continued get "RPC: request rejected (bad origin)" errors in console

qukankan August 12, 2020

I get this error logs in console, if i don't close the editor dialog, the error nummber increased all the time, will not stoped. I post the screenshot and also my host url, it's the same domain, also the Server base url is the same.

can't understand why the error says bad origin.

I find only one related issues in community.atlassian.com

https://community.atlassian.com/t5/Confluence-questions/RPC-request-rejected-bad-origin-in-Confluence-Development/qaq-p/597298

But the errors are still there, even i turned off the Collaborative Editing...

 

Pls check what happend.

 

Errors:

image.png

 

My domain:image.png

 

Server base url setting:image.png

1 answer

1 accepted

0 votes
Answer accepted
Shannon S
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
August 17, 2020

Hello @qukankan,

Thank you for bringing this up to us. We will need more information about your issue.

  1. When did this last work for you? Have you recently upgraded?
  2. Can you let us know the circumstances under which you are encountering this error? It sounds like you might be getting it while editing a page, but I'm not entirely sure.
  3. Please also confirm if you are accessing your Confluence site from behind a firewall or (reverse) proxy. If so, do you still encounter the error when you bypass the proxy?

I would recommend going through the steps in the article below in order to troubleshoot. The error message is very similar so it can help you to solve your issue: After upgrading Confluence, you are unable to create new pages or spaces

If you still encounter errors, it will help if you can gather some more information from your log files about this, including:

  • A HAR file generated while editing a page.
  • A copy or screenshot of the error from the console
  • A copy of the stack trace from your Confluence support log from when the issue occurs

Looking forward to hearing from you on this!

Shannon

qukankan August 17, 2020

Hi @Shannon S thx for your attention.

 

1. This is new installed Confluence, version 7.4.3.

2. Sometimes wenn i open a marco, the content will not show itself. Then i open Chrome console, want to see if some Request are failed, see the lot's of RPC: request rejected (bad origin) was printed.

3. My confluence is running behinde a Nginx. But i didn't get any error in nginx logs (acess.log and error.log).

 

Where can i upload the HAR file? I only find a insert photo button.

 

I notice, in chrome Incognito mode the error is not happen. 

 

this is screenshot in Incognito mode, no error in console.

 image.png

and this is normal mode:

image.png

 

Both was print from the same line: "batch.js?locale=en-US:1980". But they have different beheavior. 

 

wenn i click the link, see this code with a nitification, maybe it can help to figure out what happend.

image.png

 

 

thx.

Shannon S
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
August 19, 2020

Thank you for the additional information.

If you do not encounter the issue when using Chrome in Incognito mode, then it generally means that something outside of Confluence is causing the issue

Do you currently have any add-ons enabled in Chrome? If so, you'll want to disable them all to see if you still have the problem. Clearing your browser cache and history may also help.

If you continue to have the issue, the next thing I recommend is bypassing your firewall or proxy. We want to rule out that your network setup isn't causing the issue with Confluence.

Thank you!

Shannon

qukankan August 20, 2020

Sounds reasonable, but the problme is, the error was print from confluence script, exactly from this one:

 

截屏2020-08-20 上午9.02.35.png截屏2020-08-20 上午9.04.56.png

 

 

After futher investigate (by disable each chrome plugin), i fund the conflict, which is Augury. This is a dev tools for Angular application.

 

But i can't understand why the "batch.js" print RPC Bad Origin error, wenn the Augury Plugin is enabled.

 

If we can get an reasonable explanation, this ticket can be closed.

 

Otherwise it means, some plugin in chrome can triger some function in Confluence Scripts?

Can it be a vulnerability?

 

Thx.

Daniel Eads
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
August 21, 2020

Hi @qukankan , Shannon has asked me to provide some insight on the Augury extension's incompatibility with Confluence.

When installing Augury in Chrome, you grant it read/write permissions to all sites:

image.png

Given this very wide permission scoping, it's not unexpected that the extension may be able to make changes on a site that conflict with the site's internal workings via its own scripts. I would not consider this a security vulnerability, in that permission was granted for Augury to make these changes when it was installed in Chrome. More widely, I would consider the usage of Chrome extensions that request read/write on all sites to need more scrutiny.

Chrome doesn't provide a mechanism to use a blocklist with extensions for particular sites. You could however consider changing the permissions Augury has in Chrome (via the settings page for the particular extension) to only activate when you need it:

image.png

 

I would recommend "on specific sites" for this particular extension, and add the URLs for any sites you might be developing. The "on click" option could likely be a bit of a pain since you would need to reload the page after clicking to get the extra information loaded into the developer tools once the extension is allowed to run.

Google themselves have started tightening down what Chrome extensions are allowed to do and permissions they can request in response to issues around the security of the Chrome web store. I definitely understand how extensions like this are helpful and use many myself. However, the security model of extensions in Chrome do allow them to interfere with a site's own functions. Switching extensions might be an option, but I would suggest trying to manually restrict the number of sites extensions are allowed to run on.

Cheers,
Daniel | Atlassian Team

qukankan August 23, 2020

Hi @Daniel Eads 

Thx a lot. Oh my fault, i didn't pay attention to restrict the permissions before. Now after i change the settings all things are fine.

 

@Shannon S also thx u a lot to follow up on this matter :)

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
SERVER
VERSION
7.4.3
TAGS
AUG Leaders

Atlassian Community Events