Re: CORB blocking ads?

Łukasz Anforowicz

unread,

Jun 26, 2018, 12:30:46 PM6/26/18

to nomycna, ni...@chromium.org, site-isol...@chromium.org

Thanks for the heads-up. I've replied to the 2 threads you've linked above, but based on the (little) information provided I do not yet see an example where CORB blocks a legitimate response and is responsible for disrupting a website operation.

If there is a website that you think is broken because of a bug in Chrome67, then please open a Chromium bug and provide 1) repro URL, 2) expected and actual/observed behavior. If you think CORB is involved then please also provide 3) URL of the response that you think should not be blocked by CORB, 4) response headers, 5) response body [okay to edit out sensitive information if any]. It is possible to disable CORB (and the bigger Site Isolation feature) using cmdline flags - this is a good way to confirm if CORB (or Site Isolation) are responsible for the expected change in the observed behavior. Details on which cmdline flags to use can be found at

https://www.chromium.org/Home/chromium-security/corb-for-developers:
If you suspect Chrome is incorrectly blocking a response and that this is disrupting the behavior of a website, please file a Chromium bug describing the incorrectly blocked response (both the headers and body) and/or the URL serving it. You can confirm if a problem is due to CORB by temporarily disabling it, by starting Chrome with the following command line flag:
--disable-features=CrossSiteDocumentBlockingAlways,CrossSiteDocumentBlockingIfIsolating
https://www.chromium.org/Home/chromium-security/site-isolation:
Diagnosing Issues
If you encounter problems when Site Isolation is enabled, you can try turning it off by undoing the steps above, to see if the problem goes away.
You can also try opting out of field trials of Site Isolation to diagnose bugs, by visiting chrome://flags#site-isolation-trial-opt-out, choosing "Opt-out (not recommended)," and restarting.
[...]
We encourage you to file bugs if you encounter problems when using Site Isolation that go away when disabling it. In the bug report, please describe the problem and mention that you are using Site Isolation.

On Tue, Jun 26, 2018 at 5:06 AM, nomycna <nom...@gazeta.pl> wrote:

Hi guys,

I saw you've been contributing to CORB explanation page: https://chromium.googlesource.com/chromium/src/+/master/services/network/cross_origin_read_blocking_explainer.md . I assume you might also have some knowledge about its implementation and might be able to give some advice about it. There are multiple people who are having problems with displaying ads on their website. It is supposed to be caused by CORB blocking ads displayed by DFP [1] [2]. I think it might be for some, quite serious issue. Given on Google's help forum usually nobody ever gets help and problems are not escalated, nobody developing chrome/chromium might be aware of the problem. Do you know where and how such issue can be raised?

[1] - https://productforums.google.com/forum/?nomobile=true#!topic/dfp/rkpG5EOQhgc;context-place=topicsearchin/dfp/category$3Adfp-premium%7Csort:relevance%7Cspell:false

[2] - https://productforums.google.com/forum/#!topic/dfp/nmLsuBKfoFY

Thanks,

Andrzej

nomycna

unread,

Jun 27, 2018, 4:16:03 AM6/27/18

to Łukasz Anforowicz, ni...@chromium.org, site-isol...@chromium.org

Thanks. Unfortunately, some of your advice is not really helpful. But that's probably on me - I haven't really described problem in detail. As I mentioned, it's about serving ads. The problem with this it's a black box for publishers (i.e. site owners). More or less the flow looks like this: there's Google's DFP tags embedded on website, those tags embed (or maybe just show content) from Google's AdX/AdSense, which maybe contain some creatives from advertisers (which maybe loads content form external websites). I assume URLs and site content are generated dynamically, so it's impossible to provide an URL which causes problems. That also means one cannot check how exact case works with the flag you mentioned disabled. Also given it's abut ads, the advice to have the isolation disabled it's not really applicable (it would be quite hard to convince people to turn off security feature of browser before they enter website to have them ads displayed).

Anyway, if I come up with reproducible case I'll let you know. But I guess if the problem is really serious, issue might be raised from other part of your organization.

A

Charlie Reis

unread,

Jun 27, 2018, 4:12:39 PM6/27/18

to nom...@gazeta.pl, Łukasz Anforowicz, Nick Carter, Chromium Site Isolation

Thanks for the context. Even if you don't have a URL which is guaranteed to show the problem in all cases, it would be useful to know a URL on the affected site where the missing ads problem has been observed in the past. We might be able to use that to figure out what the problem is.

As Łukasz mentions, we think the CORB errors are likely a red herring and not the actual cause of the problem. However, it is likely that some other change due to Site Isolation could be involved. We're quite interested in tracking that down, and having an example URL would be a good starting point.

Thanks!

Charlie

Message has been deleted

Charlie Reis

unread,

Jun 28, 2018, 8:03:50 PM6/28/18

to szy...@swiatprzychodni.pl, Chromium Site Isolation

Thanks! We'll try to look at that URL more carefully to see if ads are missing in any cases on our side, just in case. I can confirm that I see CORB errors there, but every URL listed in the error messages just returns a zero byte response, so the fact that it's blocked doesn't affect how the page behaves.

