Closed jeffbski closed 3 years ago
Do you have some extra extensions installed in your chrome, like https-everywhere
... ?
I have never cleaned cookies for meet.jit.si in my browser and I don't have such thing.
I see people are discussing this is a problem in some extensions: https://github.com/amplitude/Amplitude-JavaScript/issues/326
On this particular laptop I do have https-everywhere installed, but this has also occurred before on my other laptop which has only deluminate and lastpass extensions.
So are the amp_cookie_test and _tldtest cookies not created by jitsi?
If these are not being created by jitsi then this is clearly an extension problem or external problem.
Yep, we are not using cookies in the code. But external dependencies like amplitude use it ...
I also ran into this issue. Also have https-everywhere installed, but even when disabled the problem persists.
same issue, https-everywhere installed as well as uMatrix&Co. Seems to be a meet.jit.si specific problem, is it?
It is some problem with those extensions and amplitude. Nothing on the jitsi-meet side or meet.jit.si, or at least there is nothing we can do about it.
On this particular laptop I do have https-everywhere installed, but this has also occurred before on my other laptop which has only deluminate and lastpass extensions.
@damencho some guy wrote this, are you sure?
I'm sure that we do not use cookies. And I'm sure there were reports for this kind of incompatibilities. Look at the link I posted above.
I have this issue as well now and then. I'm using Firefox on Fedora with HTTPS Everywhere and several other extensions (Privacy Badger, uBlock Origin, DuckDuckGo Privacy Essentials, ClearURLs) enabled. If we are sure that it is an HTTPS Everywhere issue, I could report it to their issue tracker at: https://github.com/EFForg/https-everywhere/issues What do you think, should I raise an HTTP Everywhere issue?
Yes, please.
I have disabled HTTPS everywhere but the problem persists.
@damencho This seems to be the root of the problem: https://github.com/amplitude/Amplitude-JavaScript/issues/326
Would it be possible to reopen this issue?
I reopened, but there is nothing actionable for us unfortunately.
If Amplitude doesn't patch their code, an workaround could be to run a cookie-cleanup-routine after some time and deleting all cookies matching a regex.
I have disabled HTTPS everywhere but the problem persists.
Did the problem re-appear for you after disabling HTTPS everywhere AND deleting the cookies (i.e. not having the problem for at least a moment)?
I have disabled HTTPS everywhere but the problem persists.
Did the problem re-appear for you after disabling HTTPS everywhere AND deleting the cookies (i.e. not having the problem for at least a moment)?
Deleting cookies solved it temporarily, but then the problem appeared again.
@Thomas131 I haven't spent any time digging into this issue before now, but I see you posted a patch to https://github.com/amplitude/Amplitude-JavaScript/issues/326 I assume this can be employed directly by jitsi if it is not fixed upstream anytime soon?
We do not build amplitude javascript, we use it as npm module https://github.com/jitsi/jitsi-meet/blob/9e6939d25f71ca8640b314f413f4dfeec0d9ae5d/package.json#L41
@damencho I found this package, which I haven't tried but seems to offer the ability to patch within the npm context: https://www.npmjs.com/package/patch-package
I have disabled HTTPS everywhere but the problem persists.
Did the problem re-appear for you after disabling HTTPS everywhere AND deleting the cookies (i.e. not having the problem for at least a moment)?
Deleting cookies solved it temporarily, but then the problem appeared again.
Yup, now I've had the same experience as well. I disabled the addon "HTTPS everywhere" for meet.jit.si, but in the last week or two I've had Request Header Or Cookie Too Large
twice already (after each time, deleting the cookies). So some other addons might contribute as well?
My Tampermonkey scripts only affect Youtube.
Fixed upstream:
Does anyone mind explaining how does this work to a curious mind? For the issue to cease do we have to wait for an update to HTTPS everywhere (and possibly to other addons using Amplitude) where they bump up their Amplitude version?
Does anyone mind explaining how does this work to a curious mind? For the issue to cease do we have to wait for an update to HTTPS everywhere (and possibly to other addons using Amplitude) where they bump up their Amplitude version?
