Sunday, February 25, 2018

Edge cross-domain request via HTTPS

Leave a Comment

I'm trying to make an Edge extension, which would communicate with another server than origin of the web page. However the communication seems to fail.

I read about issues with cross-domain requests when origin is external and cross-domain request target is in intranet. So I've exposed the intranet server to the internet. But this didn't help.

I tried to run as simplest fetch() as possible and got this result:

fetch("https://fake.domain.info/api/browser/authenticate/").then((response) => {console.log(response);}).catch((error) => {console.log(error);})

[object Promise]: {}

[object Error]: {description: "Failed to fetch", message: "Failed to fetch", number: -2147418113}

I checked network traffic in debug window and found out strange record:

Name Protocol Method Result Content type Received Time Initiator https://fake.domain.info/api/browser/authenticate/ HTTPS GET 200 (from cache) 0 s

I don't really understand why "(from cache)" appears. So inspected request with WireShark. What I've found out is this:

61 3.004629 xxx.xxx.xxx.xxx 192.168.124.144 TLSv1.2 501 Server Hello, Certificate, Server Key Exchange, Server Hello Done

62 3.004666 192.168.124.144 xxx.xxx.xxx.xxx TCP 54 51965 → 443 [ACK] Seq=207 Ack=1908 Win=261632 Len=0

...

86 3.010645 192.168.124.144 xxx.xxx.xxx.xxx TCP 54 51965 → 443 [FIN, ACK] Seq=207 Ack=1908 Win=261632 Len=0

87 3.011785 xxx.xxx.xxx.xxx 192.168.124.144 TCP 60 443 → 51965 [ACK] Seq=1908 Ack=208 Win=65536 Len=0

...

89 3.012215 xxx.xxx.xxx.xxx 192.168.124.144 TCP 60 443 → 51965 [RST, ACK] Seq=1908 Ack=208 Win=0 Len=0

I don't understand why the connection is reset right after the TLS handshake. Opening the web page works fine. I've checked it with WireShark and found out first connection is closed same way right after the TLS handshake but new one is created immediately and traffic goes via this one without problems.

I checked server side logs - no issues where registered. As well as no HTTP requests were logged.

When I tried to run same request via plain HTTP it worked fine:

fetch("http://fake.domain.info/api/browser/authenticate/").then((response) => {console.log(response);}).catch((error) => {console.log(error);})

[object Promise]: {}

[object Response]: {body: Object, bodyUsed: false, headers: Object, ok: false, redirected: false...}

HTTP 404 is returned as expected

So I see the problem is related to TLS connection.

Another thing: the problem occurs only when doing it in Edge. When doing it in Firefox, it works fine:

fetch("https://fake.domain.info/api/browser/authenticate/").then((response) => {console.log(response);}).catch((error) => {console.log(error);})

Promise { : "pending" }

Response { type: "basic", url: "https://fake.domain.info/api/brows…", redirected: false, status: 404, ok: false, statusText: "[{"errors":[{"message":"Invalid API…", headers: Headers, bodyUsed: false }

And I checked traffic in WireShark when running request from Firefox - the connection after the TLS handshake isn't closed but the application data is sent right away.

Is it some known Edge behavior and is there any way to fix it? Could it be some server misconfiguration?

0 Answers

If You Enjoyed This, Take 5 Seconds To Share It

0 comments:

Post a Comment