Provisional headers are shown ошибка

This question is related to
google-chrome
http
http-headers
google-chrome-devtools

The resource could be being blocked by an extension (AdBlock in my case).

The message is there because the request to retrieve that resource was never made, so the headers being shown are not the real thing. As explained in the issue you referenced, the real headers are updated when the server responds, but there is no response if the request was blocked.

The way I found about the extension that was blocking my resource was through the net-internals tool in Chrome:

For Latest Versions of chrome

• Type chrome://net-export/ in the address bar and hit enter.
• Start Recording. And save Recording file to local.
• Open the page that is showing problems.
• Go back to net-internals
• You can view Recorded Log file Here https://netlog-viewer.appspot.com/#import
• click on events (###) and use the textfield to find the event related to your resource (use parts of the URL).
• Finally, click on the event and see if the info shown tells you something.

For Older Versions of chrome

• Type chrome://net-internals in the address bar and hit enter.
• Open the page that is showing problems.
• Go back to net-internals, click on events (###) and use the textfield to find the event related to your resource (use parts of the URL).
• Finally, click on the event and see if the info shown tells you something.

I believe it happens when the actual request is not sent. Usually happens when you are loading a cached resource.

For chrome v72+ what solved it for me was only this:

go to chrome://flags/ and disable this 3 flags

• Disable site isolation
• Enable network service
• Runs network service in-process

or you can do it from command line :

chrome --disable-site-isolation-trials --disable-features=NetworkService,NetworkServiceInProcess

why this happen?

It seems that Google is refactoring their Chromium engine into modular structure, where different services will be separated into stand-alone modules and processes. They call this process servicification. Network service is the first step, Ui service, Identity service and Device service are coming up. Google provides the official information at the Chromium project site.

is it dangerous to change that?

An example is networking: once we have a network service we can choose to run it out of process for better stability/security, or in-process if we’re resource constrained. source

I encountered this issue, and I managed to identify a specific cause, which isn’t mentioned above either in answers or the question.

I am running a full js stack, angular front end and node back end on SSL, and the API is on a different domain running on port 8081, so I am doing CORS requests and withCredentials as I am dropping a session cookie from the API

So specifically my scenario was: POST request, withCredentials to port 8081 caused the «CAUTION: provisional headers are shown» message in the inspector and also of course blocked the request all together.

My solution was to set up apache to proxy pass the request from the usual SSL port of 443 to the node SSL port of 8081 (node has to be on a higher port as it cannot be ran as root in prod). So I guess Chrome doesn’t like SSL requests to unconventional SSL ports, but perhaps their error message could be more specific.

This can also happen (for cross-origin requests only) because of a new feature called site isolation

This page details the issue and a work-around. Which is to go to chrome://flags/#site-isolation-trial-opt-out in chrome and change that setting to «Opt-out» and reload chrome.

It’s a known issue. However that page says it’s fixed in chrome 68, but I’m running chrome 68 and I still have the issue.

My situation is cross-origin related.
Situation: Browser sends OPTIONS request before sending the real request like GET or POST. Backend developer forgets to deal with the OPTIONS request, letting it go through the service code, making the processing time too long. Longer than the timeout setting I wrote in the axios initialization, which is 5000 milliseconds. Therefore, the real request couldn’t be sent, and then I encountered the provisional headers are shown problem.
Solution: When it comes to OPTIONS request, backend api just return result, it makes the request faster and the real request can be sent before timeout.

HTTP/2 Pushed resources will produce Provisional headers are shown in the inspector for the same theory as @wvega posted in his answer above.

e.g: Since the server pushed the resource(s) to the client (before the client requested them), the browser has the resources cached and therefore the client never makes/needs a requests; So because…

…the real headers are updated when the server responds, but there is no response if the request was blocked.

I doubt my answer is in time to help you but others might find it helpful. I experienced a similar issue with a jQuery Ajax Post script that i created.

It turned out that i had a typo in the href attribute of the A tag that i was using to fire the post. I had typed href=»javacsript:;» (reversing the ‘s’ and the ‘c’ ).. this caused the script to try to refresh the page while the post was attempting to fire. corrected the typo and it worked perfectly fine for me.

This message can occur when the website is protected using HSTS. Then, when someone links to the HTTP version of the URL, the browser, as instructed by HSTS, does not issue an HTTP request, but internally redirects to the HTTPS resource securely. This is to avoid HTTPS downgrade attacks such as sslstrip.