This was never a HTTPS everywhere issue, using HTTPS everywhere just exacerbated the situation. For this to be fixed jitsi needs to incorporate the change. Most likely that will be by bumping their Amplitude version, but there are also other options for more immediate resolution. Eg. patching with the fix, or using an unreleased head version of Amplitude.
Hello, HTTPS Everywhere lead developer here.
This extension does NOT use any analytics like Amplitude or anyone else in the code. We only set secure cookies on domains that support them. We do not have access or control when analytics libraries are utilized in ways that break user experience.
This extension does NOT use any analytics like Amplitude or anyone else in the code. We only set secure cookies on domains that support them. We do not have access or control when analytics libraries are utilized in ways that break user experience . @zoracon I only did a brief analysis of the problem but what seems to be the case is that the offending code path is run much more frequently when HTTPS Everywhere is enabled. So while everyone will experience this eventually when running Jitsi for a long time, HTTPS Everywhere accelerates overfilling the cookie, possibly by triggering state changes. Not saying this is caused by HTTPS Everywhere, or that HTTPS Everywhere is behaving wrong in any way, cause the error is rightfully fixed in Amplitude, but interactions with HTTPS Everywhere seems to be contributing significantly.
Lately, I experience this error again. Should I create a new issue, or can this one be re-opened? Screenshot of error message:
Is there a bug reported in amplitude?
Do you want to show your cookies? What Browser do you use? Does JitSi work in Private Browsing Mode?
amplitude
I do not know what you mean by this.
Do you want to show your cookies? What Browser do you use? Does JitSi work in Private Browsing Mode?
Maybe I can share my cookies, although I do not really know how to do this. I use Firefox, fully up to date on Fedora 34. I have several extensions in Firefox: HTTPS Everywhere, uBlockOrigin, Privacy Bagder, ClearURLs, DuckDuckGo privacy. When I have this issue, I sometimes start a private window. That does always work flawless. Removing the cookies make Jitsi work for a while, but over time I get the Cookie Too Large error.
I do not know what you mean by this.
If you follow this issue upwards you'll see that was a problem with the amplitude-js library. A bug was filed, which then got fixed. Not sure if that is the case, we can know if you share the cookies you have for the meet.jit.si domain.
@saghul has the error appeared and disappeared? If not, you should try to delete the cookie, as the fix doesn't really make the cookie smaller, it only prevents it from growing. If it reappears after deleting the cookie, you should definitely file a new bug.
I haven't heard of this bug reappearing.
Sorry @saghul , I meant to address @janvlug
@bfg1981 I think I have seen it disappearing and appearing again (or maybe it just happens less). I am using Jitsi less lately. I for sure deleted the cookies. If it happens again, I will file a new bug.
I've started seeing this again in the last few days, have now deleted the cookies twice. Hadn't seen it in months, so assume it had been fixed.
This bug has never stopped happening for me. Unfortunately, clearing all cookies results in a few bad outcomes (e.g., any already-made Google Calendar jitsi-integration-created meeting links break when you clear the cookies).
Is there, at least, a known extension or regex for cookies which are safe to delete?
Description:
In certain circumstances when you try to join a meeting, you get a white error page with 400 Bad Request - Request Header or Cookie too large. This is occurring on the public instance https://meet.jit.si
After looking at the network console, I can see that the Cookie header has grown substantially and is likely the problem.
This is a terrible error for an end user since they have no idea how to recover, refreshing the page does nothing to fix it. You can fix it by clearing your cookies, but this is not an ideal work around.
Maybe Jitsi needs to monitor the cookie size and be sure to delete old cookies or make sure that the size doesn't get too large. There is an excessive number of amp_cookie_test and _tldtest cookies that are likely not being cleaned up and causing the problem. I have included the raw cookie header as well as screenshots of the parsed cookies from chrome tools.
Alternatively this error could be somehow handled by redirecting to a page that runs some cleanup on the cookies before redirecting back to the original page.
Steps to reproduce:
It is not clear what can cause this. I've seen it happen for seemingly no particular reason. The most recent situation happened when I accidentally ended my call while still sharing a youtube URL (though I don't know that this was a contributing factor).
