0

我正在尝试调试一个客户端站点,该站点在 Chrome 中收到错误,阻止用户签出。它只发生在 chrome 中,firefox 和 IE 都可以正常工作。

重现步骤:

  1. 将商品添加到购物车。
  2. 去结账。
  3. 输入帐单信息,然后单击继续。
  4. 页面重定向到购物车并注销用户。
  5. 在通过 devtools -> 应用程序删除 cookie 之前,用户无法重新登录
  6. 重复

Magento 1.9.2.4

Chrome 开发工具日志

Uncaught TypeError: this.each is not a function
    at NodeList.detect (prototype.js:905)
    at <anonymous>:1:86
Google Maps API error: MissingKeyMapError https://developers.google.com/maps/documentation/javascript/error-messages#missing-key-map-error
(anonymous) @ AuthenticationService.Authenticate?1shttps%3A%2F%2Fexample.com%2Fcheckout%2Fonepage%2F&callbac…:1
prototype.js:1739 GET https://exmample.com/checkout/onepage/progress/?prevStep=billing 403 (Forbidden)
prototype.js:1739 GET https://exmample.com/checkout/onepage/progress/?prevStep=shipping 403 (Forbidden)

阿帕奇访问日志

216.206.223.26 - - [17/Jan/2017:13:31:07 -0500] "GET /customer/account/login/ HTTP/1.1" 200 9291 "https://example.com/checkout/cart/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36"
216.206.223.26 - - [17/Jan/2017:13:31:17 -0500] "POST /customer/account/loginPost/ HTTP/1.1" 302 20 "https://example.com/customer/account/login/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36"
216.206.223.26 - - [17/Jan/2017:13:31:18 -0500] "GET /customer/account/ HTTP/1.1" 200 9368 "https://example.com/customer/account/login/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36"
216.206.223.26 - - [17/Jan/2017:13:31:22 -0500] "GET /checkout/onepage/ HTTP/1.1" 200 33989 "https://example.com/customer/account/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36"
216.206.223.26 - - [17/Jan/2017:13:31:48 -0500] "POST /checkout/onepage/saveBilling/ HTTP/1.1" 200 3757 "https://example.com/checkout/onepage/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36"
216.206.223.26 - - [17/Jan/2017:13:31:50 -0500] "POST /checkout/onepage/getAdditional/ HTTP/1.1" 200 24 "https://example.com/checkout/onepage/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36"
216.206.223.26 - - [17/Jan/2017:13:31:50 -0500] "GET /checkout/onepage/progress/?prevStep=billing HTTP/1.1" 403 20 "https://example.com/checkout/onepage/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36"
216.206.223.26 - - [17/Jan/2017:13:31:50 -0500] "GET /checkout/cart/ HTTP/1.1" 200 8213 "https://example.com/checkout/onepage/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36"
216.206.223.26 - - [17/Jan/2017:13:31:50 -0500] "GET /checkout/onepage/progress/?prevStep=shipping HTTP/1.1" 403 20 "https://example.com/checkout/onepage/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36"

我试图通过更新prototype.js 来修复this.each 函数,但这没有效果,我不确定它是否相关。

更新

这是原型尝试发布到https://example.com/checkout/onepage/progress/?prevStep=billing时 chrome 开发控制台的输出。

这发生在单页结帐时,您在帐单信息中单击下一步。然后它转移到运输方式,大约 1 秒后它出错并重定向到一个空的购物车页面并将用户注销。然后不允许用户重新登录。该错误仅发生在 chrome 中。

我目前的工作理论是,它是 ShipperHQ 扩展中缺少 google api 密钥的无意副作用。我正在与客户合作解决这个问题,但我不能 100% 确定。Chrome 报告的丢失密钥的严重性高于 Firefox,因此我想将其作为可能的原因消除。

一般的 
Request URL:https://example.com/checkout/onepage/progress/?prevStep=billing
Request Method:GET
Status Code:403 Forbidden
Remote Address:64.64.18.47:443
响应标头 
Cache-Control:no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection:Keep-Alive
Content-Encoding:gzip
Content-Length:20
Content-Type:text/html; charset=UTF-8
Date:Thu, 19 Jan 2017 13:57:53 GMT
Expires:Thu, 19 Nov 1981 08:52:00 GMT
Keep-Alive:timeout=5, max=98
Login-Required:true
Login-Required:true
Pragma:no-cache
Server:Apache
Set-Cookie:frontend=bprTCXGvbgfI1bIrxGuNHHri477ynIVP; expires=Thu, 19-Jan-2017 14:57:53 GMT; Max-Age=3600; path=/; domain=example.com; httponly
Vary:Accept-Encoding
X-Frame-Options:SAMEORIGIN
X-Powered-By:PHP/5.6.14
请求标头 
Accept:text/javascript, text/html, application/xml, text/xml, */*
Accept-Encoding:gzip, deflate, sdch, br
Accept-Language:en-US,en;q=0.8
Connection:keep-alive
Cookie:_gat=1; _ga=GA1.2.754122640.1484834242; frontend=bprTCXGvbgfI1bIrxGuNHHri477ynIVP; frontend_cid=s2kuTvouz73D2Zvo; frontend=bprTCXGvbgfI1bIrxGuNHHri477ynIVP
Host:example.com
Referer:https://example.com/checkout/onepage/
User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36
X-Prototype-Version:1.7.3
X-Requested-With:XMLHttpRequest
查询字符串参数 
prevStep:billing
4

2 回答 2

2

经过 2 天的尝试,发现这是一个注入到页脚块的恶意软件脚本,该脚本将所有输入数据发布到一个远程第三方脚本,conversion.php每当单击提交按钮时就会调用该脚本。包括用户名、密码、cc#等。

结果,由于某种原因,它导致创建了重复的frontendcookie。存在带有正确令牌的合法.example.com(http) cookie,以及带有不正确令牌的虚假example.com(非 http)cookie。

Firefox 优先处理合法的烹饪并将其发送到 ajax 请求标头中,使其能够正常工作。

另一方面,Chrome 在请求标头中使用了伪造的 cookie,导致 403 从服务器返回。当收到 403 时,magento 将用户踢回一个空购物车并将他们注销。在此过程中,合法的 cookie 令牌被设置为错误的令牌值,并阻止用户再次登录。

Chrome 开发工具和网络选项卡救了我的培根!

于 2017-01-19T21:16:07.963 回答
0

请检查为该站点设置的 cookie 域。确保不应该有多个 cookie 域

于 2017-01-18T07:32:11.563 回答