That might because you sent an Ajax request, at the same time you jump your page to another one using location.href or something like that. So the previous request failed.

I ran into this issue with an AJAX call that would never complete. I followed wvega’s advice and tip about debugging with chrome://net-internals to eventually determine another click event handler in the page, listening on a parent node, was causing the browser to navigate to the same URL (so it wasn’t easily noticeable).

The solution was to add event.stopPropagation() in a click handler on the form submit button to keep the click from bubbling up the DOM and canceling the AJAX request in progress (initiated via a submit handler on the form).

In my case it was just a false set path in to a resource (svg / img)

A common reason this happens is if you are tracking an event and you don’t prevent the default action. For example, if you have a click event, then you will want to include:

e.preventDefault();

or

return false;

If you don’t, you will see the provisional headers warning as well as a «canceled» status in the Network tab of your web console.

This caution message also occurs if the response is invalid and therefore dropped by the browser.

In my case the request was correctly sent to the server, the server-side code then produced an error and my custom error handling returned the error message in the HTTP status message field. But this error was not received on the client side, due to invalid characters in the error message (described here http://aspnetwebstack.codeplex.com/workitem/1386) which resulted in corrupt response headers.

I’ve had this come up very recently (today in fact) where I’ve had an AJAX call go out to the server and Chrome fires off the «Caution: Provisional headers are shown.» In the server side PHP scripting, there are MySQL queries that can be pretty much instant or take a few seconds depending on the given scenario. My server response isn’t sent back to the browser until the queries are completed. I’ve found I get this error only when time consuming queries (up to a few seconds total) are being done and prevent the response from being sent back.

My scenario involves the very rare possibility of having to alter a table by adding/removing hundreds of columns for weather model output…hence the response lag from iterating through a loop of ALTER TABLE queries.

This issue occurred to me when I was sending an invalid HTTP Authorization header. I forgot to base64 encode it.

I came across this and it went away when I switched from https to http. The SSL certs we use in dev aren’t verified by a 3rd party. They’re just locally generated dev certs.

The same calls work just fine in Chrome Canary and Firefox. These browsers don’t appear to be as strict about the SSL cert as Chrome is. The calls would fail in Chrome with the «CAUTION: Provisional headers…» message.

I think/hope that when we use a legit SSL cert in stage and prod, we won’t see this behavior in Chrome anymore.

Another possible scenario I’ve seen — the exact same request is being sent again just after few milliseconds (most likely due to a bug in the client side).
In that case you’ll also see that the status of the first request is «canceled» and that the latency is only several milliseconds.

I ran this issue when I tried to load main.js for require js for the second time after I made changes as a result from error .
I just turned on in Developer Tools Settings «Disable Cache (When DevTools is Open)» .
and that did the charm.

Just throwing in my two cents. I’m writing a Web Application using CORS requests and a full RESTful web service. I have found chrome will throw this error when I have an unhanded exception or a PHP Error thrown. Just incase anyone else runs into the problem. I found that when this happens I can fire up the Chrome App «Postman — Rest Client» and run the exact same request but in the Chrome App I’ll actually get the PHP Error thats being thrown instead of this non descriptive error.

This was happening for me, when I had a download link and after clicking on it I was trying also to catch the click with jquery and send an ajax request. The problem was because when you are clicking on the download link, you are leaving the page, even it does not look so. If there would no file transfer, you would see the requested page.. So I set a target=»_blank» for preventing this issue.

I got this error when I tried to print a page in a popup. The print dialog was show and it still waiting my acceptance or cancellation of the printing in the popup while in the master page also was waiting in the background showing the message CAUTION provisional headers are shown when I tried to click another link.

In my case the solution was to remove the window.print (); script that it was executing on the <body> of the popup window to prevent the print dialog.

Use this code fist of your code:

header('Cache-Control: no-cache, no-store, must-revalidate');
header('Pragma: no-cache');
header('Expires: 0');

This works for me.

I saw this occur when the number of connections to my server exceeded Chrome’s max-connections-per-server limit of 6.

Here is another solution.

