Closed phistuck closed 4 years ago
I'm facing the exact same errors. Are you sitting behind any kind of proxy?
@Huppys - no, but this seems fixed for me at the moment (Chrome canary 73.0.3630.0).
I guess Chrome improved its algorithm for sending those x-client-data
headers to not send them in CORS-sensitive requests.
I'm seeing this same problem all of a sudden with Version 76.0.3809.100 (Official Build) (64-bit).
The pages render fine when opened with Incognito
@khambadkone - can you paste the errors from the console of the Developer Tools?
For example, on accessing https://firebase.google.com/support/troubleshooter/report/bugs/
we see the following :
Access to fetch at 'https://fonts.gstatic.com/s/materialicons/v48/flUhRq6tzZclQEJ-Vdg-IuiaDsNcIhQ8tQ.woff2' from origin 'https://firebase.google.com' has been blocked by CORS policy: Request header field pragma is not allowed by Access-Control-Allow-Headers in preflight response.
5The FetchEvent for "
I cannot reproduce (I tried F5, Control+F5, disabling cache in the Developer Tools...), but anyway, the Firebase documentation is off topic for the Web Fundamentals repository...
For what its worth, Im seeing this same issue with
Version 76.0.3809.132 (Official Build) (64-bit)
It's happening for a few sites, including all of the examples listed in this issue.
@erickertz - do you get the exact error that @khambadkone mentioned (pragma, not x-client-data)?
Does it reproduce in incognito mode as well? (If not, an extension that you use might be adding this header)
Akamai's chrome plugin for testing their CDN was causing my issue. On disabling it, the site loaded fine
On Wed, 28 Aug, 2019, 6:45 PM PhistucK, notifications@github.com wrote:
@erickertz https://github.com/erickertz - do you get the exact error that @khambadkone https://github.com/khambadkone mentioned (pragma, not x-client-data)?
Does it reproduce in incognito mode as well? (If not, an extension that you use might be adding this header)
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/google/WebFundamentals/issues/6881?email_source=notifications&email_token=AAP4WUWORK4GYJP472K4U4DQGZ26PA5CNFSM4GGH3YB2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD5LCOOI#issuecomment-525739833, or mute the thread https://github.com/notifications/unsubscribe-auth/AAP4WUSBCMRJEXKA4LFQH5TQGZ26PANCNFSM4GGH3YBQ .
@phistuck @khambadkone it was the Akamai plugin causing the issue for me as well. Thanks!
Page Affected: https://developers.google.com/web/updates/2017/10/using-twa
What needs to be done? The fonts are blocked, so the page looks like this -
I guess Chrome 72 sends an
x-client-data
HTTP header to Google related entities, which results in many CORS related errors (fixable by allowing that header, I guess) -Access to font at 'https://fonts.gstatic.com/s/googlesans/v9/4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2' from origin 'https://developers.google.com' has been blocked by CORS policy: Request header field x-client-data is not allowed by Access-Control-Allow-Headers in preflight response. 4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2:1 Failed to load resource: net::ERR_FAILED using-twa:1 Access to font at 'https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2' from origin 'https://developers.google.com' has been blocked by CORS policy: Request header field x-client-data is not allowed by Access-Control-Allow-Headers in preflight response. KFOmCnqEu92Fr1Mu4mxK.woff2:1 Failed to load resource: net::ERR_FAILED using-twa:1 Access to font at 'https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2' from origin 'https://developers.google.com' has been blocked by CORS policy: Request header field x-client-data is not allowed by Access-Control-Allow-Headers in preflight response. KFOlCnqEu92Fr1MmEU9fBBc4.woff2:1 Failed to load resource: net::ERR_FAILED using-twa:1 Access to font at 'https://fonts.gstatic.com/s/materialicons/v41/flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2' from origin 'https://developers.google.com' has been blocked by CORS policy: Request header field x-client-data is not allowed by Access-Control-Allow-Headers in preflight response. flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2:1 Failed to load resource: net::ERR_FAILED using-twa:1 Access to font at 'https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmWUlfBBc4.woff2' from