Problem with webmin working in google chrome

SYSTEM INFORMATION
OS type and version DEBIAN 10
Webmin version 1.994

Access to XMLHttpRequest at ‘https://admin.example.com/stats.cgi?xhr-stats=general’ from origin ‘https://admin.example.com’ has been blocked by CORS policy: Request had a target IP address space of unknown yet the resource is in address space public.

From the last update of google chrome, version: Version 102.0.5005.63 it only throws the mentioned error and not the functions it does not fulfill correctly…

I have read this official update note: Private Network Access update: Introducing a deprecation trial - Chrome Developers

But I don’t understand how to solve it, is it something related to the apache web server? (I use it under apache to hide the port) but if I remove the proxy from apache and use it with the port :10000 directly, it also gives me the same errors

According to the link that I posted above, it is something related to SSL (https) but is it something that I must add to the dns servers, something that goes in apache or directly in webmin / virtualmin?

From already thank you very much

Most likely your browser. Did you try with firefox or edge as an example?

For chrome try:

For WINDOWS

  • Run ‘regedit’ to open windows registry (If permission issue came then run that command with Admin command prompt)
  • Go to Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome
  • Create new DWORD value with “InsecurePrivateNetworkRequestsAllowed” Name
  • Change Value to “1”
  • Restart your Browser

If I have tried it in different browsers and the same thing happens, I have analyzed it and the CORS error only occurs in the HTTP/2 protocol, in HTTP/1.1 it works normally…

But I don’t see any point in disabling this function in the browser, because every client you have will have to do the same thing on your computer? that is not professional, I think the solution comes from the server

Are settings web apllication in combination with the configuration server for CORS and security, if using CDN or external parts / scripts then look there.
( i vage remember there was a external script / css or something in webmin longer time ago but don’t know where an if it still is)

Or this one?

So test in browser debug/ dev mode to find out?

This test can help some.

Check your HTTP2 settings to Clear yes or no HTTP2 support and yes or no OCSP stapling support needed - General Discussion - Virtualmin Community

Analyse your HTTP response headers (securityheaders.com)

Is set globally OK for your box or other setting…?

For the webmin dev @Ilia is this script a solution to build in for some testing webmin virtualmin?

1 Like

Hello

In the event that I have attempted it in various programs and exactly the same thing occurs, I have dissected it and the CORS blunder just happens in the HTTP/2 convention, in HTTP/1.1 it works typically…

However, I see no good reason for handicapping this capacity in the program, in light of the fact that each client you have should do exactly the same thing on your PC? that isn’t proficient, I think the arrangement comes from the server’
Regard:
Condo Lobby

Please make sure that with enabled proxy SSL config between Webmin server and proxy configured correctly. Firefox and Chrome implement HTTP/2 only over TLS (HTTPS).

1 Like

As you can see the error is persistent and when it happens the functions of the page fail, you have to reload again…

Both SSL and headers are configured correctly

Do these errors happen if you use another Chrome instance, development version, for example? Do these error happen in Firefox or Brave?

Your dev screenshot is what i had in the past i solved maybe with some settings, is to long ago

But the admin… domain is the script / coming / loading from was it then, pff i don’t have notes from it, only some in my head .

Also not sure if problem or cause is kind of same.

But after my change i thought in that header test max what i could get was a A not Aplus while then you need to know exactly more about that extra parts

Hello Webmin Developers and Community,
My issue is I cannot connect to my Webmin panel in the chrome desktop browser. (YES it is the correct password… keep reading)
I tried from Firefox and Microsoft Edge and I could login fine with both of them. If I try through chrome, however, it just reloads the login page. I have attached a GIF of what happens when I try through chrome (the cursor is not synced properly to where it actually was since I used ShareX to record it.)
Regard:
Condo Lobby

Hello Webmin Developers and Community,
My issue is I cannot connect to my Webmin panel in the chrome desktop browser. (YES it is the correct password… keep reading)
I tried from Firefox and Microsoft Edge and I could login fine with both of them. If I try through chrome, however, it just reloads the login page. I have attached a GIF of what happens when I try through chrome (the cursor is not synced properly to where it actually was since I used ShareX to record it.)
Regard:

[[Condo Lobby](https://condolobby.com/)]

https://bugs.chromium.org/p/chromium/issues/detail?id=1332943#c15

I opened a ticket directly on the chromium developers page and apparently it is a bug that has arisen with the new policies that have been implemented on “Private Network Access”… In Microsoft Edge very rarely the error appears but I have noticed that it has a numerical version very similar to chrome, surely they share implementations and in other browsers I have not tried but I have tried chrome 103 (beta) and after the correction they have made it has not failed anymore…

So I’ll have to wait for the fix to be established in the stable version of chrome but I looked at what they’ve done and even the commit description and it says the following:

The race caused flakiness when establishing connections to non-public
servers that do not serve Connection: close headers yet support only a
single request per socket.

https://chromiumdash.appspot.com/commit/4fda22e160e016227e8fed76c80523df0acce6de

But I don’t understand why the “Connection” header is capable of producing that error, it also says: “they admit a single request per socket”

I have implemented: “Header set Connection keep-alive” to improve performance…

Regarding this bug, it was a chrome bug that was fixed in version 103… I leave the link to be of help if someone else needs information about it.

https://bugs.chromium.org/p/chromium/issues/detail?id=1332943#makechanges

2 Likes