I am not sure is this an appropriate place I should post this topic, actually I posted it in chrome help forum at first.
This is Sylar, I am a web front end developer from Chinese Alibaba Group.
Recently we found an issue in Chrome and Firefox, this issue is impacting the availability and functionality of our web site, it also brings a big potential issue.
Issue description:
The browser sends request to
safebrowsing.google.com, when it doubts that some requests are unsafe. but in Chinese Mainland, the Great Firewall of China is blocking any requests to
google.com, and before the browser get the response from
safebrowsing.google.com, it would not send out our requests(including ajax or static files), so our ajax is timeout, our static files are loaded failed.
We found this issue in the following urls:
The #1 url failed caused our main process of placed order broken.
The #2 url failed caused our production detail page rendering failed.
This is a huge issue from our side.
After my searching in the internet, I found this issue was caused by the functionality 'Enable phishing and malware protection' in browser. It seems chrome and Firefox are requesting the same host
safebrowsing.google.com when the issue happened.
But as you know we can not disable 'Enable phishing and malware protection' from user's end, we also can not make a proxy for our user, we only could do our best to avoid this issue.
So we have 2 questions for you:
1. Can you tell us how to avoid this issue when we make the urls, if you can that would be nice.
2. In my investigating, it seems there is a hash logic in my local browser, when the validation failed between the hash logic and urls, the browser would send request to
safebrowsing.google.com, so is there any way to validate our urls when we develop our production? Because I am thinking, we already found 2 urls failed until now, but we can not make sure the others ajax requests and static file links are working fine from our users' side, so if there is any way or any logic could be offered for us to validate our urls it will be a great help! We also could add the logic to our automatic testing to avoid any potential issues like the one we are facing now in our development.
Because this issue is impacting the Chinese users who enabled 'Enable phishing and malware protection' in their Chrome, so could you please help do something for Chinese users? Maybe make a copy one for the stuff on
safebrowsing.google.com and move it to China for Chinese users, if it's a good idea, I can help to contact our company's cloud services 'aliyun' for providing this services for Chrome in China Mainland. Or something else.
Thanks for your time reading,
Any idea or any information would be a big help for us.
Sylar