1

I am trying to debug a clients site which is receiving an error in Chrome preventing users from checking out. It only happens in chrome, firefox and IE both work correctly.

Steps to reproduce:

  1. Add item to cart.
  2. Go to checkout.
  3. Enter billing information and click continue.
  4. Page redirects to cart and logs user out.
  5. User unable to log back in until cookies are deleted via devtools -> application
  6. Repeat

Magento 1.9.2.4

Chrome devtools log

Uncaught TypeError: this.each is not a function
    at NodeList.detect (prototype.js:905)
    at <anonymous>:1:86
Google Maps API error: MissingKeyMapError https://developers.google.com/maps/documentation/javascript/error-messages#missing-key-map-error
(anonymous) @ AuthenticationService.Authenticate?1shttps%3A%2F%2Fexample.com%2Fcheckout%2Fonepage%2F&callbac…:1
prototype.js:1739 GET https://exmample.com/checkout/onepage/progress/?prevStep=billing 403 (Forbidden)
prototype.js:1739 GET https://exmample.com/checkout/onepage/progress/?prevStep=shipping 403 (Forbidden)

Apache Access Log

216.206.223.26 - - [17/Jan/2017:13:31:07 -0500] "GET /customer/account/login/ HTTP/1.1" 200 9291 "https://example.com/checkout/cart/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36"
216.206.223.26 - - [17/Jan/2017:13:31:17 -0500] "POST /customer/account/loginPost/ HTTP/1.1" 302 20 "https://example.com/customer/account/login/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36"
216.206.223.26 - - [17/Jan/2017:13:31:18 -0500] "GET /customer/account/ HTTP/1.1" 200 9368 "https://example.com/customer/account/login/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36"
216.206.223.26 - - [17/Jan/2017:13:31:22 -0500] "GET /checkout/onepage/ HTTP/1.1" 200 33989 "https://example.com/customer/account/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36"
216.206.223.26 - - [17/Jan/2017:13:31:48 -0500] "POST /checkout/onepage/saveBilling/ HTTP/1.1" 200 3757 "https://example.com/checkout/onepage/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36"
216.206.223.26 - - [17/Jan/2017:13:31:50 -0500] "POST /checkout/onepage/getAdditional/ HTTP/1.1" 200 24 "https://example.com/checkout/onepage/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36"
216.206.223.26 - - [17/Jan/2017:13:31:50 -0500] "GET /checkout/onepage/progress/?prevStep=billing HTTP/1.1" 403 20 "https://example.com/checkout/onepage/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36"
216.206.223.26 - - [17/Jan/2017:13:31:50 -0500] "GET /checkout/cart/ HTTP/1.1" 200 8213 "https://example.com/checkout/onepage/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36"
216.206.223.26 - - [17/Jan/2017:13:31:50 -0500] "GET /checkout/onepage/progress/?prevStep=shipping HTTP/1.1" 403 20 "https://example.com/checkout/onepage/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36"

I attempted to fix the this.each function by updating prototype.js but that had no effect and I'm not sure if it's related.

Update

This is the output from chrome dev console when prototype attemps to post to https://example.com/checkout/onepage/progress/?prevStep=billing.

This occurs when in the one page checkout and you click next in billing information. It then moves to shipping methods and after ~1 second it errors and redirects to an empty cart page and logs the user out. The user is then not allowed to log back in. The error only occurs in chrome.

My current working theory is that it is an inadvertent side effect of the missing google api key in the ShipperHQ extension. I'm working with the customer to resolve this but I'm not 100% sure. Chrome is reporting the missing key with a higher severity than firefox is so I want to eliminate that as a possible cause.

General 
Request URL:https://example.com/checkout/onepage/progress/?prevStep=billing
Request Method:GET
Status Code:403 Forbidden
Remote Address:64.64.18.47:443
Response Headers 
Cache-Control:no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection:Keep-Alive
Content-Encoding:gzip
Content-Length:20
Content-Type:text/html; charset=UTF-8
Date:Thu, 19 Jan 2017 13:57:53 GMT
Expires:Thu, 19 Nov 1981 08:52:00 GMT
Keep-Alive:timeout=5, max=98
Login-Required:true
Login-Required:true
Pragma:no-cache
Server:Apache
Set-Cookie:frontend=bprTCXGvbgfI1bIrxGuNHHri477ynIVP; expires=Thu, 19-Jan-2017 14:57:53 GMT; Max-Age=3600; path=/; domain=example.com; httponly
Vary:Accept-Encoding
X-Frame-Options:SAMEORIGIN
X-Powered-By:PHP/5.6.14
Request Headers 
Accept:text/javascript, text/html, application/xml, text/xml, */*
Accept-Encoding:gzip, deflate, sdch, br
Accept-Language:en-US,en;q=0.8
Connection:keep-alive
Cookie:_gat=1; _ga=GA1.2.754122640.1484834242; frontend=bprTCXGvbgfI1bIrxGuNHHri477ynIVP; frontend_cid=s2kuTvouz73D2Zvo; frontend=bprTCXGvbgfI1bIrxGuNHHri477ynIVP
Host:example.com
Referer:https://example.com/checkout/onepage/
User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36
X-Prototype-Version:1.7.3
X-Requested-With:XMLHttpRequest
Query String Parameters 
prevStep:billing
JeremyC
  • 241
  • 4
  • 14

2 Answers2

2

After 2 day of trying figure this out it turned out to be a malware script injected to the footer block that was posting all input data to a remote third party script called conversion.php whenever a submit button was clicked. Including usernames, passwords, cc# etc.

As a result it was causing a duplicate frontend cookie to be created for some reason. There was a legitimate .example.com (http) cookie with the correct token, and a bogus example.com (non-http) cookie with an incorrect token.

Firefox was giving precedence to the legitimate cooking and sending it in the ajax request headers allowing it to work properly.

Chrome on the other hand was using the bogus cookie in the request headers which cause the 403 to come back from the server. When the 403 was received magento kicked the user back to an empty cart and logged them out. In the process the legitimate cookie token was set to the bad token value and it prevented the user from being able to login again.

Chrome dev tools and the network tab saved my bacon!

JeremyC
  • 241
  • 4
  • 14
0

Please check what cookie domain set for the site. Make sure there should not bee multiple cookie domain

Prasanta Hatui
  • 156
  • 7
  • The cookie domain is set to default and ends being .example.com. I tried changing it and ended up chasing my tail for 4 hours not being able to log in and manually editing the database. Finally i deleted the cookie path and domain rows and was able to log in again. The checkout still isn't working however. – JeremyC Jan 18 '17 at 20:01
  • there is an error in prototype js. this is due to either Ajax expire or some permission issue for creating session files – Prasanta Hatui Jan 19 '17 at 09:46
  • What do you mean by Ajax expire? I updated prototype to latest in an effort to resolve it, but it didn't work. Also, sessions are being created in the database, not in the file system and the table is being populated. Could this be an indirect side effect of the shipperhq extension missing it's google maps api key and the error that chrome is throwing because of it? – JeremyC Jan 19 '17 at 13:26
  • I mean to say check the network in the browser to examine when shipping/billing are posted through ajax then what response are coming? – Prasanta Hatui Jan 19 '17 at 13:40
  • I updated the my original question with the response from the dev console. – JeremyC Jan 19 '17 at 14:20
  • Thank you for helping to point me in the right direction and prompting me to check the network tab. It took a while but I finally figured it out. The answer is above. – JeremyC Jan 19 '17 at 21:17