Expected behavior:
Error should not occur, cookie header size should be being cleaned up so that it doesn't exceed max. Clean up amp_cookie_test and _tldtest or reuse them better as to not exceed the max.
Actual behavior:
400 Bad Request Error page - Request Header or Cookie too large
Browser screenshot
Server information:
Public meet.jit.si instance on Jan 10th, 2021
Client information:
Additional information:
Cookie list page 1
Cookie list page 2
Cookie list page 3
HTTP Request and Headers (room name was changed, but otherwise rest is actual data):
GET /myRoomHere HTTP/1.1 Host: meet.jit.si Connection: keep-alive Pragma: no-cache Cache-Control: no-cache sec-ch-ua: "Google Chrome";v="87", "\"Not;A\Brand";v="99", "Chromium";v="87" sec-ch-ua-mobile: ?1 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Linux; Android 6.0; Nexus 5 Build/MRA58N) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Mobile Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: amp_cookie_testGNafy8ESDao623BoSu_jvj=Sat Dec 05 2020 07:00:55 GMT-0600 (Central Standard Time); _tldtest_FmBW7Lj20Le-vkOhXqYZKU=1; _tldtest_RJzDMduFpg5hvZu06KnQHW=1; amp_cookie_testfBwC2WsjPX4OqqR9Ey8hZd=Sat Dec 05 2020 07:00:55 GMT-0600 (Central Standard Time); amp_cookie_testhkRr4gEBXKsNmM2582f50d=Sat Dec 05 2020 07:01:06 GMT-0600 (Central Standard Time); _tldtest_rb3GHf23MHC092r34g3X27=1; _tldtest_hhnjtGxw3WH4-8jRVC0yKM=1; amp_cookie_testuRpXvmzgqzjmyqsF5rV4bq=Sat Dec 05 2020 07:01:06 GMT-0600 (Central Standard Time); amp_cookie_test-K56ZwaMObduJFVWlc2UtF=Sat Dec 05 2020 08:26:26 GMT-0600 (Central Standard Time); _tldtest_mshsSwQbdelMVebZL27dj1=1; _tldtest_FM8rWzmBD0zdYXmLAbHcke=1; amp_cookie_testi9Mn_sNCgI2g5fPE-FYdaQ=Sat Dec 05 2020 08:26:26 GMT-0600 (Central Standard Time); amp_cookie_testPcDwWBhhikDn-LTb2xGp7u=Sun Dec 06 2020 14:58:46 GMT-0600 (Central Standard Time); _tldtest_7tgSgLAJFwVa2sWG1V0Ra4=1; _tldtest_VhDmjorybPTzfsxxvL3Jwf=1; amp_cookie_testW-Trvl7p0OPQiXk--EGj4i=Sun Dec 06 2020 14:58:46 GMT-0600 (Central Standard Time); amp_cookie_testNxIgoeM3EfUrRI7Ay7C6Qw=Sun Dec 06 2020 16:15:10 GMT-0600 (Central Standard Time); tldtest-1oUI4gCxcd3ya75mJMKDi=1; _tldtest_Y1siMBtfpRwhm41NntckCM=1; amp_cookie_testi4Xx_bA3K3K3LF9AaU04Yl=Sun Dec 06 2020 16:15:10 GMT-0600 (Central Standard Time); amp_cookie_test64gXBTWDuaDx3cfP4rLSnb=Wed Dec 09 2020 18:49:29 GMT-0600 (Central Standard Time); _tldtest_byrcnEUotUtLQATPZCIJ4P=1; _tldtest_IAd2EOPjR_vh9pA3fM7rFu=1; amp_cookie_testmRww9Z9IwmY1caHjz9OYrK=Wed Dec 09 2020 18:49:29 GMT-0600 (Central Standard Time); amp_cookie_test6vj0dvHQCzX__3rHVFvgHb=Wed Dec 09 2020 19:56:29 GMT-0600 (Central Standard Time); _tldtest_xg9ccs9o7WxMgVYvF3h1L5=1; _tldtest_q_ybXmPDZrLxDkFh0UJ-Uz=1; amp_cookie_testQVTdYLpxweHY1Rj1C-a94d=Wed Dec 09 2020 19:56:29 GMT-0600 (Central Standard Time); amp_cookie_test_e_KmF93indV2HYbrKUyAN=Sat Dec 12 2020 06:59:20 GMT-0600 (Central Standard Time); _tldtest_af6TD_2xHjF5RHo6P5Ve5f=1; _tldtest_YjuJt5cUlr-vQkVGBO8pD9=1; amp_cookie_testexwbLUK8XEQU2Wrt8GzK=Sat Dec 12 2020 06:59:20 GMT-0600 (Central Standard Time); amp_cookie_testXuoqR8qeuPxrJd2xEuvgeJ=Sat Dec 12 2020 08:29:23 GMT-0600 (Central Standard Time); _tldtestgfmBrVmD5rF8TkxtXHyjF=1; _tldtest_PxB6omnkrHOntjKkR8YD5J=1; amp_cookie_test2uvuDpVnypzAY9olxvDSlg=Sat Dec 12 2020 08:29:23 GMT-0600 (Central Standard Time); amp_cookie_testENAKyJa06FPWs4SwQfZFpJ=Sun Dec 13 2020 14:59:32 GMT-0600 (Central Standard Time); _tldtest_5uQFCZprRR6k34XuoVnFo8=1; _tldtest_FisorcCPp-6Xz-AxbR5x2O=1; amp_cookie_testBm-J9_xrzhmStUJDLgySBU=Sun Dec 13 2020 14:59:32 GMT-0600 (Central Standard Time); amp_cookie_testTXdITkpKrrgrDgv9U_UaKL=Sun Dec 13 2020 16:19:56 GMT-0600 (Central Standard Time); _tldtest_K9mbyhUYOyxZ1HYkpdUawK=1; _tldtest_q6HDTHQHaKL2fvwm93fRZD=1; amp_cookie_testTVw0uKPAuLWSpoJaCwuG0q=Sun Dec 13 2020 16:19:56 GMT-0600 (Central Standard Time); amp_cookie_test6Xx4CqvbNU4l3LkafKML1a=Mon Dec 14 2020 15:26:56 GMT-0600 (Central Standard Time); _tldtest_Rx-zyuA-VYFBdetxGiOIFL=1; _tldtest_cMm5oqxi9pmLv1u26mmYCQ=1; amp_cookietestzPfEoc3LRuHihKYvDOGGI=Mon Dec 14 2020 15:26:56 GMT-0600 (Central Standard Time); amp_cookie_testQpzTkgFHHZGh1qbnlvOMFO=Mon Dec 14 2020 16:12:09 GMT-0600 (Central Standard Time); tldtest-6LpMGH-eqs6c5rt6Ca9UI=1; _tldtest_48vNbyBCM-h9R1Zy3pfgg5=1; amp_cookie_testBJ_kj9WhlrY581Ctj43OvZ=Mon Dec 14 2020 16:12:09 GMT-0600 (Central Standard Time); amp_cookie_test3U0qCq1wBqotxYhoKm9lnP=Mon Dec 14 2020 16:20:29 GMT-0600 (Central Standard Time); _tldtest_50wq1Ey2iiY_9H4g4AQreW=1; _tldtest_N2oCS6Ki8WDCqBpTWJyvJ3=1; amp_cookie_testut2vvtIz-Tn_kSCZMV8fQp=Mon Dec 14 2020 16:20:29 GMT-0600 (Central Standard Time); amp_cookie_testja9YrHrsycnZXwNeaM6_uS=Thu Dec 17 2020 20:31:01 GMT-0600 (Central Standard Time); _tldtest_n-iwkzezQny2oLOgc9nB4Z=1; _tldtest_DNuQ8nfJTQUr52bCpyKmeV=1; amp_cookie_testUR2QysrHJup5ib1Hf7KW=Thu Dec 17 2020 20:31:01 GMT-0600 (Central Standard Time); amp_cookie_testwI0p1f3OapsJ9wcFcEAigO=Thu Dec 17 2020 21:39:21 GMT-0600 (Central Standard Time); _tldtest_GpIYcD06-zINFSkKIfhX5U=1; amp_cookie_test7CkUTJmqVNm66KoUMvghpH=Thu Dec 17 2020 21:39:21 GMT-0600 (Central Standard Time); _tldtest_9Ys_94GNS7a21mcXEJEq_X=1; amp_cookie_test4Ge1-wS2SzQuDaD8hZF0nT=Sat Dec 19 2020 07:00:27 GMT-0600 (Central Standard Time); _tldtest_1QKPeTr9vZ0B_LWBh33UuX=1; _tldtest_vJNWeBSKRasUfdmecOZYjG=1; amp_cookie_testmKHEFBtoRVCK0taRpS_cLS=Sat Dec 19 2020 07:00:33 GMT-0600 (Central Standard Time); amp_cookie_testLjfYsztX70W0mHyTBqCINf=Sat Dec 19 2020 08:20:35 GMT-0600 (Central Standard Time); amp_cookie_test4LXy16zVal9qaSlGlTXKm0=Wed Dec 23 2020 12:04:43 GMT-0600 (Central Standard Time); _tldtest_BK5Hp8JyZKlW3pe9mBI0j8=1; _tldtest_CeZ5E2bv7mcB0_R-8luWFO=1; amp_cookie_testD0cuvHjIACqWnf4rBHrRoa=Wed Dec 23 2020 12:04:43 GMT-0600 (Central Standard Time); amp_cookie_testPmrCCYBm9v8RUlrbT3WDEe=Wed Dec 23 2020 12:06:16 GMT-0600 (Central Standard Time); _tldtest_e3oNOAADbVYEZjPtkfQ0fS=1; _tldtest_aeFuoIdwOQZS1V3GAmdARH=1; amp_cookie_testOi8l0uBvTQEx0BrXkTv9_Q=Wed Dec 23 2020 12:06:16 GMT-0600 (Central Standard Time); amp_cookie_test2FymRE8BsLfn5AaJs2JLaA=Wed Dec 23 2020 19:46:16 GMT-0600 (Central Standard Time); _tldtest_6KiKlfI2zZzl9vSt25R0dF=1; _tldtest_s4YrJTZNuU8GSRFZg3tNeo=1; _tldtest_AFPkckDADmucfRLVQTJCxw=1; amp_cookie_test4z39i0CXHy0IYqV9n0cH41=Wed Dec 23 2020 19:51:06 GMT-0600 (Central Standard Time); _tldtest_4GuaVjNQTC85bnNtYMh1Id=1; amp_cookie_testH2Oq0gXxapu2n59T1mRKrz=Wed Dec 23 2020 19:51:10 GMT-0600 (Central Standard Time); amp_cookie_test3b0vAEQJk431mhWpNNcYmH=Wed Dec 23 2020 21:34:37 GMT-0600 (Central Standard Time); _tldtest_9aZPABVgSDM9hp1XzAO36w=1; _tldtest_ytn4X4UNLnV3I6ss7lIXQL=1; amp_cookie_test4-Wl9-yzDnUdtcehmgSl30=Wed Dec 23 2020 21:34:37 GMT-0600 (Central Standard Time); amp_cookie_testZG8yQ7mvYdlErIensHN_59=Fri Dec 25 2020 12:08:42 GMT-0600 (Central Standard Time); _tldtest_PstFnDcPuZ2v6rVRzaRbLT=1; _tldtest_nQ87JCxCJNj5tLxmmF7bka=1; amp_cookie_test7YwFKRHETxwqi3gAu9gJ39=Fri Dec 25 2020 12:08:42 GMT-0600 (Central Standard Time); amp_cookietestt3lUrvNySFUxUP-QF_wOE=Sat Jan 02 2021 06:58:38 