Note that we've improved the CORB console behavior in Chrome 69 as part of https://crbug.com/844178, by omitting console messages when we know they can't affect the page outcome (such as these zero byte response cases). And indeed, I'm not seeing any CORB errors in DevTools for that page when I visit it in the current Chrome Canary (69.0.3475.0). That should help with the general concerns that CORB is to blame, and let us focus on the cases that ads are actually missing (which would be useful to track down and fix).

Thanks!

Charlie

On Thu, Jun 28, 2018 at 3:53 AM Szymon Dąbrowski <szy...@swiatprzychodni.pl> wrote:

Hey,
Here's a sample URL https://swiatprzychodni.pl/artykuly/oddawania-krwi-nie-trzeba-sie-bac/ which causes messages like: "Cross-Origin Read Blocking (CORB) blocked cross-origin response https://securepubads.g.doubleclick.net/pagead/adview?ai=[...] with MIME type text/html.[...]"
to happen. But as it was mentioned, ad content is very personalized. The problem might be with some specific creatives which are not displayed in US. Also whole topic was raised because people concluded that it causes ads not to display. It might be so, but it also might be that people don't see ads on their page, they check their chrome console and incorrectly conclude that the CORB is the reason for that. But there might be some other causes for not displaying ads. Anyway, on page I am sending you as an example, ads load correctly for me but the CORB messages are still there. So maybe only some not that important requests which track viewability are blocked.
Szymon

On Thu, Jun 28, 2018 at 12:37 PM, nomycna <nom...@gazeta.pl> wrote:
Chcesz im dać jakiegoś urla?

Message has been deleted

tommy.q...@storefront.be

unread,

Jul 5, 2018, 8:21:41 AM7/5/18

to Site Isolation Development

Hi guys,

We are also experiencing the issue of empty ads since CORB. When opening the page in chrome 69 (chromium) the banner is still invisible but the corb error is indeed gone. The adds is working on safari so this has to be a chrome issue. The url i'm talking about is https://www.amerika.nl . The banner which isn't showing in Chrome & Chromium is the one with the text "gaat u naar midden-afrika?" and the pfizer logo in the bottom right corner.

Charlie Reis

unread,

Jul 6, 2018, 5:52:37 PM7/6/18

to tommy.q...@storefront.be, Chromium Site Isolation

Thanks-- as before, we're interested in tracking this down. However, so far I have seen the Pfizer banner ad (along with a handful of other ads on a rotation) in almost every visit in Chrome 67.0.3396.99 (Stable), 68.0.3440.42 (Beta), and 69.0.3483.0 (Canary). There were indeed 2 or 3 times I saw no banner ad appear at the top, so it's possible there may be a race involved-- that might be a place to start. (Dozens of other visits showed the ads for me, though-- are you seeing something similar?)

Interestingly, I'm not seeing the banner ad at all in Firefox 61.0.1, even after multiple reloads. Is that a known issue?

Charlie

tommy.q...@storefront.be

unread,

Jul 9, 2018, 5:51:10 AM7/9/18

to Site Isolation Development, tommy.q...@storefront.be

Hi Charlie,

I've done some more digging and below ad url isn't showing the ad because of corb. In the preview it is showing the ad but the page itself is empty. Tested in latest chrome stable and canary. https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=4148997491107637&correlator=322692546305753&output=html&callback=googletag.impl.pubads.callbackProxy1&impl=fif&adsid=NT&pucrd=CgYgASgBOAF4Aw&jar=2018-7-9-9&eid=21061743%2C21062068%2C21061812&vrg=225&guci=1.2.0.0.2.2.0&sc=1&sfv=1-0-29&iu=%2F1195670%2FAMERIKA.NL-FEATUREROW-970x250&sz=728x90%7C970x250%7C970x90&cookie=ID%3D2ab4fa178c9dfe48%3AT%3D1520955956%3AS%3DALNI_MYZDg1G3MjWlDEdYC1jV3lLF-INOg&bc=7&abxe=1&lmt=1531127587&dt=1531127587368&dlt=1531127583653&idt=1838&frm=20&biw=1265&bih=924&oid=3&adx=0&ady=0&adk=1848213424&gut=v2&ifi=1&u_tz=120&u_his=1&u_h=1440&u_w=2560&u_ah=1418&u_aw=2560&u_cd=24&u_nplug=3&u_nmime=4&u_sd=1&flash=0&url=https%3A%2F%2Fwww.amerika.nl%2Famerika%2Freizen%2F%3Fdfpdeb&ref=https%3A%2F%2Fwww.google.com%2Fdfp%2F1195670&dssz=34&icsg=562950098684144&std=0&vis=1&dmc=8&scr_x=0&scr_y=0&psz=728x110&ga_vid=1795628391.1520955953&ga_sid=1531127587&ga_hid=1747470880&base_url=https%3A%2F%2Fsecurepubads.g.doubleclick.net%2Fgampad%2Fads&dpt=1

tommy.q...@storefront.be

unread,

Jul 9, 2018, 6:01:28 AM7/9/18

to Site Isolation Development, tommy.q...@storefront.be

With preview i mean the request response preview in the network tab in the dev tools. Screenshot: https://drive.google.com/file/d/1OYl4r3lhuGfm-2zmxx7WTSfzvjNvji_Q/view

nayo...@gmail.com

unread,

Jul 10, 2018, 5:12:25 PM7/10/18

to Site Isolation Development

We're also seeing the same problem on this page: timesofisrael.com - google ads (AdX/AdSense) are blocked by CORB, other ads (direct sold, other demand sources) works fine. All ads are served by DFP.

