Chrome 73 - InboxSDK does not work - CORB Issue

1,183 views
Skip to first unread message

Raphaël

unread,
Feb 22, 2019, 5:59:43 AM2/22/19
to InboxSDK
Hi Inbox SDK team,

We are facing an issue with the upcoming version of chrome (beta 73)
The inboxSDK does not load at all. The reason behind is that it does a request to 



And this request succeed but have no response because it is blocked by CORB. It seems to be due to a change in https://chromium.googlesource.com/chromium/src/+/2d3f85193a309457c923e1edc053c5d7a9d214e6

Do you have any suggestions about that ?

Cheers

Chris Cowan

unread,
Feb 22, 2019, 5:21:37 PM2/22/19
to InboxSDK
I don't think the InboxSDK should be attempting that URL. Are there other extensions present? Does that URL still get accessed when the InboxSDK extension isn't present? Is Gmail loading correctly other than that? Do any errors from the InboxSDK appear in the console if you wait a few minutes? (The InboxSDK generally logs some errors if it can't recognize any expected elements on the page within a few minutes.)

Chrome devtools will attribute many network requests made by Gmail to InboxSDK code because of the way the InboxSDK intercepts Gmail network requests. Is anything other than that connecting this request to the InboxSDK?

The InboxSDK attempts to load https://www.inboxsdk.com/build/platform-implementation.js at start and shouldn't need any further network requests to initialize. It will make some requests to a https://pubsub.googleapis.com URL to log some basic usage data, but the InboxSDK shouldn't fail if that request fails.

RSK

unread,
Feb 26, 2019, 2:26:44 AM2/26/19
to InboxSDK
Hello InboxSDK Team,

I observed that InboxSDK based Chrome extension is not working on Chrome Beta version 73.0.3683.46 on Windows machine.
It is giving below error message in the console. 

"Error logged: SyntaxError: Unexpected end of JSON input

log-error.js:106 Error logged: SyntaxError: Unexpected end of JSON input
    at JSON.parse (<anonymous>)
    at eval (logger.js:501)
    at r (runtime.js:62)
    at Generator.eval [as _invoke] (runtime.js:288)
    at Generator.e.(/mail/u/0/anonymous function) [as next] (https://www.inboxsdk.com/build/platform-implementation.js:72:1212)
    at r (asyncToGenerator.js:5)
    at a (asyncToGenerator.js:27) 

Original error stack:
SyntaxError: Unexpected end of JSON input
    at JSON.parse (<anonymous>)
    at Generator.e.(anonymous function) [as next] (https://www.inboxsdk.com/build/platform-implementation.js:72:1212)

Error logged from:

ajax.js:116 Cross-Origin Read Blocking (CORB) blocked cross-origin response https://www.inboxsdk.com/api/v2/events/oauth with MIME type application/json. See https://www.chromestatus.com/feature/5629709824032768 for more details.

ajax.js:116 Cross-Origin Read Blocking (CORB) blocked cross-origin response https://www.inboxsdk.com/api/v2/errors with MIME type application/json. See https://www.chromestatus.com/feature/5629709824032768 for more details.

About Chrome 73:
As per chrome official documentation on Chrome 73 (Refer the Link - https://developer.chrome.com/apps/xhr) Cross-origin permission might be creating problem,

"Regular web pages can use the XMLHttpRequest object to send and receive data from remote servers, but they're limited by the same origin policy (and since Chrome 73 content scripts are also subject to the same restrictions as the web page they are injected into). Extensions aren't so limited - a script executing in an extension's origin can talk to remote servers outside of its origin, as long as the extension requests cross-origin permissions."

Summary: 
As per my analysis Chrome 73 is having restriction CORB restriction which might be causing the issue.

Could you please let me know any workaround like adding permission for "content_security_policy" will fix this issue.
Please share your thoughts.

Thanks in Advance,
RSK

tristan....@bananatag.com

unread,
Feb 26, 2019, 12:41:14 PM2/26/19
to InboxSDK
I am observing the exact same errors as RSK in inboxSDK loaded in a chrome extension.

As I understand it, the change specifically relates to extension content scripts.