origin 'https://developers.google.com' has been blocked by CORS policy: Request header field x-client-data is not allowed by Access-Control-Allow-Headers in preflight response. KFOlCnqEu92Fr1MmWUlfBBc4.woff2:1 Failed to load resource: net::ERR_FAILED using-twa:1 Access to font at 'https://fonts.gstatic.com/s/roboto/v18/KFOkCnqEu92Fr1Mu51xIIzI.woff2' from origin 'https://developers.google.com' has been blocked by CORS policy: Request header field x-client-data is not allowed by Access-Control-Allow-Headers in preflight response. KFOkCnqEu92Fr1Mu51xIIzI.woff2:1 Failed to load resource: net::ERR_FAILED using-twa:1 Access to font at 'https://fonts.gstatic.com/s/robotomono/v5/L0xkDF4xlVMF-BfR8bXMIjC4iGqxf78.woff2' from origin 'https://developers.google.com' has been blocked by CORS policy: Request header field x-client-data is not allowed by Access-Control-Allow-Headers in preflight response. L0xkDF4xlVMF-BfR8bXMIjC4iGqxf78.woff2:1 Failed to load resource: net::ERR_FAILED using-twa:1 Access to font at 'https://fonts.gstatic.com/s/robotomono/v5/L0x5DF4xlVMF-BfR8bXMIjhLq38.woff2' from origin 'https://developers.google.com' has been blocked by CORS policy: Request header field x-client-data is not allowed by Access-Control-Allow-Headers in preflight response. L0x5DF4xlVMF-BfR8bXMIjhLq38.woff2:1 Failed to load resource: net::ERR_FAILED using-twa:1 Access to font at 'https://fonts.gstatic.com/s/robotomono/v5/L0xkDF4xlVMF-BfR8bXMIjDwjmqxf78.woff2' from origin 'https://developers.google.com' has been blocked by CORS policy: Request header field x-client-data is not allowed by Access-Control-Allow-Headers in preflight response. L0xkDF4xlVMF-BfR8bXMIjDwjmqxf78.woff2:1 Failed to load resource: net::ERR_FAILED using-twa:1 Access to font at 'https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fABc4EsA.woff2' from origin 'https://developers.google.com' has been blocked by CORS policy: Request header field x-client-data is not allowed by Access-Control-Allow-Headers in preflight response. KFOlCnqEu92Fr1MmEU9fABc4EsA.woff2:1 Failed to load resource: net::ERR_FAILED TCgT8dzSiU8?autohide=1&showinfo=0&enablejsapi=1:1 Access to XMLHttpRequest at 'https://googleads.g.doubleclick.net/pagead/id' from origin 'https://www.youtube.com' has been blocked by CORS policy: Request header field x-client-data is not allowed by Access-Control-Allow-Headers in preflight response. googleads.g.doubleclick.net/pagead/id:1 Failed to load resource: net::ERRFAILED using-twa:1 Access to XMLHttpRequest at 'https://ogs.google.com/u/0//og/botguard/get?rt=j&sourceid=331' from origin 'https://developers.google.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. ogs.google.com/u/0/_/og/botguard/get?rt=j&sourceid=331:1 Failed to load resource: net::ERR_FAILED content.min.js:2 [Deprecation] Element.createShadowRoot is deprecated and will be removed in M73, around March 2019. Please use Element.attachShadow instead. See https://www.chromestatus.com/features/4507242028072960 for more details. (anonymous) @ content.min.js:2 TCgT8dzSiU8?autohide=1&showinfo=0&enablejsapi=1:1 Access to XMLHttpRequest at 'https://googleads.g.doubleclick.net/pagead/id' from origin 'https://www.youtube.com' has been blocked by CORS policy: Request header field x-client-data is not allowed by Access-Control-Allow-Headers in preflight response. googleads.g.doubleclick.net/pagead/id:1 Failed to load resource: net::ERRFAILED apis.google.com/u/0//widget/render/comments?usegapi=1&href=https%3A%2F%2Fdevelopers.google.com%2Fweb%2Fupdates%2F2017%2F10%2Fusing-twa&width=805&first_party_property=BLOGGER&view_type=FILTEREDPOSTMOD&hl=en&origin=https%3A%2F%2Fdevelopers.google.com&search=&hash=&gsrc=3p&jsh=m%3B%2F%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.gapi.en.CUp85wbT4DI.O%2Frt%3Dj%2Fd%3D1%2Frs%3DAHpOoo-XBQda2DFvo9hxbj_dGnCV84SJMA%2Fm%3Dfeatures#_methods=onPlusOne%2C_ready%2C_close%2C_open%2C_resizeMe%2C_renderstart%2Concircled%2Cdrefresh%2Cerefresh%2Cscroll%2Copenwindow&id=I0_1543165255252&_gfid=I0_1543165255252&parent=https%3A%2F%2Fdevelopers.google.com&pfname=&rpctoken=28904081:1 Active resource loading counts reached a per-frame limit while the tab was in background. Network requests will be delayed until a previous loading finishes, or the tab is brought to the foreground. See https://www.chromestatus.com/feature/5527160148197376 