Options Call is failing with Kerberos Authentication

Having problems with building or using CEF's C/C++ APIs? This forum is here to help. Please do not post bug reports or feature requests here.

Options Call is failing with Kerberos Authentication

Postby vinayk » Tue Sep 14, 2021 6:29 am

Hi All,

With the 88.0.4324.182 version of CEF, I'm seeing a problem wherein Options Call (Preflight) is failed with Kerberos Authentication. The DevTools show a "net::ERR_FAILED" error in the console for the Options and POST calls. All the CORS related network calls which involve Preflight calls are being affected by this.

The issue is not happening with Chrome and also works fine in CEF when the proxy is disabled.

I tried checking the browser's network events (chrome://net-export/#), and I observed the following differences between Chrome and CEF.
1. In the case of Chrome, the first request for options is failed with ERR_PROXY_AUTH_REQUESTED and then auth token is generated and another request is sent.
2. In the case of CEF, the first request for options is being failed with ERR_PROXY_AUTH_REQUESTED, but after this auth token is not generated and also another request is not sent again.

This was also working fine in v83 of CEF with --disable-features=OutOfBlinkCors. This issue is also reproducible in the 92.0.4515.131 version of CEF.

Can someone please help in debugging this issue? Thanks in Advance.


Observing the following network log (created with chrome://net-export) in case of CEF:

Code: Select all
3947: URL_REQUEST
https://instantmessaging-pa.googleapis.com/$rpc/google.internal.communications.instantmessaging.v1.Messaging/Echo
Start Time: 2021-09-14 16:39:10.499

t=13594 [st=  0] +REQUEST_ALIVE  [dt=166]
                  --> priority = "MEDIUM"
                  --> traffic_annotation = 101845102
                  --> url = "https://instantmessaging-pa.googleapis.com/$rpc/google.internal.communications.instantmessaging.v1.Messaging/Echo"
t=13594 [st=  0]    NETWORK_DELEGATE_BEFORE_URL_REQUEST  [dt=0]
t=13594 [st=  0]   +URL_REQUEST_START_JOB  [dt=166]
                    --> initiator = "https://messages.google.com"
                    --> load_flags = 66 (BYPASS_CACHE | DO_NOT_SAVE_COOKIES)
                    --> method = "OPTIONS"
                    --> network_isolation_key = "https://google.com https://google.com"
                    --> privacy_mode = "enabled"
                    --> site_for_cookies = "SiteForCookies: {scheme=; registrable_domain=; schemefully_same=false}"
                    --> url = "https://instantmessaging-pa.googleapis.com/$rpc/google.internal.communications.instantmessaging.v1.Messaging/Echo"
t=13594 [st=  0]      NETWORK_DELEGATE_BEFORE_START_TRANSACTION  [dt=1]
t=13595 [st=  1]      HTTP_CACHE_GET_BACKEND  [dt=0]
t=13595 [st=  1]     +HTTP_STREAM_REQUEST  [dt=165]
t=13595 [st=  1]        HTTP_STREAM_JOB_CONTROLLER_BOUND
                        --> source_dependency = 3948 (HTTP_STREAM_JOB_CONTROLLER)
t=13760 [st=166]        HTTP_STREAM_REQUEST_BOUND_TO_JOB
                        --> source_dependency = 3949 (HTTP_STREAM_JOB)
t=13760 [st=166]        NETWORK_DELEGATE_HEADERS_RECEIVED  [dt=0]
t=13760 [st=166]        NETWORK_DELEGATE_BEFORE_START_TRANSACTION  [dt=0]
t=13760 [st=166]        CANCELLED
t=13760 [st=166]     -HTTP_STREAM_REQUEST
t=13760 [st=166] -REQUEST_ALIVE
vinayk
Techie
 
Posts: 12
Joined: Thu Feb 13, 2020 7:46 am

Re: Options Call is failing with Kerberos Authentication

Postby vinayk » Wed Sep 15, 2021 11:17 am

This issue looks similar to https://magpcss.org/ceforum/viewtopic.php?f=6&t=18321

In both the current issue and the above issue, the Options call is failing.

Also, the |pass_through| workaround seems to be fixing the current issue, but we can't use this workaround as we need custom request handling.

Can someone help me with this issue? Thanks.
vinayk
Techie
 
Posts: 12
Joined: Thu Feb 13, 2020 7:46 am


Return to Support Forum

Who is online

Users browsing this forum: No registered users and 39 guests