yoavweiss
commented
1 year ago This sounds like a Chromium issue, rather than a spec issue. ^^ @arichiv
Open mack-branch opened 1 year ago
yoavweiss
commented
1 year ago This sounds like a Chromium issue, rather than a spec issue. ^^ @arichiv
arichiv
commented
1 year ago I'm writing a WPT for this case to verify
arichiv
commented
1 year ago Haven't gotten to a working reproduction but will try again tomorrow here: https://chromium-review.googlesource.com/c/chromium/src/+/4377410
arichiv
commented
1 year ago I was able to reproduce spec-respecting behavior (critical-ch being respected at the end (and/or in the middle) of a redirect chain as long as the chain is cross-origin) in https://chromium-review.googlesource.com/c/chromium/src/+/4377410
I cannot reproduce the issue highlighted in this task and when I try to load the site above it now works. Not sure if something changed on the backend or there was something else going on.
mack-branch
commented
1 year ago Hey @arichiv thanks for looking into this. This was a critical issue for us so we shipped a temporary workaround to our backend in order to preserve user experience. The workaround is to return a 307 redirect to the same link URL along with the critical-ch header, so when Chrome declines to restart and renders the response it will send another request to the same URL. We have seen that in this case, Chrome caches the CH values even though it declines the response, so they are sent when it follows the redirect. However, I'm concerned this is not a long term solution and may lead to infinite redirection, as there is no guarantee that Chrome will send the CH headers when following the 307 redirect...
Its worth mentioning that we have not seen this issue for other cross-origin redirect chains, only for Google Ads (i.e. example1->example2.com works fine but google.com->example2.com does not).
If we need to repro this live, I think we can put a link to a test server in any google ad and click it. Let me know if I can help here.
Is is possible to approach this from an Ads-specific perspective? Is it possible to raise this issue to the Google Ads team? Is it possible there is specific handling for google ads clicks in the CH code, or specific handling of CH on Google Ads clicks?
arichiv
commented
1 year ago @zhengweiwithoutthei could you take a look? It might be some sort of CORS issue.
cameroncooks-branch
commented
1 year ago @arichiv @zhengweiwithoutthei
It looks like this issue has been abandoned, can we pick this up again? The issue still exists
Hello, I work for an ad tech company and we have found some edge cases where the critical-ch restart does not play nicely with redirects between domains, or "wrapped domains". Unfortunately this is a very important and common use case in the ads world, including Google Ads.
Example Google Ads link: https://www.google.com/aclk?sa=L&ai=DChcSEwi-l7XdtPL9AhUR7u0KHQrmDQkYABAAGgJkZw&sig=AOD64_0hvmE49iyDD2sX3y9g3VMWQztshg&q&adurl&ved=2ahUKEwim3a_dtPL9AhXlRkEAHcuQDKgQ0Qx6BAgHEAE
Steps to repro
critical-chheader requesting two critical client hints: platform-version and model.Problem
Expected Result:
Actual Result:
More details
I have not been able to reproduce this with other domains that 302 redirect to each other, it seems specific to Google Ads right now. I can also confirm that only one origin (our server) is requesting a critical hint retry, not multiple.
Please note that since this is a critical issue for us we are urgently working to mitigate this on our end, so this may not be reproducible in the wild after a few days. If this becomes an issue let me know and I can set up a test domain where we can reproduce this issue live.
I have also attached a bunch of screenshots from when I reproduced this issue. It is happening consistently (100% of the time) if the browser doesnt already have the critical hints cached (i.e. new incognito window or clear cache).
Thanks!