Community

498 Invalid Token (Esri) : Chrome update 85

2991
7
09-07-2020 06:14 PM
MarkChilcott
by
Occasional Contributor III
‎09-07-2020 06:14 PM

Hi Peoples,

We are getting reports from our users of an error message: 498 Invalid Token (Esri)

Returned by ArcGIS for Server. Code 498 indicates an expired or otherwise invalid token.

It is only occurring in Chrome.  Same user, same machine, different browser - works fine. 

We appear to have narrowed it down to Chrome 85 update, which was released 14 days ago and coincided with when reports started.  If a user reports the error, and installs Chrome 80, the problem goes away.  They upgrade to Chrome 85, problem starts again.

What is weird is two people can be sitting next to each other in the office, works for one, not the other.  Same OS and windows patches, same release of Chrome 85.  Person not working logs onto computer that is working, works fine.

Is anyone else seeing issues with the Chrome 85 release and Esri tokens?

Chrome Platform Status 

Cheers,

Mark

0 Kudos
7 Replies
EduardBeneke
by Esri Contributor
Esri Contributor
‎09-07-2020 09:18 PM

Hi Mark,

Could you try clearing cookies on the affected browser?

0 Kudos
MarkChilcott
by
Occasional Contributor III
‎09-07-2020 09:38 PM

Hi Eduard,

Tried clearing out cookies and caches and everything else.  Same result .

Cheers,

Mark

0 Kudos
MarkChilcott
by
Occasional Contributor III
‎09-13-2020 07:11 PM

Hi Peoples,

Chrome plans to gradually enable strict-origin-when-cross-origin as the default policy in 85; this may impact use cases relying on the referrer value from another origin

A new default Referrer-Policy for Chrome: strict-origin-when-cross-origin

This appears to be the the cause of the problem.

To get around the issue one can:

  • Open Chrome
  • In the address bar, navigate to ‘chrome://flags/#reduced-referrer-granularity’
  • Disable the option for ‘Reduce default 'referer' header granularity’

Cheers,

Mark

DushkoMurtovski
by
New Contributor
‎10-03-2020 02:20 AM

Hi,

Is there or will be long term solution to this. Disabling the flag works but this can't be a long term solution for regular customers.

If not what are the recommendations from ESRI of how to implement token authentication from different apps.

Regards,

Dushko

0 Kudos
MarkChilcott
by
Occasional Contributor III
‎10-04-2020 02:47 PM

We had our developers review the code and put in a fix.  We have a complex, custom built app.

0 Kudos
DushkoMurtovski
by
New Contributor
‎10-07-2020 04:15 AM

Hi,

If anybody else have the same problem, i solved it by putting this meta tag in head of index.html

<meta name="referrer" content="no-referrer-when-downgrade" />

Now it works on Chrome.

Regards,

Dushko

PierreLarondelle
by
New Contributor III
‎10-19-2020 02:24 AM

Hi, thanks for the tip, In which index.html file did you place your tag ? There's a lot in the web appbuilder tree ...

We are experiencing a huge amount of these errors in our 10.8.1. Chrome is becoming a real pita with those security ever increasing implementations. Almost every new release breaks something in Enterprise platform.

Security is no compromise, I agree, but it makes us loose way too many times to fix the issues, imho

Pierre

0 Kudos