Charlie Reis

unread,

Jul 10, 2018, 8:12:22 PM7/10/18

to tommy.q...@storefront.be, Chromium Site Isolation

Thanks-- this is a good lead. Do you know which part of the site is requesting that? It does look like an HTML response, which I would expect to work inside an iframe but not inside other contexts. I'll try to take a closer look at requests that https://www.amerika.nl/ is making tomorrow to see if I can spot it.

In the meantime, I'm curious if the ad works when you run Chrome with the --disable-features=CrossSiteDocumentBlockingAlways,CrossSiteDocumentBlockingIfIsolating command line flag.

Charlie

Charlie Reis

unread,

Jul 10, 2018, 8:12:25 PM7/10/18

to nayo...@gmail.com, Chromium Site Isolation

Thanks. As in the other cases, can you clarify (1) if the ad is actually missing or if it's just a warning in the console, and (2) if the problem goes away on Chrome Canary? I'll try to take a closer look tomorrow.

Charlie

nayo...@gmail.com

unread,

Jul 10, 2018, 8:18:10 PM7/10/18

to Site Isolation Development

Hey Charlie,

Ads are missing, this isn’t just some errors in the console. I checked this also on chrome canary, same as chrome stable.

tommy.q...@storefront.be

unread,

Jul 11, 2018, 3:26:37 AM7/11/18

to Site Isolation Development, tommy.q...@storefront.be

Hi Charlie, i can confirm that disabling corb and isolation make the ad visible.

Charlie Reis

unread,

Jul 11, 2018, 4:29:09 PM7/11/18

to tommy.q...@storefront.be, Sam Nayovitz, Chromium Site Isolation

Merging the two threads.

I'm testing on Mac Chrome Canary 69.0.3488.0, comparing the site using Site Isolation enabled (using --site-per-process) and using Site Isolation + CORB disabled (using the flags listed at the bottom of this message).

For both https://www.amerika.nl/ and https://www.timesofisrael.com/, I see the banner ads sometimes appear and sometimes not, both with and without Site Isolation + CORB. It's non-deterministic across reloads of the page for me: sometimes the ads load, and sometimes they don't, and I haven't yet seen any correlation between whether Site Isolation + CORB is enabled and whether the ads work. I don't have aggregate data to say if it's more likely to occur in one mode than the other, but I do have evidence that the problem does occur in both modes.

The problem also seems to occur in other browsers. I sometimes see the banner ads missing in Safari for both https://www.amerika.nl/ and https://www.timesofisrael.com/. In Firefox, banner ads are always missing for https://www.amerika.nl/, and they're sometimes missing for https://www.timesofisrael.com/. That's more evidence that Site Isolation + CORB probably isn't the direct cause, at least for the problem I'm observing.

At this point, I'm going to reach out to people on the ads team to see if they can shed any light on why the banner ads aren't appearing. It's certainly a problem and I hope they'll be able to track it down more effectively.

For reference, here's how to run Chrome 69 with Site Isolation + CORB disabled:

--disable-site-isolation-trials --disable-features=IsolateOrigins,site-per-process --disable-features=CrossSiteDocumentBlockingAlways,CrossSiteDocumentBlockingIfIsolating

Verify by visiting chrome://process-internals and ensuring it says:

Site Isolation mode: Disabled

Isolated origins: https://accounts.google.com

Charlie

On Tue, Jul 10, 2018 at 2:12 PM <nayo...@gmail.com> wrote:

We're also seeing the same problem on this page: timesofisrael.com - google ads (AdX/AdSense) are blocked by CORB, other ads (direct sold, other demand sources) works fine. All ads are served by DFP.

Tommy Quissens

unread,

Jul 12, 2018, 3:41:33 AM7/12/18

to Charlie Reis, Chromium Site Isolation, Sam Nayovitz, wouter...@storefront.be

Allright, thanks for reaching out! I’ve tried too but I can’t post on the "DoubleClick Publisher Help Forum”. Other people have reported the issue but until now there’s no response coming from anyone at DFP. (see https://productforums.google.com/forum/?nomobile=true#!topic/dfp/rkpG5EOQhgc;context-place=topicsearchin/dfp/category%243Adfp-premium%7Csort:relevance%7Cspell:false and https://productforums.google.com/forum/#!topic/dfp/rkpG5EOQhgc;context-place=topicsearchin/dfp/corb)

Tommy

On 11 Jul 2018, 22:29 +0200, Charlie Reis <cr...@chromium.org>, wrote:

chrome://process-internals

Charlie Reis

unread,

Jul 12, 2018, 2:13:39 PM7/12/18

to tommy.q...@storefront.be, Chromium Site Isolation, Sam Nayovitz, wouter...@storefront.be

The ads folks I chatted with about these two sites seemed to think it was cases that the ad simply didn't fill, unrelated to Site Isolation or CORB. They suggested appending ?googfc (or ?google_force_console=1) to the URL to track down broken creatives, as documented at https://support.google.com/dfp_premium/answer/2462712?hl=en. For example:

https://www.amerika.nl/?googfc

https://www.timesofisrael.com/?googfc

(Now that I'm testing on Windows today, I'm getting the missing banner ad in both Chrome and Edge on https://www.amerika.nl/?googfc, with a "Not displayed" Overlay status in the ad console.)

