navigator.sendBeacon data send to server
1,154 views
Skip to first unread message
Nir
Jun 21, 2017, 4:15:24 AM6/21/17
to Chromium HTML5
Hi,
I created rum script that collects data from my clients.
the function I use is sendBeacon:
and it run successfully.
Error: Failed to execute 'sendBeacon' on 'Navigator': sendBeacon() with a Blob whose type is not any of the CORS-safelisted values for the Content-Type request header is disabled temporarily. See http://crbug.com/490015 for details.
any help what to do?
I created rum script that collects data from my clients.
the function I use is sendBeacon:
var blob= new Blob([makeData(performance.getEntriesByType("resource"),getGuid(),getClientIP())], {type : 'application/json'});
navigator.sendBeacon("https://stage.bitsngo.com/rum",blob);and it run successfully.
before 1 day I upgraded Chrome to the latest version.
and now I get an exception:
Error: Failed to execute 'sendBeacon' on 'Navigator': sendBeacon() with a Blob whose type is not any of the CORS-safelisted values for the Content-Type request header is disabled temporarily. See http://crbug.com/490015 for details.
any help what to do?
something with the cors?
PhistucK
Jun 21, 2017, 7:32:29 AM6/21/17
to Nir, Chromium HTML5
You will temporarily need to use a simple content type. Simple content types -
- application/x-www-form-urlencoded
- multipart/form-data
- text/plain
application/json (which you use) is not a simple content type, which requires CORS approval from the origin (using an automatic OPTIONS request that the browser send).
Chrome does not implement CORS for sendBeacon at the moment (the team is working on it, as far as I know, but it requires a significant architectural change which may take some time) and previously, just sent the non-simple content type request - that was a security issue.
For your information - simple content types are content types that regular HTML <form> can submit without JavaScript or anything else to any domain.
This is basically done for compatibility (because this is a pretty insecure feature but the web requires it because the use of this feature is high, so deprecation is not an option).
Any new feature (like XMLHttpRequest, fetch, sendBeacon...) only allows cross origin requests without CORS for whatever <form> already allows (no point in preventing this in other APIs if the door is already open in another way).
You will just not be able to see the response if the server did not allow you using CORS, but the request is still sent (unlike non simple content types, for which an empty OPTIONS request is sent first and only if the server approved, the real request is sent).
The Intent to temporarily remove thread -
☆PhistucK
--
You received this message because you are subscribed to the Google Groups "Chromium HTML5" group.
To unsubscribe from this group and stop receiving emails from it, send an email to chromium-html5+unsubscribe@chromium.org.
To post to this group, send email to chromiu...@chromium.org.
Visit this group at https://groups.google.com/a/chromium.org/group/chromium-html5/.
For more options, visit https://groups.google.com/a/chromium.org/d/optout.
Takeshi Yoshino
Jun 21, 2017, 11:31:52 PM6/21/17
to PhistucK, Nir, Chromium HTML5
Sorry for inconvenience, but as PhistucK said, it's temporarily disabled. Please watch the issue for progress on reviving it on Chrome.
Reply all
Reply to author
Forward
0 new messages