chrome 单页结帐失败
Onepage checkout fails in chrome
我正在尝试调试在 Chrome 中收到错误以阻止用户签出的客户端站点。它只发生在 chrome,firefox 和 IE 都能正常工作。
重现步骤:
- 将商品添加到购物车。
- 去结账。
- 输入账单信息并点击继续。
- 页面重定向到购物车并注销用户。
- 在通过 devtools -> 应用程序删除 cookie 之前,用户无法重新登录
- 重复
Magento 1.9.2.4
Chrome 开发工具日志
Uncaught TypeError: this.each is not a function
at NodeList.detect (prototype.js:905)
at <anonymous>:1:86
Google Maps API error: MissingKeyMapError https://developers.google.com/maps/documentation/javascript/error-messages#missing-key-map-error
(anonymous) @ AuthenticationService.Authenticate?1shttps%3A%2F%2Fexample.com%2Fcheckout%2Fonepage%2F&callbac…:1
prototype.js:1739 GET https://exmample.com/checkout/onepage/progress/?prevStep=billing 403 (Forbidden)
prototype.js:1739 GET https://exmample.com/checkout/onepage/progress/?prevStep=shipping 403 (Forbidden)
Apache 访问日志
216.206.223.26 - - [17/Jan/2017:13:31:07 -0500] "GET /customer/account/login/ HTTP/1.1" 200 9291 "https://example.com/checkout/cart/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36"
216.206.223.26 - - [17/Jan/2017:13:31:17 -0500] "POST /customer/account/loginPost/ HTTP/1.1" 302 20 "https://example.com/customer/account/login/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36"
216.206.223.26 - - [17/Jan/2017:13:31:18 -0500] "GET /customer/account/ HTTP/1.1" 200 9368 "https://example.com/customer/account/login/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36"
216.206.223.26 - - [17/Jan/2017:13:31:22 -0500] "GET /checkout/onepage/ HTTP/1.1" 200 33989 "https://example.com/customer/account/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36"
216.206.223.26 - - [17/Jan/2017:13:31:48 -0500] "POST /checkout/onepage/saveBilling/ HTTP/1.1" 200 3757 "https://example.com/checkout/onepage/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36"
216.206.223.26 - - [17/Jan/2017:13:31:50 -0500] "POST /checkout/onepage/getAdditional/ HTTP/1.1" 200 24 "https://example.com/checkout/onepage/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36"
216.206.223.26 - - [17/Jan/2017:13:31:50 -0500] "GET /checkout/onepage/progress/?prevStep=billing HTTP/1.1" 403 20 "https://example.com/checkout/onepage/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36"
216.206.223.26 - - [17/Jan/2017:13:31:50 -0500] "GET /checkout/cart/ HTTP/1.1" 200 8213 "https://example.com/checkout/onepage/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36"
216.206.223.26 - - [17/Jan/2017:13:31:50 -0500] "GET /checkout/onepage/progress/?prevStep=shipping HTTP/1.1" 403 20 "https://example.com/checkout/onepage/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36"
我试图通过更新 prototype.js 来修复 this.each 功能,但没有效果,我不确定它是否相关。
更新
这是当原型尝试从 post 到 https://example.com/checkout/onepage/progress/?prevStep=billing 时 chrome 开发控制台的输出。
当您在单页结帐中单击帐单信息中的下一步时,就会发生这种情况。然后它转到运输方式,大约 1 秒后它出错并重定向到一个空的购物车页面并将用户注销。然后不允许用户重新登录。错误仅发生在 chrome.