Also, thanks for pointing to the forum post! I just posted a followup there as well, since those warnings showed similar signs of being false positives (as lukasza@ had suspected there). That forum may be a good play to continue any discussion of missing ads, since I'm not sure I'll be able to help with ads specific issues. And apologies again for the false alarms from the CORB warnings, which thankfully go away in Chrome 69.

Hope that helps!

Charlie

Tommy Quissens

unread,

Jul 13, 2018, 5:01:16 AM7/13/18

to Charlie Reis, Chromium Site Isolation, Sam Nayovitz, wouter...@storefront.be

Hi Charlie,

I’ve already checked it and the ad does fill, it just doesn’t show up. Here a screenshot with on the left a working add, in the center a broken add and on the left an empty add. You can see the broken ad has an “Order", “Line Item” and “Creative" assigned. I'm

hiding empty ads. (https://drive.google.com/file/d/1FAF0sfbumtAI--s3fCQ_H_SiQQRSAVog/view)

Met vriendelijke groeten,

Tommy Quissens
e-Commerce Developer
+32 478 54 60 08

Charlie Reis

unread,

Jul 16, 2018, 4:40:33 PM7/16/18

to tommy.q...@storefront.be, Chromium Site Isolation, Sam Nayovitz, Wouter Samaey, Mike Burns, Lucas Silva

[+michaelburns@, lusilva@]

Interesting. I haven't been able to repro that myself (with or without Site Isolation), but I'm including Mike and Lucas from the Ads side to help discuss further.

Thanks,

Charlie

Mike Burns

unread,

Jul 17, 2018, 9:39:08 AM7/17/18

to cr...@chromium.org, tommy.q...@storefront.be, site-isol...@chromium.org, nayo...@gmail.com, wouter...@storefront.be, Lucas Silva

Hi all,

Chiming in from the ads side. I only managed to reproduce an ad filling and failing to render once on these sites and it was due to a broken creative that threw an exception. Tommy, the image you attached seems to line up with being a broken creative in some cases because the Publisher Console screenshots you sent show it was filled and rendered inside a friendly iframe which is not treated differently with Site Isolation. Site Isolation only causes cross-domain frames to get their own process.

Can someone who is seeing issues try to outline answers to some of the following questions to help us diagnose the issue?

- What issues do you see aside from the "Cross-Origin Read Blocking (CORB) blocked cross-origin response" warning? These warnings only appear to be triggering for pings to our server that return no content and I cannot find any indication of issues related to this warning.

- At what frequency are you seeing the issue and does your AdX/AdSense/DFP reporting reflect this?

naeg...@gmail.com

unread,

Jul 19, 2018, 5:35:34 AM7/19/18

to Site Isolation Development, cr...@chromium.org, tommy.q...@storefront.be, nayo...@gmail.com, wouter...@storefront.be, lus...@google.com, michae...@google.com

On Tuesday, July 17, 2018 at 3:39:08 PM UTC+2, Mike Burns wrote:
> Hi all,
> Chiming in from the ads side. I only managed to reproduce an ad filling and failing to render once on these sites and it was due to a broken creative that threw an exception. Tommy, the image you attached seems to line up with being a broken creative in some cases because the Publisher Console screenshots you sent show it was filled and rendered inside a friendly iframe which is not treated differently with Site Isolation. Site Isolation only causes cross-domain frames to get their own process.
>
>
> Can someone who is seeing issues try to outline answers to some of the following questions to help us diagnose the issue?
> - What issues do you see aside from the "Cross-Origin Read Blocking (CORB) blocked cross-origin response" warning? These warnings only appear to be triggering for pings to our server that return no content and I cannot find any indication of issues related to this warning.
> - At what frequency are you seeing the issue and does your AdX/AdSense/DFP reporting reflect this?
>
>
> On Mon, Jul 16, 2018 at 4:40 PM Charlie Reis <cr...@chromium.org> wrote:
>
>
> [+michaelburns@, lusilva@]
>
> Interesting. I haven't been able to repro that myself (with or without Site Isolation), but I'm including Mike and Lucas from the Ads side to help discuss further.
>
>
> Thanks,
> Charlie
>
>
> On Fri, Jul 13, 2018 at 2:01 AM Tommy Quissens <tommy.q...@storefront.be> wrote:
>
>
>
>
>
>
>
> Hi Charlie,
>
>
>
>
> I’ve already checked it and the ad does fill, it just doesn’t show up. Here a screenshot with on the left a working add, in the center a broken add and on the left an empty add. You can see the broken ad has an “Order", “Line Item” and “Creative" assigned. I'm
> hiding empty ads. (https://drive.google.com/file/d/1FAF0sfbumtAI--s3fCQ_H_SiQQRSAVog/view)
>
>
>
>
>
>
>
>
> Met vriendelijke groeten,
>
>
>
>
>
>
>

