Chrome浏览器中的单页结帐失败

时间:2017-01-17 19:10:20

标签: magento magento-1.9 onepage-checkout

我正在尝试调试在Chrome中收到错误的客户端网站,导致用户无法检出。它只发生在chrome,firefox和IE中都能正常工作。

重现的步骤:

  1. 将商品添加到购物车。
  2. 去结帐。
  3. 输入结算信息,然后点击“继续”。
  4. 页面重定向到购物车并将用户注销。
  5. 用户无法重新登录,直到通过devtools删除Cookie - >应用
  6. 重复

    7. Magento 1.9.2.4

    Chrome devtools log 

    Uncaught TypeError: this.each is not a function
    at NodeList.detect (prototype.js:905)
    at <anonymous>:1:86
Google Maps API error: MissingKeyMapError https://developers.google.com/maps/documentation/javascript/error-messages#missing-key-map-error
(anonymous) @ AuthenticationService.Authenticate?1shttps%3A%2F%2Fexample.com%2Fcheckout%2Fonepage%2F&callbac…:1
prototype.js:1739 GET https://exmample.com/checkout/onepage/progress/?prevStep=billing 403 (Forbidden)
prototype.js:1739 GET https://exmample.com/checkout/onepage/progress/?prevStep=shipping 403 (Forbidden)

    Apache Access Log 

    216.206.223.26 - - [17/Jan/2017:13:31:07 -0500] "GET /customer/account/login/ HTTP/1.1" 200 9291 "https://example.com/checkout/cart/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36"
216.206.223.26 - - [17/Jan/2017:13:31:17 -0500] "POST /customer/account/loginPost/ HTTP/1.1" 302 20 "https://example.com/customer/account/login/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36"
216.206.223.26 - - [17/Jan/2017:13:31:18 -0500] "GET /customer/account/ HTTP/1.1" 200 9368 "https://example.com/customer/account/login/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36"
216.206.223.26 - - [17/Jan/2017:13:31:22 -0500] "GET /checkout/onepage/ HTTP/1.1" 200 33989 "https://example.com/customer/account/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36"
216.206.223.26 - - [17/Jan/2017:13:31:48 -0500] "POST /checkout/onepage/saveBilling/ HTTP/1.1" 200 3757 "https://example.com/checkout/onepage/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36"
216.206.223.26 - - [17/Jan/2017:13:31:50 -0500] "POST /checkout/onepage/getAdditional/ HTTP/1.1" 200 24 "https://example.com/checkout/onepage/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36"
216.206.223.26 - - [17/Jan/2017:13:31:50 -0500] "GET /checkout/onepage/progress/?prevStep=billing HTTP/1.1" 403 20 "https://example.com/checkout/onepage/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36"
216.206.223.26 - - [17/Jan/2017:13:31:50 -0500] "GET /checkout/cart/ HTTP/1.1" 200 8213 "https://example.com/checkout/onepage/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36"
216.206.223.26 - - [17/Jan/2017:13:31:50 -0500] "GET /checkout/onepage/progress/?prevStep=shipping HTTP/1.1" 403 20 "https://example.com/checkout/onepage/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36"

    我尝试通过更新prototype.js来修复this.each函数但是没有效果,我不确定它是否相关。

    更新

    当原型尝试发布到https://example.com/checkout/onepage/progress/?prevStep=billing时,这是chrome dev控制台的输出。

    在单页结帐时,您在结算信息中点击下一步时会发生这种情况。然后它转移到运输方法,并在大约1秒后出现错误并重定向到空的购物车页面并将用户注销。然后,不允许用户重新登录。错误仅发生在chrome中。

    我目前的工作理论是,它是ShipperHQ扩展中丢失的谷歌API密钥的无意中的副作用。我正在和客户一起解决这个问题,但我不是百分百肯定的。 Chrome报告的丢失密钥的严重程度高于firefox,因此我希望将其排除在可能的原因之外。

    一般 
    Request URL:https://example.com/checkout/onepage/progress/?prevStep=billing
Request Method:GET
Status Code:403 Forbidden
Remote Address:64.64.18.47:443
    响应标题 
    Cache-Control:no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection:Keep-Alive
Content-Encoding:gzip
Content-Length:20
Content-Type:text/html; charset=UTF-8
Date:Thu, 19 Jan 2017 13:57:53 GMT
Expires:Thu, 19 Nov 1981 08:52:00 GMT
Keep-Alive:timeout=5, max=98
Login-Required:true
Login-Required:true
Pragma:no-cache
Server:Apache
Set-Cookie:frontend=bprTCXGvbgfI1bIrxGuNHHri477ynIVP; expires=Thu, 19-Jan-2017 14:57:53 GMT; Max-Age=3600; path=/; domain=example.com; httponly
Vary:Accept-Encoding
X-Frame-Options:SAMEORIGIN
X-Powered-By:PHP/5.6.14
    请求标题 
    Accept:text/javascript, text/html, application/xml, text/xml, */*
Accept-Encoding:gzip, deflate, sdch, br
Accept-Language:en-US,en;q=0.8
Connection:keep-alive
Cookie:_gat=1; _ga=GA1.2.754122640.1484834242; frontend=bprTCXGvbgfI1bIrxGuNHHri477ynIVP; frontend_cid=s2kuTvouz73D2Zvo; frontend=bprTCXGvbgfI1bIrxGuNHHri477ynIVP
Host:example.com
Referer:https://example.com/checkout/onepage/
User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36
X-Prototype-Version:1.7.3
X-Requested-With:XMLHttpRequest
    查询字符串参数 
    prevStep:billing

2 个答案:

答案 0 :(得分:1)

经过2天的尝试后,结果发现这是一个恶意软件脚本注入到页脚块,只要点击了提交按钮,就会将所有输入数据发布到名为conversion.php的远程第三方脚本。包括用户名,密码,cc#等。

因此,由于某种原因导致创建了重复的frontend cookie。有一个合法的.example.com(http)cookie,其中包含正确的令牌,以及一个伪造的example.com(非http)cookie,其中包含不正确的令牌。

Firefox优先考虑合法烹饪并将其发送到ajax请求标头中,以使其正常工作。

另一方面,

Chrome在请求标头中使用了伪造的cookie,导致403从服务器返回。当收到403时,magento将用户踢回空车并将其记录下来。在此过程中,合法cookie令牌被设置为坏令牌值,并阻止用户再次登录。

Chrome开发工具和网络标签保存了我的培根!

答案 1 :(得分:0)

请检查为该网站设置的Cookie域名。确保不应该有多个cookie域

相关问题
最新问题