[chromium-bugs] Issue 15569 in chromium: Images are fetched twice for POST requests, breaking captchas on orkut.com

Mon, 29 Jun 2009 08:09:32 -0700 

Status: Unconfirmed
Owner: ----
Labels: Type-Bug Pri-2 OS-All Area-Misc

New issue 15569 by orktchromebug: Images are fetched twice for POST  
requests, breaking captchas on orkut.com
http://code.google.com/p/chromium/issues/detail?id=15569

Chrome Version       : 2.0.127.33 (Official Build )
URLs (if applicable) : See steps below
Other browsers tested:
   Add OK or FAIL after other browsers where you have tested this issue:
      Safari 4: OK
   Firefox 3.x: OK
          IE 7: OK
          IE 8: OK

What steps will reproduce the problem?
1.Login to orkut.com with user "orktchrome...@gmail.com", password
"orangeblue". (This is a demo account for your convenience, you may use
your own account.)
2.Navigate to this URL "http://www.orkut.co.in/Main#CommMsgPost.aspx?
cmm=39966102&tid=5352634947283850117". (Again this link is for your
convenience, you may post to any Orkut community.)
3.Enter any string with a URL such as "google.com" in the "Message" field
and click on submit.
4.You will see a captcha image. Try answering the captcha.
5.Your captcha answer will not be accepted, even if it is correct.

What is the expected result?
The captcha answer should be accepted.

What happens instead?
Correct captcha answers are not accepted even on repeated attempts.

Explanation:
After some digging I discovered that Chrome 2.0 fetches the captcha image
twice, and renders only the result of the former fetch. This can be
verified by using Wireshark to monitor the HTTP requests while performing
the above steps. For your reference, the captcha image is an image tag of
the form <img src="http://www.orkut.com/CaptchaImage?xid=...";>.

On our server (i.e. Orkut) a new captcha string is generated for the user
for every fetch of the captcha image (since it is a request to the
/CaptchaImage servlet). Thus the user ends up seeing the wrong captcha
image (because they are shown the earlier fetched image, not the later
one). Note that this is not reproducible on the latest Chrome 1.0 or 3.0
builds.

--
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings

--~--~---------~--~----~------------~-------~--~----~
Automated mail from issue updates at http://crbug.com/
Subscription options: http://groups.google.com/group/chromium-bugs
-~----------~----~----~----~------~----~------~--~---

Reply via email to