> Tommy Quissens
>
> e-Commerce Developer
>
> +32 478 54 60 08
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> On 12 Jul 2018, 20:13 +0200, Charlie Reis <cr...@chromium.org>, wrote:
>
>
>
>
>
> The ads folks I chatted with about these two sites seemed to think it was cases that the ad simply didn't fill, unrelated to Site Isolation or CORB. They suggested appending ?googfc (or ?google_force_console=1) to the URL to track down broken creatives, as documented at https://support.google.com/dfp_premium/answer/2462712?hl=en. For example:
>
> https://www.amerika.nl/?googfc
>
>
> https://www.timesofisrael.com/?googfc
>
>
>
>
>
> (Now that I'm testing on Windows today, I'm getting the missing banner ad in both Chrome and Edge on https://www.amerika.nl/?googfc, with a "Not displayed" Overlay status in the ad console.)
>
>
>
> Also, thanks for pointing to the forum post! I just posted a followup there as well, since those warnings showed similar signs of being false positives (as lukasza@ had suspected there). That forum may be a good play to continue any discussion of missing ads, since I'm not sure I'll be able to help with ads specific issues. And apologies again for the false alarms from the CORB warnings, which thankfully go away in Chrome 69.
>
>
>
>
> Hope that helps!
>
> Charlie
>
>
>
>
>
>
>
>
>
>
> On Thu, Jul 12, 2018 at 12:41 AM Tommy Quissens <tommy.q...@storefront.be> wrote:
>
>
>
>
>
> Allright, thanks for reaching out! I’ve tried too but I can’t post on the "DoubleClick Publisher Help Forum”. Other people have reported the issue but until now there’s no response coming from anyone at DFP. (see https://productforums.google.com/forum/?nomobile=true#!topic/dfp/rkpG5EOQhgc;context-place=topicsearchin/dfp/category%243Adfp-premium%7Csort:relevance%7Cspell:false and https://productforums.google.com/forum/#!topic/dfp/rkpG5EOQhgc;context-place=topicsearchin/dfp/corb)
>
>
>
>
> Tommy
>
>
> On 11 Jul 2018, 22:29 +0200, Charlie Reis <cr...@chromium.org>, wrote:
>
>
>
>
> chrome://process-internals

viel...@gmail.com

unread,

Jul 19, 2018, 9:53:09 AM7/19/18

to Site Isolation Development, cr...@chromium.org, tommy.q...@storefront.be, nayo...@gmail.com, wouter...@storefront.be, lus...@google.com, michae...@google.com, naeg...@gmail.com

Hi Guys,
Chipping in as well.
I get the same on :
https://www.dmv-written-test.com/georgia/practice-test-1.html

on the bottom unit. (very bottom below the next button)
Pur Adsense (not through DFP)

Weirdly enough it affects only that particular unit and according to adsense stats I'm loosing around 30 % ad impressions on that unit.

cheers,
Adrien

michae...@google.com

unread,

Jul 23, 2018, 12:13:16 PM7/23/18

to Site Isolation Development, cr...@chromium.org, tommy.q...@storefront.be, nayo...@gmail.com, wouter...@storefront.be, lus...@google.com, michae...@google.com, naeg...@gmail.com, viel...@gmail.com

Adrian,
What stats show you losing 30% ad impressions? Taking a look at the performance of that slot it seems like it has been reasonably consistent since it started getting traffic. Upon a few refreshes, the only time I don't see an ad there is when it hasn't filled. In those cases, I see it attempt to resize/collapse as you have set up for that ad slot.

vidhan...@skynewsarabia.com

unread,

Jul 29, 2018, 8:59:03 AM7/29/18

to Site Isolation Development, nom...@gazeta.pl, ni...@chromium.org

Hi, The ads are blocked on our website too. https://www.skynewsarabia.com/.
The 'Cross-Origin Read Blocking (CORB) blocked cross-origin response' message is getting displayed for all the ad-units on the website.
However, this is affecting only the network ads. Is there a solution for this, please.

thanks,
Vidhan

Łukasz Anforowicz

unread,

Jul 30, 2018, 1:17:38 PM7/30/18

to vidhan...@skynewsarabia.com, Site Isolation Development, nomycna, Nick Carter, Mike Burns

Hello vidhan.shetty@,

I think CORB is not the root cause of the ad problems you are experiencing:

In general, most CORB error messages displayed prior to Chrome 69 are false positives (i.e. they represent cases where CORB blocking is almost a no-op and therefore shouldn't have any impact on the page - see https://crbug.com/844178).
After visiting https://www.skynewsarabia.com/

I don't see any CORB messages (I've tried both 69.0.3497.12 and 68.0.3440.75 with forced site-per-process and CORB features)
I do see "Possibly unhandled rejection: Slot div-gpt-ad-interstitial-inner has not been defined. Define it using DoubleClickProvider.defineSlot()." which seems to say that the ad request was rejected (?).

