Status: Unconfirmed Owner: ---- Labels: Type-Bug Pri-2 OS-All Area-Misc New issue 15569 by orktchromebug: Images are fetched twice for POST requests, breaking captchas on orkut.com http://code.google.com/p/chromium/issues/detail?id=15569
Chrome Version : 2.0.127.33 (Official Build ) URLs (if applicable) : See steps below Other browsers tested: Add OK or FAIL after other browsers where you have tested this issue: Safari 4: OK Firefox 3.x: OK IE 7: OK IE 8: OK What steps will reproduce the problem? 1.Login to orkut.com with user "orktchrome...@gmail.com", password "orangeblue". (This is a demo account for your convenience, you may use your own account.) 2.Navigate to this URL "http://www.orkut.co.in/Main#CommMsgPost.aspx? cmm=39966102&tid=5352634947283850117". (Again this link is for your convenience, you may post to any Orkut community.) 3.Enter any string with a URL such as "google.com" in the "Message" field and click on submit. 4.You will see a captcha image. Try answering the captcha. 5.Your captcha answer will not be accepted, even if it is correct. What is the expected result? The captcha answer should be accepted. What happens instead? Correct captcha answers are not accepted even on repeated attempts. Explanation: After some digging I discovered that Chrome 2.0 fetches the captcha image twice, and renders only the result of the former fetch. This can be verified by using Wireshark to monitor the HTTP requests while performing the above steps. For your reference, the captcha image is an image tag of the form <img src="http://www.orkut.com/CaptchaImage?xid=...">. On our server (i.e. Orkut) a new captcha string is generated for the user for every fetch of the captcha image (since it is a request to the /CaptchaImage servlet). Thus the user ends up seeing the wrong captcha image (because they are shown the earlier fetched image, not the later one). Note that this is not reproducible on the latest Chrome 1.0 or 3.0 builds. -- You received this message because you are listed in the owner or CC fields of this issue, or because you starred this issue. You may adjust your issue notification preferences at: http://code.google.com/hosting/settings --~--~---------~--~----~------------~-------~--~----~ Automated mail from issue updates at http://crbug.com/ Subscription options: http://groups.google.com/group/chromium-bugs -~----------~----~----~----~------~----~------~--~---