498 Invalid Token (Esri) : Chrome update 85

359
7
09-07-2020 06:14 PM
Highlighted
Occasional Contributor III

Hi Peoples,

We are getting reports from our users of an error message: 498 Invalid Token (Esri)

Returned by ArcGIS for Server. Code 498 indicates an expired or otherwise invalid token.

It is only occurring in Chrome.  Same user, same machine, different browser - works fine. 

We appear to have narrowed it down to Chrome 85 update, which was released 14 days ago and coincided with when reports started.  If a user reports the error, and installs Chrome 80, the problem goes away.  They upgrade to Chrome 85, problem starts again.

What is weird is two people can be sitting next to each other in the office, works for one, not the other.  Same OS and windows patches, same release of Chrome 85.  Person not working logs onto computer that is working, works fine.

Is anyone else seeing issues with the Chrome 85 release and Esri tokens?

Chrome Platform Status 

Cheers,

Mark

Reply
0 Kudos
7 Replies
Highlighted
Esri Contributor

Hi Mark,

Could you try clearing cookies on the affected browser?

Reply
0 Kudos
Highlighted
Occasional Contributor III

Hi Eduard,

Tried clearing out cookies and caches and everything else.  Same result .

Cheers,

Mark

Reply
0 Kudos
Highlighted
Occasional Contributor III

Hi Peoples,

Chrome plans to gradually enable strict-origin-when-cross-origin as the default policy in 85; this may impact use cases relying on the referrer value from another origin

A new default Referrer-Policy for Chrome: strict-origin-when-cross-origin

This appears to be the the cause of the problem.

To get around the issue one can:

  • Open Chrome
  • In the address bar, navigate to ‘chrome://flags/#reduced-referrer-granularity’
  • Disable the option for ‘Reduce default 'referer' header granularity’

Cheers,

Mark

Highlighted
New Contributor

Hi,

Is there or will be long term solution to this. Disabling the flag works but this can't be a long term solution for regular customers.

If not what are the recommendations from ESRI of how to implement token authentication from different apps.

Regards,

Dushko

Reply
0 Kudos
Highlighted
Occasional Contributor III

We had our developers review the code and put in a fix.  We have a complex, custom built app.

Reply
0 Kudos
Highlighted
New Contributor

Hi,

If anybody else have the same problem, i solved it by putting this meta tag in head of index.html

<meta name="referrer" content="no-referrer-when-downgrade" />

Now it works on Chrome.

Regards,

Dushko

Reply
0 Kudos
Highlighted
New Contributor II

Hi, thanks for the tip, In which index.html file did you place your tag ? There's a lot in the web appbuilder tree ...

We are experiencing a huge amount of these errors in our 10.8.1. Chrome is becoming a real pita with those security ever increasing implementations. Almost every new release breaks something in Enterprise platform.

Security is no compromise, I agree, but it makes us loose way too many times to fix the issues, imho

Pierre

Reply
0 Kudos