In case my repro steps were somehow wrong, you can also try reproing from your end to double-check if CORB has any impact on the repro. See https://www.chromium.org/Home/chromium-security/corb-for-developers for flags that may be used to disable CORB. I suspect that the problem will repro both with and without CORB (which would confirm that CORB is not the root cause).

I am sorry I am not able to help you further. Adding Mike Burns <michae...@google.com> from the Ads team to see if they can suggest how to proceed.

-Lukasz

michae...@google.com

unread,

Jul 31, 2018, 12:24:09 PM7/31/18

to Site Isolation Development, vidhan...@skynewsarabia.com, nom...@gazeta.pl, ni...@chromium.org, michae...@google.com

Vidhan,
I see ads being consistently rendered on your page, but maybe I'm missing the issue you are seeing. Can you be more explicit about what is failing and why you think it is CORB related? Is there a specific line item/creative/etc I should be looking for?

On Monday, July 30, 2018 at 1:17:38 PM UTC-4, Łukasz wrote:
> Hello vidhan.shetty@,
>
>
> I think CORB is not the root cause of the ad problems you are experiencing:

> In general, most CORB error messages displayed prior to Chrome 69 are false positives (i.e. they represent cases where CORB blocking is almost a no-op and therefore shouldn't have any impact on the page - see https://crbug.com/844178).After visiting https://www.skynewsarabia.com/I don't see any CORB messages (I've tried both 69.0.3497.12 and 68.0.3440.75 with forced site-per-process and CORB features)I do see "Possibly unhandled rejection: Slot div-gpt-ad-interstitial-inner has not been defined. Define it using DoubleClickProvider.defineSlot()." which seems to say that the ad request was rejected (?).In case my repro steps were somehow wrong, you can also try reproing from your end to double-check if CORB has any impact on the repro. See https://www.chromium.org/Home/chromium-security/corb-for-developers for flags that may be used to disable CORB. I suspect that the problem will repro both with and without CORB (which would confirm that CORB is not the root cause).

Vidhan Shetty

unread,

Aug 2, 2018, 10:06:16 AM8/2/18

to michae...@google.com, Site Isolation Development, nom...@gazeta.pl, ni...@chromium.org

Hello Lucaz & Michael,

Thank you so much for getting back to me on this.

To be more elaborative, we are facing the issue of blank ads from last 2 - 3months with no luck to find a solution.
We are connected with Google Ad exchange. We did not face the issue with the ads displayed from Adx.

However, this issue is faced only when the ads are delivered from our network partners - MMP. Screenshot in attach for your reference. But from last 2 days, I did not see any blank ads appearing on the website.
The ads from MMP are only targeted to Middle East markets.
Line item: MMP_Main_Desktop&Mobile_Sections UPDATED
ID: 4676657227

Line item: MMP_Main_Desktop&Mobile_Homepage_updated
ID: 4679864804

We tried to identify the issue and requested the DFP support team to look into this issue further. Below is the response we received from the team.

The error message on the page 'No access-control-allow-origin-header' is appearing because the Origin header needs to be accepted by site, but not any Google server. Here you'll need to ensure that the required Cross Origin domains are accepted by the server on publisher. The web developers should be able to modify the code and add the access control code to the page, so that the creative can serve on the page. The setup of passing the Cross Origin domains is a customized implementation (Document1 and Document2).
The cross origin validation is set on the page and not the server. It is generally the browser's responsibility to support the headers and honor the restrictions. When a CORS-compatible browser attempts to make a cross-origin request, the browser sends the OPTIONS request with an Origin HTTP header. The value of the header is the domain that served the parent page.
The issue does not deal with Google's approval for these Cross Origin domains. To make the setup as intended, you'll need to set an Origin header, and the server needs to explicitly accept such origin. I've researched externally and found this article which explains about the Cross Origin domains with examples.

https://developers.google.com/interactive-media-ads/docs/sdks/html5/cors
https://www.w3.org/TR/cors/#access-control-request-headers-request-header
https://en.wikipedia.org/wiki/Cross-origin_resource_sharing#Simple_example

Thank you,

Vidhan Shetty
Digital Advertising Operations

Mobile: + 971 56 188 6143
Direct: + 971 2509 1712

Sky News Arabia FZ LLC, Abu Dhabi Media Campus
P.O. Box 77845, Abu Dhabi, United Arab Emirates

Information in this email including any attachments may be privileged, confidential and is intended exclusively for the addressee. The views expressed may not be official policy, but the personal views of the originator. If you have received it in error, please notify the sender by return e-mail and delete it from your system. You should not reproduce, distribute, store, retransmit, use or disclose its contents to anyone. Please note we reserve the right to monitor all e-mail communication through our internal and external networks. Sky News Arabia FZ-LLC is a company incorporated in the Abu Dhabi Media Free Zone, Registration No. 96, with Registered Office PO Box 77845, Abu Dhabi, United Arab Emirates. All SKY trade marks, and any intellectual property they contain, are owned by Sky International AG and used under licence.