This page explains the changes as they relate to extensions. (http://dev.chromium.org/Home/chromium-security/extension-content-script-fetches) 

When web pages request cross-origin data with fetch or XHR APIs, the response is denied unless CORS headers allow it.  In contrast, extension content scripts have traditionally been able to fetch cross-origin data from any origins listed in their extension's permissions, regardless of the origin that the content script is running within.

We've had to move some cross-origin requests from our own content scripts to background scripts to allow them to go through. I don't know how to solve this for inboxSDK, as it needs to have access to the DOM.

As a side note: the JSON parsing error happens because when the cross-origin response gets blocked, inboxSDK tries to parse an empty string as JSON, which throws an error.

Chris Cowan

unread,
Feb 27, 2019, 8:33:07 PM2/27/19
to InboxSDK
We'll have a fix out for these errors soon. It has to do with Chrome 73's new cross-origin blocking in extensions behavior.

These errors shouldn't be blocking the InboxSDK from initializing. The InboxSDK.load promise should still resolve and the InboxSDK functionality should still work. Let me know if some functionality seems impacted. (Simple test: running this in the Javascript console while the extension context is active should print a message: InboxSDK.load(2, 'something').then(sdk => console.log('loaded', sdk));  )


On Monday, February 25, 2019 at 11:26:44 PM UTC-8, RSK wrote:

Aaron H

unread,
Mar 19, 2019, 3:42:35 PM3/19/19
to InboxSDK
Any updates on this?

We started having this (or a similar issue) in the last few days.

XMLHTTPRequest calls fail and get no response.

This bug is only present on version 73 with the network service flag enabled. If i disable the flag, the error goes away.

Any help on this will greatly appreciated.

Chris Cowan

unread,
Mar 19, 2019, 8:46:53 PM3/19/19
to InboxSDK
Is this error in the console the only issue you're seeing?

>Cross-Origin Read Blocking (CORB) blocked cross-origin response https://pubsub.googleapis.com/v1/projects/mailfoogae/topics/events:publish?key=AIzaSyAwlvUR2x3OnCeas8hW8NDzVMswL5hZGg8 with MIME type application/json. See https://www.chromestatus.com/feature/5629709824032768 for more details.

This warning shouldn't impact the functionality of the InboxSDK at all. We're working on fixing that warning.

Aaron H

unread,
Mar 20, 2019, 11:38:05 AM3/20/19
to InboxSDK
Hi Chris,

We are not getting any response to the XMLHTTPRequest calls. See https://www.screencast.com/t/A8k9PKhQGHKY

Steps to reproduce the problem:
1. Install the following Chrome extension from the store: https://chrome.google.com/webstore/detail/rebump-automated-follow-u/gbohoafagnlmidmhhpfdnmfpodhohaad
2. Go to Gmail and click on the "Rebump" icon. An empty white rectangle will appear next to the link
3. Open the console and multiple javascript errors will show up

Olivier Droz

unread,
Mar 20, 2019, 12:00:50 PM3/20/19
to Aaron H, InboxSDK
Hi Aaron, 
I believe that you are making some calls to your API from the content script rather than executing them from the background page. 
Here is some documentation from the chromium page to show you how to use message passing from the content script to the background. 

What the chromium might to is whitelist your application until Q2 2019 allowing you some time to fix the CORB issues without blocking your app.

I hope this helps. 

Olivier

>> Going Out-of-Office over holidays? Check our tips on writing a super OOO message (share if you like!)

http://www.saleswingsapp.com/how-to/3-useful-out-of-office-message-sales-tips/


 

SalesWings has been selected as a TOP SALES TOOL by smartsellingtools.com


Olivier Droz
CTO & Co-Founder
USA:       +1 216 242 1338
Europe:   +44 203 813 9693
Mobile     +41 76 414 55 32



SD Technologies SA
Route de la Feuillère 29
1010 Lausanne
Switzerland




--
You received this message because you are subscribed to the Google Groups "InboxSDK" group.
To unsubscribe from this group and stop receiving emails from it, send an email to inboxsdk+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/inboxsdk/0df58625-1db0-41ac-923f-da7a13237401%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Aaron H

unread,
Mar 27, 2019, 3:27:48 PM3/27/19
to InboxSDK
Thanks Oliver. I will have our developers look into this.

