo-org/matomo/blob/4.x-dev/plugins/BulkTracking/Tracker/Response.php
Not sure if there was an intention that bulktracking requests are returning json content, is the response used in some cases? 🤔

@tsteur commented on February 1st 2021 Member

I reckon to solve this issue be great if it also supported send_image=0 I suppose and then returned an HTTP 204. There should be no reason for returning JSON in a JS tracker request. And we're not reading the response.

The send_image would need to be set along {requests: [], token_auth: 'optional', send_image:0}. Be great to add this 👍

This Issue was closed on February 4th 2021
Powered by GitHub Issue Mirror