GMT-0600 (Central Standard Time); _tldtest_KSjhoBhDYfIWYlve3vvI5b=1; _tldtest_r-WxEuv_16F5i8Y4VgG4ik=1; amp_cookie_testxjL4DhUMRkk--FrfAZNe4o=Sat Jan 02 2021 06:58:38 GMT-0600 (Central Standard Time); amp_cookie_testczbREpWabLFmGiJiEKUKen=Sat Jan 02 2021 08:29:33 GMT-0600 (Central Standard Time); _tldtest_ZClah4fntVS4A_qLciITct=1; _tldtest_74W5EY-g1M3QJ9omDFBO3O=1; amp_cookie_testVee-4PY4shsF8SIubHVvz8=Sat Jan 02 2021 08:29:33 GMT-0600 (Central Standard Time); amp_cookie_testSjRnfnPSvDtVq-wsHWFX4l=Sun Jan 03 2021 14:57:32 GMT-0600 (Central Standard Time); _tldtest_t-Fhr_XG6AorKnIZ538p2h=1; _tldtest_Eer0NZEA27cxTCJBAsa81y=1; amp_cookie_testkKIimfKzGWuqDdCENoXPpy=Sun Jan 03 2021 14:57:32 GMT-0600 (Central Standard Time); amp_cookie_testtzcbQzbtnX2UfNAu-lBsiX=Sun Jan 03 2021 16:21:04 GMT-0600 (Central Standard Time); _tldtest_KWNj56JuLUFJ5LHM6oGDrS=1; amp_cookie_testbceziUF2oLSOSR7W1U1nS1=Sun Jan 03 2021 16:21:04 GMT-0600 (Central Standard Time); _tldtest_fOH3ae5rkqJ-vMubbc2Hvw=1; _tldtest_iiVdWLtqICZ7ynEUSudsp7=1; amp_cookie_test3wC6KlKFDSUpQ9CuAwujn-=Sat Jan 09 2021 07:00:00 GMT-0600 (Central Standard Time); amp_cookie_testjCzWR4wr7cIseiSo4XisUk=Sat Jan 09 2021 08:29:40 GMT-0600 (Central Standard Time); _tldtest_gf5gXynOMTNQ6S-BhchE8V=1; _tldtest_AYy72mFnSe61XLGJ5vuWC0=1; amp_cookie_testeQwncql1zQHtdxidaxSobA=Sat Jan 09 2021 08:29:40 GMT-0600 (Central Standard Time); _tldtest_hBD4WjYn6DP1YeWihY56NB=1; amp_cookie_testx-2HEpQTEUOCxIyIordYTH=Sat Jan 09 2021 17:34:33 GMT-0600 (Central Standard Time); _tldtest_4IA1GoSFbZB_f4fw8ofKaN=1; amp_cookietestyLk2etIcKgHauBY0pQdig=Sun Jan 10 2021 14:59:00 GMT-0600 (Central Standard Time); _tldtest_rEoCLy2UedS1f678ZnOvTi=1; _tldtest_OCt8WgvxZ3-1Kb175704ja=1; amp_cookie_testNJGbwYUE0iEbjbtWO_1ueZ=Sun Jan 10 2021 14:59:00 GMT-0600 (Central Standard Time); _tldtest_4TyfErl2AfF56L1Q5_AyJ5=1; _tldtest_j-5VfN6GBgKOIojGSUzMcb=1; amp_cookie_test0QxKH_Klxga7QoWn5gRCX9=Sun Jan 10 2021 15:52:35 GMT-0600 (Central Standard Time); amp_cookie_test5bX9LBM5n7GW62gutKbgug=Sun Jan 10 2021 15:52:40 GMT-0600 (Central Standard Time); _tldtest_bMtIFYgjZ7IuacVuOec09E=1; amplitude_testjit.si=MC4xNDU0NzYwNzQzNDA1MjY1Ng==; _tldtest_4IhR2J2alu7L-uliey_wWM=1; amp_cookie_testjtovpmEwKiDncaUMcQkZmK=Sun Jan 10 2021 15:52:40 GMT-0600 (Central Standard Time); amp_fafdba=I9i0gMj7BWYAOYSvNshGAt...1ern4io8d.1ern4iuim.h.15.1m