Karan Shah

unread,
Mar 28, 2019, 10:26:20 AM3/28/19
to InboxSDK
So can we load inboxsdk using background script? I have tried but I am not able to do it.
To unsubscribe from this group and stop receiving emails from it, send an email to inbo...@googlegroups.com.

Chris Cowan

unread,
Mar 28, 2019, 5:44:06 PM3/28/19
to InboxSDK
You shouldn't need to change how the InboxSDK loads. If your extension makes its own network requests, then those might need to change.

Karan Shah

unread,
Mar 28, 2019, 10:30:51 PM3/28/19
to InboxSDK
The InboxSDK attempts to load https://www.inboxsdk.com/build/platform-implementation.js at start from content script which will be blocked right?

Lockmagic Dev

unread,
Mar 30, 2019, 1:40:31 AM3/30/19
to InboxSDK
Hi Chris,

I'm running into this issue with access html file attachments. The ajax call to fetch the attachment content using the getDownloadUrl() for html files is blocked due to CORB. 

Here is a snippet from the console

Read Blocking (CORB) blocked cross-origin response https://mail-attachment.googleusercontent.com/attachment/u/0/.......

Any ideas how to solve this?

Thanks in advance,
Lockmagic

geet mehar

unread,
Apr 4, 2019, 6:02:39 PM4/4/19
to InboxSDK

Untitled.png

I am facing the same error and inboxsdk is not getting initiated due to blocking by CORS.

Please see the inserted image for the error in console. This happened at the line where inboxsdk is getting initiated.

cla...@loom.com

unread,
Apr 8, 2019, 3:50:17 PM4/8/19
to InboxSDK
Any updates on this side?
My chrome extension doesn't currently work because of this CORB issue:

SyntaxError: Unexpected end of JSON input
    at JSON.parse (<anonymous>)
    at Generator.e.(anonymous function) [as next] (https://www.inboxsdk.com/build/platform-implementation.js:72:1212)

Error logged from:

https://www.inboxsdk.com/api/v2/events/oauth comes out empty and when the inboxsdk library tries to parse the json it errors out (empty string)

Jochen Bedersdorfer

unread,
Apr 10, 2019, 6:48:34 PM4/10/19
to InboxSDK
I just fixed our chrome extension to work with 73.

You need to move all code that makes Ajax calls to your backend to the background page.
Using chrome.runtime.sendMessage to ask your background.js to do the fetching.

SendMessage allows for a reponse handler which the background.js can use to return data to your content.js

Ping me if you need example code.

geet mehar

unread,
Apr 10, 2019, 7:16:19 PM4/10/19
to Jochen Bedersdorfer, InboxSDK
Hey All,

Forgot to update. I have done something similar and seems to be working. You need to be good at chrome messaging between eventpage/background script and contentscript.

As Chris has mentioned, the issue isn't really with inboxsdk. Although I see warning but not anything that stops initiation of inboxsdk.

--
You received this message because you are subscribed to a topic in the Google Groups "InboxSDK" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/inboxsdk/LT2JocCapmo/unsubscribe.
To unsubscribe from this group and all its topics, send an email to inboxsdk+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/inboxsdk/acc16c5d-2f4b-4808-96f9-6ac5467e1378%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.


--
Regards,
Geet Mehar

Igor Matkovic

unread,
Apr 19, 2019, 5:33:29 PM4/19/19
to InboxSDK
I tried to do the same without any luck.

I ended up deleting our entire App and just loading this. it loaded but it threw an error

InboxSDK.load('2', 'XXXXXXXX').then(function (results) {
        console.log('LOADED');
});


But I still get the same error.

geet mehar

unread,
Apr 20, 2019, 9:56:10 AM4/20/19
to Igor Matkovic, InboxSDK
Can u share screenshot of the error?

--
You received this message because you are subscribed to a topic in the Google Groups "InboxSDK" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/inboxsdk/LT2JocCapmo/unsubscribe.
To unsubscribe from this group and all its topics, send an email to inboxsdk+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/inboxsdk/a28cf65d-b880-4a0f-b994-f20ee054640a%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.


