Issue happens when Chrome can't get response from safebrowsing in China Mainland

[Chang Liu]

Hi all

I am not sure is this an appropriate place I should post this topic, actually I posted it in chrome help forum at first.

You can check the issue detail from chrome help forum(link to my posted) or directly check the copy version as below:

This is Sylar, I am a web front end developer from Chinese Alibaba Group. 

Recently we found an issue in Chrome and Firefox, this issue is impacting the availability and functionality of our web site, it also brings a big potential issue.

Issue description:

The browser sends request to safebrowsing.google.com, when it doubts that some requests are unsafe. but in Chinese Mainland, the Great Firewall of China is blocking any requests to google.com, and before the browser get the response from safebrowsing.google.com, it would not send out our requests(including ajax or static files), so our ajax is timeout, our static files are loaded failed.

We found this issue in the following urls:

1. http://ilogistics.aliexpress.com/ajaxCheckCanCreateOrder.htm

2. http://g.tbcdn.cn/tbc/mini-login/1.4.0/index-min.js?t=20130815000847.js

The #1 url failed caused our main process of placed order broken.

The #2 url failed caused our production detail page rendering failed.

This is a huge issue from our side.

After my searching in the internet, I found this issue was caused by the functionality 'Enable phishing and malware protection' in browser. It seems chrome and Firefox are requesting the same host safebrowsing.google.com when the issue happened.

But as you know we can not disable 'Enable phishing and malware protection' from user's end, we also can not make a proxy for our user, we only could do our best to avoid this issue.

So we have 2 questions for you:

1. Can you tell us how to avoid this issue when we make the urls, if you can that would be nice.

2. In my investigating, it seems there is a hash logic in my local browser, when the validation failed between the hash logic and urls, the browser would send request tosafebrowsing.google.com, so is there any way to validate our urls when we develop our production? Because I am thinking, we already found 2 urls failed until now, but we can not make sure the others ajax requests and static file links are working fine from our users' side, so if there is any way or any logic could be offered for us to validate our urls it will be a great help! We also could add the logic to our automatic testing to avoid any potential issues like the one we are facing now in our development.

Because this issue is impacting the Chinese users who enabled 'Enable phishing and malware protection' in their Chrome, so could you please help do something for Chinese users? Maybe make a copy one for the stuff on safebrowsing.google.com and move it to China for Chinese users, if it's a good idea, I can help to contact our company's cloud services 'aliyun' for providing this services for Chrome in China Mainland. Or something else.

Thanks for your time reading,

Any idea or any information would be a big help for us. 

Sylar

[Chang Liu]

I already submitted an issue report in chrome issue report some days ago, but I haven't got any feedback from Chrome or Google.

Also I don't know who is working that.

Maybe submit again?

Do you guys know who is the right one I should touch for this issue?

2014-07-23 1:46 GMT+08:00 Siva P Thumma <siva...@gmail.com>:

Obviously this is a big issue.

You should follow as in Chrome bug reporting page... That is the minimum thing you should do. The best thing is you address your query to someone who responds ... 

-Siva P Thumma

--
--
Chromium Discussion mailing list: chromium...@chromium.org
View archives, change email options, or unsubscribe:
http://groups.google.com/a/chromium.org/group/chromium-discuss

To unsubscribe from this group and stop receiving emails from it, send an email to chromium-discu...@chromium.org.

[PhistucK]

​It sometimes takes a while before issues are triaged, so you should definitely not create a new issue.​

However, posting a link to the created issue here may expedite the process.

☆PhistucK

[Chang Liu]

Thanks for your help!

Let me try in chromium issue.

2014-07-23 11:44 GMT+08:00 Siva P Thumma <siva...@gmail.com>:

You may also file a bug here before you do any heavy lifting.

-Siva P Thumma

On Wed, Jul 23, 2014 at 9:07 AM, Siva P Thumma <siva...@gmail.com> wrote:

Normally I address to google-apps team as we have a running google-apps project.

Then they would respond in person. 

I might suggest you should consult through this page (or something like this)...

May be you would (have to) start off using an apps startup project.

-Siva P Thumma

[Chang Liu]

How can I track the process for the issue I reported in Chrome report issue?

I can not find anything like url or task id of my issue...

[王伟锋]

I find the same problem recently. Two XHR requests was always loading because of safebrowsing. Can anyone tell me how to avoid this problem? Change the request URL will help??? Why some url will send request to safebrowsing.google.com while the others won't???

在 2014年7月23日星期三 UTC+8上午1:04:53，Sylar Liu写道：