我目前的工作理论是,这是 ShipperHQ 扩展中缺少 google api 键的无意副作用。我正在与客户合作解决此问题,但我不是 100% 确定。 Chrome 报告丢失的密钥的严重性比 firefox 的严重性更高,所以我想消除这个可能的原因。
一般的
Request URL:https://example.com/checkout/onepage/progress/?prevStep=billing
Request Method:GET
Status Code:403 Forbidden
Remote Address:64.64.18.47:443
响应 Headers
Cache-Control:no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection:Keep-Alive
Content-Encoding:gzip
Content-Length:20
Content-Type:text/html; charset=UTF-8
Date:Thu, 19 Jan 2017 13:57:53 GMT
Expires:Thu, 19 Nov 1981 08:52:00 GMT
Keep-Alive:timeout=5, max=98
Login-Required:true
Login-Required:true
Pragma:no-cache
Server:Apache
Set-Cookie:frontend=bprTCXGvbgfI1bIrxGuNHHri477ynIVP; expires=Thu, 19-Jan-2017 14:57:53 GMT; Max-Age=3600; path=/; domain=example.com; httponly
Vary:Accept-Encoding
X-Frame-Options:SAMEORIGIN
X-Powered-By:PHP/5.6.14
请求 Headers
Accept:text/javascript, text/html, application/xml, text/xml, */*
Accept-Encoding:gzip, deflate, sdch, br
Accept-Language:en-US,en;q=0.8
Connection:keep-alive
Cookie:_gat=1; _ga=GA1.2.754122640.1484834242; frontend=bprTCXGvbgfI1bIrxGuNHHri477ynIVP; frontend_cid=s2kuTvouz73D2Zvo; frontend=bprTCXGvbgfI1bIrxGuNHHri477ynIVP
Host:example.com
Referer:https://example.com/checkout/onepage/
User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36
X-Prototype-Version:1.7.3
X-Requested-With:XMLHttpRequest
查询字符串参数
prevStep:billing
请检查网站设置的 cookie 域。确保不应该有多个 cookie 域
经过 2 天的尝试后发现这是注入到页脚块的恶意脚本,只要单击提交按钮,它就会将所有输入数据发布到名为 conversion.php 的远程第三方脚本.包括用户名、密码、cc#等
因此,由于某种原因,它导致创建了一个重复的 frontend cookie。有一个带有正确令牌的合法 .example.com (http) cookie,以及一个带有错误令牌的伪造 example.com (non-http) cookie。
Firefox 优先考虑合法的烹饪,并在 ajax 请求中发送它 headers 以使其正常工作。
另一方面,Chrome 在请求 headers 中使用了伪造的 cookie,导致 403 从服务器返回。当收到 403 时,magento 将用户踢回一个空的购物车并将他们注销。在此过程中,合法的 cookie 令牌被设置为错误的令牌值,它阻止了用户再次登录。
Chrome 开发工具和网络选项卡救了我的命!
我正在尝试调试在 Chrome 中收到错误以阻止用户签出的客户端站点。它只发生在 chrome,firefox 和 IE 都能正常工作。
重现步骤:
- 将商品添加到购物车。
- 去结账。
- 输入账单信息并点击继续。
- 页面重定向到购物车并注销用户。
- 在通过 devtools -> 应用程序删除 cookie 之前,用户无法重新登录
- 重复
Magento 1.9.2.4
Chrome 开发工具日志
Uncaught TypeError: this.each is not a function
at NodeList.detect (prototype.js:905)
at <anonymous>:1:86
Google Maps API error: MissingKeyMapError https://developers.google.com/maps/documentation/javascript/error-messages#missing-key-map-error
(anonymous) @ AuthenticationService.Authenticate?1shttps%3A%2F%2Fexample.com%2Fcheckout%2Fonepage%2F&callbac…:1
prototype.js:1739 GET https://exmample.com/checkout/onepage/progress/?prevStep=billing 403 (Forbidden)
prototype.js:1739 GET https://exmample.com/checkout/onepage/progress/?prevStep=shipping 403 (Forbidden)
Apache 访问日志
216.206.223.26 - - [17/Jan/2017:13:31:07 -0500] "GET /customer/account/login/ HTTP/1.1" 200 9291 "https://example.com/checkout/cart/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36"
216.206.223.26 - - [17/Jan/2017:13:31:17 -0500] "POST /customer/account/loginPost/ HTTP/1.1" 302 20 "https://example.com/customer/account/login/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36"
216.206.223.26 - - [17/Jan/2017:13:31:18 -0500] "GET /customer/account/ HTTP/1.1" 200 9368 "https://example.com/customer/account/login/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36"