--
Regards,
Geet Mehar

Igor Matkovic

unread,
Apr 22, 2019, 11:55:28 AM4/22/19
to InboxSDK
Error logged: SyntaxError: Unexpected end of JSON input
    at JSON.parse (<anonymous>)
    at eval (platform-implementation.js:101)
    at r (platform-implementation.js:72)
    at Generator.eval [as _invoke] (platform-implementation.js:72)
    at Generator.e.(/mail/u/0/anonymous function) [as next] (https://www.inboxsdk.com/build/platform-implementation.js:72:1212)
    at r (platform-implementation.js:19)
    at a (platform-implementation.js:19) 

Original error stack:
SyntaxError: Unexpected end of JSON input
    at JSON.parse (<anonymous>)
    at Generator.e.(anonymous function) [as next] (https://www.inboxsdk.com/build/platform-implementation.js:72:1212)

Error logged from:

Error details: {type: "Failed to log events"} 

Extension App Ids: [
  {
    "appId": "**********"
  }
Sent by App: false 
Session Id: 1555948331101-0.9277795230558858 
Extension Id: chrome-extension://**********
InboxSDK Loader Version: 0.7.24-1484787998857-c248fbb55be579d3 
InboxSDK Implementation Version: 0.7.24-1555873934804-271266b22f2071fb 
Is Using Sync API: true 
Is Using Material Gmail UI: true

On Saturday, April 20, 2019 at 6:56:10 AM UTC-7, geet mehar wrote:
Can u share screenshot of the error?

On Sat, Apr 20, 2019 at 3:03 AM Igor Matkovic <mla...@gmail.com> wrote:
I tried to do the same without any luck.

I ended up deleting our entire App and just loading this. it loaded but it threw an error

InboxSDK.load('2', 'XXXXXXXX').then(function (results) {
        console.log('LOADED');
});


But I still get the same error.


On Wednesday, April 10, 2019 at 3:48:34 PM UTC-7, Jochen Bedersdorfer wrote:
I just fixed our chrome extension to work with 73.

You need to move all code that makes Ajax calls to your backend to the background page.
Using chrome.runtime.sendMessage to ask your background.js to do the fetching.

SendMessage allows for a reponse handler which the background.js can use to return data to your content.js

Ping me if you need example code.

--
You received this message because you are subscribed to a topic in the Google Groups "InboxSDK" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/inboxsdk/LT2JocCapmo/unsubscribe.
To unsubscribe from this group and all its topics, send an email to inbo...@googlegroups.com.


--
Regards,
Geet Mehar

bhuvan...@gmail.com

unread,
May 1, 2019, 9:32:32 AM5/1/19
to InboxSDK
please provide sample code.

bhuvan...@gmail.com

unread,
May 1, 2019, 9:53:59 AM5/1/19
to InboxSDK
Any updates on this?

Pat Walls

unread,
May 4, 2019, 2:59:08 AM5/4/19
to InboxSDK
I am also experiencing this. I have moved all my ajax calls to background scripts so it seems to be something with how the inboxsdk script is loaded? I'm doing essentially what it recommended in the docs (and loading a remote JS file).

timely gsuite

unread,
Jul 18, 2020, 10:41:47 AM7/18/20
to InboxSDK
  1. I am also facing same issue with InboxSDK, getting error in Chrome console, Kindly help 

  3. POST API : https://pubsub.googleapis.com/v1/projects/mailfoogae/topics/events:publish?key=AIzaSyAwlvUR2x3OnCeas8hW8NDzVMswL5hZGg8

  5. Header: Authorization Bearer ya29.c.Kl62B00BffCJGs3rq3TSX-Hm7jBX-QhMDNFa_zfPg38K4mEvtji4VmC5Lp4ytu24WRZYVDkkHWbKv9XOGgPEXNIjKmTdhN5m3Is4WW-CsImq5X4uEiQYSastT01oL6JF

  7. Response {
      "error": {
        "code"401,
        "message""Request had invalid authentication credentials. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.",
        "status""UNAUTHENTICATED"
      }
    }
Reply all
Reply to author
Forward
0 new messages