for more details content.min.js:2 [Deprecation] Element.createShadowRoot is deprecated and will be removed in M73, around March 2019. Please use Element.attachShadow instead. See https://www.chromestatus.com/features/4507242028072960 for more details. (anonymous) @ content.min.js:2 content.min.js:2 [Deprecation] Element.createShadowRoot is deprecated and will be removed in M73, around March 2019. Please use Element.attachShadow instead. See https://www.chromestatus.com/features/4507242028072960 for more details. (anonymous) @ content.min.js:2 TCgT8dzSiU8?autohide=1&showinfo=0&enablejsapi=1:1 Access to font at 'https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2' from origin 'https://www.youtube.com' has been blocked by CORS policy: Request header field x-client-data is not allowed by Access-Control-Allow-Headers in preflight response. KFOmCnqEu92Fr1Mu4mxK.woff2:1 Failed to load resource: net::ERRFAILED apis.google.com/u/0//widget/render/comments?usegapi=1&href=https%3A%2F%2Fdevelopers.google.com%2Fweb%2Fupdates%2F2017%2F10%2Fusing-twa&width=805&first_party_property=BLOGGER&view_type=FILTEREDPOSTMOD&hl=en&origin=https%3A%2F%2Fdevelopers.google.com&search=&hash=&gsrc=3p&jsh=m%3B%2F%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.gapi.en.CUp85wbT4DI.O%2Frt%3Dj%2Fd%3D1%2Frs%3DAHpOoo-XBQda2DFvo9hxbj_dGnCV84SJMA%2Fm%3Dfeatures#_methods=onPlusOne%2C_ready%2C_close%2C_open%2C_resizeMe%2C_renderstart%2Concircled%2Cdrefresh%2Cerefresh%2Cscroll%2Copenwindow&id=I0_1543165255252&_gfid=I0_1543165255252&parent=https%3A%2F%2Fdevelopers.google.com&pfname=&rpctoken=28904081:1 Access to font at 'https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2' from origin 'https://apis.google.com' has been blocked by CORS policy: Request header field x-client-data is not allowed by Access-Control-Allow-Headers in preflight response. KFOmCnqEu92Fr1Mu4mxK.woff2:1 Failed to load resource: net::ERRFAILED apis.google.com/u/0//widget/render/comments?usegapi=1&href=https%3A%2F%2Fdevelopers.google.com%2Fweb%2Fupdates%2F2017%2F10%2Fusing-twa&width=805&first_party_property=BLOGGER&view_type=FILTEREDPOSTMOD&hl=en&origin=https%3A%2F%2Fdevelopers.google.com&search=&hash=&gsrc=3p&jsh=m%3B%2F%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.gapi.en.CUp85wbT4DI.O%2Frt%3Dj%2Fd%3D1%2Frs%3DAHpOoo-XBQda2DFvo9hxbj_dGnCV84SJMA%2Fm%3Dfeatures#_methods=onPlusOne%2C_ready%2C_close%2C_open%2C_resizeMe%2C_renderstart%2Concircled%2Cdrefresh%2Cerefresh%2Cscroll%2Copenwindow&id=I0_1543165255252&_gfid=I0_1543165255252&parent=https%3A%2F%2Fdevelopers.google.com&pfname=&rpctoken=28904081:1 Access to font at 'https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmWUlfBBc4.woff2' from origin 'https://apis.google.com' has been blocked by CORS policy: Request header field x-client-data is not allowed by Access-Control-Allow-Headers in preflight response. KFOlCnqEu92Fr1MmWUlfBBc4.woff2:1 Failed to load resource: net::ERRFAILED apis.google.com/u/0//widget/render/comments?usegapi=1&href=https%3A%2F%2Fdevelopers.google.com%2Fweb%2Fupdates%2F2017%2F10%2Fusing-twa&width=805&first_party_property=BLOGGER&view_type=FILTEREDPOSTMOD&hl=en&origin=https%3A%2F%2Fdevelopers.google.com&search=&hash=&gsrc=3p&jsh=m%3B%2F%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.gapi.en.CUp85wbT4DI.O%2Frt%3Dj%2Fd%3D1%2Frs%3DAHpOoo-XBQda2DFvo9hxbj_dGnCV84SJMA%2Fm%3Dfeatures#_methods=onPlusOne%2C_ready%2C_close%2C_open%2C_resizeMe%2C_renderstart%2Concircled%2Cdrefresh%2Cerefresh%2Cscroll%2Copenwindow&id=I0_1543165255252&_gfid=I0_1543165255252&parent=https%3A%2F%2Fdevelopers.google.com&pfname=&rpctoken=28904081:1 Access to font at 'https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmWUlfChc4EsA.woff2' from origin 'https://apis.google.com' has been blocked by CORS policy: Request header field x-client-data is not allowed by Access-Control-Allow-Headers in preflight response. KFOlCnqEu92Fr1MmWUlfChc4EsA.woff2:1 Failed to load resource: net::ERR_FAILED TCgT8dzSiU8?autohide=1&showinfo=0&enablejsapi=1:1 Access to XMLHttpRequest at 'https://googleads.g.doubleclick.net/pagead/id' from origin 'https://www.youtube.com' has been blocked by CORS policy: Request header field x-client-data is not allowed by Access-Control-Allow-Headers in preflight response. googleads.g.doubleclick.net/pagead/id:1 Failed to load resource: net::ERR_FAILED