MMP_SNA_Screenshot2.png

MMP_SNA_Screenshot1.png

michae...@google.com

unread,

Aug 3, 2018, 1:35:25 PM8/3/18

to Site Isolation Development, michae...@google.com, nom...@gazeta.pl, ni...@chromium.org, vidhan...@skynewsarabia.com

Vidhan,

The problem you are describing sounds like a different issue than the one discussed on this thread (CORS, not CORB). It also sounds like a broken creative, not an ad serving issue from what you have described. Given that it suddenly started working recently, perhaps the ad itself was fixed. Either way, without any reproducible example, I'm afraid there isn't much else I can do to help. If you do have more CORS issues, please consider seeking advice through a different thread/through DoubleClick rather than on this Chrome thread about CORB, given that it is a different issue being investigated.

- Mike

j...@tripledm.com

unread,

Aug 21, 2018, 4:20:07 AM8/21/18

to Site Isolation Development, michae...@google.com, nom...@gazeta.pl, ni...@chromium.org, vidhan...@skynewsarabia.com

I am getting the same errors for a publishers "parser blocking cross site" and "Cross-Origin" and it does not seem to do it for all the tags only one and only when the ads are coming from DFP.
problem is we have a blank ad position for those sections or wherever it displays so a bit frustrating.
Did anyone find a solution?

sweiss...@mackinacpartners.com

unread,

Aug 30, 2018, 12:26:01 PM8/30/18

to Site Isolation Development, nom...@gazeta.pl, ni...@chromium.org, Chris Venable

We are having the same issue with the "A parser-blocking, cross site (i.e. different eTLD+1) script, http://www.googletagservices.com/tag/js/gpt.js, is invoked via document.write." Skyscraper Ads are being rendered by DFP but blocked by Chrome/not displaying. The only thing we can patter to it is when we have a very slightly longer page load (e.g. page with a number of html5 video players) - Chrome blocks the skyscraper Ads. View it here: http://statechampsnetwork.com/?googfc The Ads are rendering fine in non Chrome browsers.

Charlie Reis

unread,

Aug 30, 2018, 1:19:58 PM8/30/18

to sweiss...@mackinacpartners.com, Chromium Site Isolation, nom...@gazeta.pl, Nick Carter, chris....@gmail.com

Note: The "parser-blocking, cross site (i.e. different eTLD+1) script" warning is not the same as what we're discussing here. For more information on that, please see https://developers.google.com/web/updates/2016/08/removing-document-write.

Charlie

Steve Weissenborn

unread,

Aug 30, 2018, 1:37:01 PM8/30/18

to Charlie Reis, Chromium Site Isolation, nom...@gazeta.pl, Nick Carter, chris....@gmail.com

Thanks Charlie…

From: Charlie Reis <cr...@chromium.org>
Sent: Thursday, August 30, 2018 1:20 PM
To: Steve Weissenborn <sweiss...@mackinacpartners.com>
Cc: Chromium Site Isolation <site-isol...@chromium.org>; nom...@gazeta.pl; Nick Carter <ni...@chromium.org>; chris....@gmail.com
Subject: Re: [site-isolation-dev] Re: CORB blocking ads?

Note: The "parser-blocking, cross site (i.e. different eTLD+1) script" warning is not the same as what we're discussing here. For more information on that, please see https://developers.google.com/web/updates/2016/08/removing-document-write.

Charlie

revi...@gmail.com

unread,

Jan 3, 2019, 9:41:18 AM1/3/19

to Site Isolation Development, nom...@gazeta.pl, ni...@chromium.org

On Tuesday, June 26, 2018 at 5:30:46 PM UTC+1, Łukasz wrote:
> Thanks for the heads-up. I've replied to the 2 threads you've linked above, but based on the (little) information provided I do not yet see an example where CORB blocks a legitimate response and is responsible for disrupting a website operation.
>
>
> If there is a website that you think is broken because of a bug in Chrome67, then please open a Chromium bug and provide 1) repro URL, 2) expected and actual/observed behavior. If you think CORB is involved then please also provide 3) URL of the response that you think should not be blocked by CORB, 4) response headers, 5) response body [okay to edit out sensitive information if any]. It is possible to disable CORB (and the bigger Site Isolation feature) using cmdline flags - this is a good way to confirm if CORB (or Site Isolation) are responsible for the expected change in the observed behavior. Details on which cmdline flags to use can be found at
> https://www.chromium.org/Home/chromium-security/corb-for-developers:
>
> If you suspect Chrome is incorrectly blocking a response and that this is disrupting the behavior of a website, please file a Chromium bug describing the incorrectly blocked response (both the headers and body) and/or the URL serving it. You can confirm if a problem is due to CORB by temporarily disabling it, by starting Chrome with the following command line flag:
> --disable-features=CrossSiteDocumentBlockingAlways,CrossSiteDocumentBlockingIfIsolating
> https://www.chromium.org/Home/chromium-security/site-isolation:
> Diagnosing Issues
> If you encounter problems when Site Isolation is enabled, you can try turning it off by undoing the steps above, to see if the problem goes away.
> You can also try opting out of field trials of Site Isolation to diagnose bugs, by visiting chrome://flags#site-isolation-trial-opt-out, choosing "Opt-out (not recommended)," and restarting.
> [...]
> We encourage you to file bugs if you encounter problems when using Site Isolation that go away when disabling it. In the bug report, please describe the problem and mention that you are using Site Isolation.
>
>
>
> On Tue, Jun 26, 2018 at 5:06 AM, nomycna <nom...@gazeta.pl> wrote:
>
> Hi guys,
>
> I saw you've been contributing to CORB explanation page: https://chromium.googlesource.com/chromium/src/+/master/services/network/cross_origin_read_blocking_explainer.md . I assume you might also have some knowledge about its implementation and might be able to give some advice about it. There are multiple people who are having problems with displaying ads on their website. It is supposed to be caused by CORB blocking ads displayed by DFP [1] [2]. I think it might be for some, quite serious issue. Given on Google's help forum usually nobody ever gets help and problems are not escalated, nobody developing chrome/chromium might be aware of the problem. Do you know where and how such issue can be raised?
>
>
>
>
>
> [1] - https://productforums.google.com/forum/?nomobile=true#!topic/dfp/rkpG5EOQhgc;context-place=topicsearchin/dfp/category$3Adfp-premium%7Csort:relevance%7Cspell:false
>
> [2] - https://productforums.google.com/forum/#!topic/dfp/nmLsuBKfoFY
>
>
>
>
>
>
> Thanks,
>
> Andrzej
>
>
>
>