216.206.223.26 - - [17/Jan/2017:13:31:22 -0500] "GET /checkout/onepage/ HTTP/1.1" 200 33989 "https://example.com/customer/account/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36"
216.206.223.26 - - [17/Jan/2017:13:31:48 -0500] "POST /checkout/onepage/saveBilling/ HTTP/1.1" 200 3757 "https://example.com/checkout/onepage/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36"
216.206.223.26 - - [17/Jan/2017:13:31:50 -0500] "POST /checkout/onepage/getAdditional/ HTTP/1.1" 200 24 "https://example.com/checkout/onepage/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36"
216.206.223.26 - - [17/Jan/2017:13:31:50 -0500] "GET /checkout/onepage/progress/?prevStep=billing HTTP/1.1" 403 20 "https://example.com/checkout/onepage/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36"
216.206.223.26 - - [17/Jan/2017:13:31:50 -0500] "GET /checkout/cart/ HTTP/1.1" 200 8213 "https://example.com/checkout/onepage/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36"
216.206.223.26 - - [17/Jan/2017:13:31:50 -0500] "GET /checkout/onepage/progress/?prevStep=shipping HTTP/1.1" 403 20 "https://example.com/checkout/onepage/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36"
我试图通过更新 prototype.js 来修复 this.each 功能,但没有效果,我不确定它是否相关。
更新
这是当原型尝试从 post 到 https://example.com/checkout/onepage/progress/?prevStep=billing 时 chrome 开发控制台的输出。
当您在单页结帐中单击帐单信息中的下一步时,就会发生这种情况。然后它转到运输方式,大约 1 秒后它出错并重定向到一个空的购物车页面并将用户注销。然后不允许用户重新登录。错误仅发生在 chrome.
我目前的工作理论是,这是 ShipperHQ 扩展中缺少 google api 键的无意副作用。我正在与客户合作解决此问题,但我不是 100% 确定。 Chrome 报告丢失的密钥的严重性比 firefox 的严重性更高,所以我想消除这个可能的原因。
一般的Request URL:https://example.com/checkout/onepage/progress/?prevStep=billing
Request Method:GET
Status Code:403 Forbidden
Remote Address:64.64.18.47:443
Cache-Control:no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection:Keep-Alive
Content-Encoding:gzip
Content-Length:20
Content-Type:text/html; charset=UTF-8
Date:Thu, 19 Jan 2017 13:57:53 GMT
Expires:Thu, 19 Nov 1981 08:52:00 GMT
Keep-Alive:timeout=5, max=98
Login-Required:true
Login-Required:true
Pragma:no-cache
Server:Apache
Set-Cookie:frontend=bprTCXGvbgfI1bIrxGuNHHri477ynIVP; expires=Thu, 19-Jan-2017 14:57:53 GMT; Max-Age=3600; path=/; domain=example.com; httponly
Vary:Accept-Encoding
X-Frame-Options:SAMEORIGIN
X-Powered-By:PHP/5.6.14
Accept:text/javascript, text/html, application/xml, text/xml, */*
Accept-Encoding:gzip, deflate, sdch, br
Accept-Language:en-US,en;q=0.8
Connection:keep-alive
Cookie:_gat=1; _ga=GA1.2.754122640.1484834242; frontend=bprTCXGvbgfI1bIrxGuNHHri477ynIVP; frontend_cid=s2kuTvouz73D2Zvo; frontend=bprTCXGvbgfI1bIrxGuNHHri477ynIVP
Host:example.com
Referer:https://example.com/checkout/onepage/
User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36
X-Prototype-Version:1.7.3
X-Requested-With:XMLHttpRequest
prevStep:billing
请检查网站设置的 cookie 域。确保不应该有多个 cookie 域
经过 2 天的尝试后发现这是注入到页脚块的恶意脚本,只要单击提交按钮,它就会将所有输入数据发布到名为 conversion.php 的远程第三方脚本.包括用户名、密码、cc#等
因此,由于某种原因,它导致创建了一个重复的 frontend cookie。有一个带有正确令牌的合法 .example.com (http) cookie,以及一个带有错误令牌的伪造 example.com (non-http) cookie。
Firefox 优先考虑合法的烹饪,并在 ajax 请求中发送它 headers 以使其正常工作。
另一方面,Chrome 在请求 headers 中使用了伪造的 cookie,导致 403 从服务器返回。当收到 403 时,magento 将用户踢回一个空的购物车并将他们注销。在此过程中,合法的 cookie 令牌被设置为错误的令牌值,它阻止了用户再次登录。
Chrome 开发工具和网络选项卡救了我的命!