Did the CORB issue ever get resolved? I'm seeing loads of blank ads on one of our sites with the CORB error in the console...

Łukasz Anforowicz

unread,

Jan 3, 2019, 1:19:45 PM1/3/19

to revi...@gmail.com, Site Isolation Development, nomycna, Nick Carter

As far as I know, CORB was a red herring and wasn't the root cause of the past problems.

If you suspect that CORB is a problem, then please:

1. Verify that the issue also happens in other browsers (which currently do not implement CORB)

2. Provide more details about the issue: repro steps, CORB error message, which resource is getting blocked by CORB (is it a 200 response? what is the content type header saying? does the body match the content type header? is there a X-Content-Type-Options: nosniff header?).

Agence Anode

unread,

May 13, 2024, 11:56:48 AMMay 13

to Site Isolation Development, Łukasz Anforowicz, Site Isolation Development, nomycna, Nick Carter, revi...@gmail.com

Hello,

Google Ads requests are being blocked here: https://www.cuisibane.com/. According to the browser, the issue is associated to CORB and this thread is by far the most relevant I found on the subject yet, so I'll try my luck here.
Network tab.png

You can reproduce the issue by simply giving consent in the banner and look for the error in the Network tab. The issue also occurs when adding a product to cart or making a purchase, as these actions trigger requests for conversion tracking. After testing, I can say the issue is present on all browsers and on all devices. It's been here for months now...

We reached Google Ads support multiple times but we could not resolve the issue. Also, our tech team is out of ideas regarding the situation. We really hope someone here will be able to help.

Thank you,

Thomas

Łukasz Anforowicz

unread,

May 13, 2024, 1:11:27 PMMay 13

to Agence Anode, Site Isolation Development, nomycna, Nick Carter, revi...@gmail.com

The HTTP status code is 400 - this seems to be the root cause. (A failed HTTP requests typically returns text/html error message that will be blocked by CORB when cross-origin, but the problem is the error, not CORB).

Łukasz Anforowicz

unread,

May 14, 2024, 12:01:12 PMMay 14

to Agence Anode, Site Isolation Development, nomycna, Nick Carter, revi...@gmail.com

I am sorry, but I am not familiar with how GTM & Google Ads work.

-Łukasz

On Tue, May 14, 2024 at 12:10 AM Agence Anode <mark...@agence-anode.fr> wrote:

Hello Łukasz,

Thank you for the quick answer!

Ok so I was misled by the CORB issue that shows in the browser... Still, how could a Google Ads request be failing while we use a standard implementation? I mean, we are using GTM & Google Ads tags inside of it to do remarketing & conversion tracking. The Google Ads support checked it all and our setup is fine. They could not explain why the request was "blocked", but thanks to you I now know that there is in fact an issue with the request itself.

Any idea?

Thomas

Agence Anode

unread,

May 14, 2024, 12:30:41 PMMay 14

to Site Isolation Development, Łukasz Anforowicz, Site Isolation Development, nomycna, Nick Carter, revi...@gmail.com, Agence Anode

Hello Łukasz,

Thank you for the quick answer!

Ok so I was misled by the CORB issue that shows in the browser... Still, how could a Google Ads request be failing while we use a standard implementation? I mean, we are using GTM & Google Ads tags inside of it to do remarketing & conversion tracking. The Google Ads support checked it all and our setup is fine. They could not explain why the request was "blocked", but thanks to you I now know that there is in fact an issue with the request itself.

Any idea?

Thomas

Le lundi 13 mai 2024 à 19:11:27 UTC+2, Łukasz Anforowicz a écrit :

Reply all

Reply to author

Forward