If you encounter this issue with $ajax() call, add http:// before your serverhost will solve your problem.

var requestURL = "http://" + serverHost;
$.ajax({
    dataType: "json",
    url: requestURL,
    data: data,
    success: success    
});

If you are developing an Asp.Net Mvc application and you are trying to return a JsonResult in your controller, make sure you add JsonRequestBehavior.AllowGet to the Json method. That fixed it for me.

public JsonResult GetTaskSubCategories(int id)
{
    var subcategs = FindSubCategories(id);

    return Json(subcategs, JsonRequestBehavior.AllowGet);  //<-- Notice it has two parameters
}

The reason why this header shows is that: your request don’t send to remote.

It usually caused by

1. Extension has blocks your request
2. Chrome use own cache to fetch your resource

Chrome cannot get your request headers from a request that haven’t made.

A recent version of chrome has indicate these:

Only Provisional headers are avaliable because this request was not sent over the network and instead was served from a local cache,
which doesn’t store the original request headers.

Disable cache to see full request headers

Try reloading the page with ctrl + shift +F5 and then check the request headers again

Full headers are not shown because there can be a chance that request is not going to the servers and instead is served directly from Browser’s cache for example using service workers

I had this issue when sending parameters in the AJAX URL propertylike
http://10.165.10.160:82/services?param1=xxxx&param2=xxxx

If you want to perform a get request (e.g. send parameterized url), do not add them in the url property, do it in data object instead:

        <script>
        $.ajax({
        url: "http://10.160.10.160:82/services/STD_ERROR.php",
        data: {
            StatusText: StatusText,
            Status: Status,
            UserCode: UserCode,
            FUNC_CODE: FuncCode,
            ErrorDescription: ErrorDescription
        },
        type: "GET",
        crossDomain: true,
        cache: false
    }).done(data => {
        console.log(data)
    }).fail(function(xhr, status, error) {
        console.log(xhr.ErrorDescription)
    });
</script>

This issue will also occur while using some packages like webpack-hot-middleware and open multiple pages at the same time. webpack-hot-middleware will create a connection for each page for listening to the changes of code then to refresh the page. Each browser has a max-connections-per-server limitation which is 6 for Chrome, so if you have already opened more than 6 pages in Chrome, the new request will be hung there until you close some pages.

«Caution: provisional headers are shown» message can be shown when website hosted on HTTPS invokes a calls to WebApi hosted on HTTP. You can check all if all your Api’s are HTTPS. Browser prevents to do a call to insecure resource. You can see similar message in your code when use FETCH API to domain with HTTP.

Mixed Content: The page at ‘https://website.com’ was loaded over HTTPS, but requested an insecure resource ‘http://webapi.com’. This request has been blocked; the content must be served over HTTPS.

This could be a CORS issue.
try enabling CORS for you api.

For WebApi

  var cors = new EnableCorsAttribute("*", "*", "*");
            config.EnableCors(cors);

In my case the cause was AdBlock extension.

The request to server went through and I got the response but I could not see the request cookies due to «Provisional headers..» being shown in Dev tools. After disabling AdBlock for the site, the warning went away and dev tools started to show the cookies again.

For the change to take effect, it was also necessary to close the Dev tools and refresh the page

I had a similar issue with my MEAN app. In my case, the issue was happening in only one get request. I tried with removing adblock, tried clearing cache and tried with different browsers. Nothing helped.

finally, I have figured out that the api was trying to return a huge JSON object. When I have tried to send a small object, it was working fine. Finally, I have changed my implementation to return a buffer instead of a JSON.

I wish expressJS to throw an error in this case.

In my case, the body parameters I was sending in the post request, and logic I have writting depending on the body parameters were wrong, so the response was not able to be sent. so I was getting this error.

 example: post request body (a: alsldfjfj) which I was sending

but I had written the code for validating «b» instead of «a»

Questions with google-chrome tag:

• SessionNotCreatedException: Message: session not created: This version of ChromeDriver only supports Chrome version 81
• SameSite warning Chrome 77
• What’s the net::ERR_HTTP2_PROTOCOL_ERROR about?
• session not created: This version of ChromeDriver only supports Chrome version 74 error with ChromeDriver Chrome using Selenium
• Jupyter Notebook not saving: ‘_xsrf’ argument missing from post
• How to fix ‘Unchecked runtime.lastError: The message port closed before a response was received’ chrome issue?
• Selenium: WebDriverException:Chrome failed to start: crashed as google-chrome is no longer running so ChromeDriver is assuming that Chrome has crashed
• WebDriverException: unknown error: DevToolsActivePort file doesn’t exist while trying to initiate Chrome Browser
• How to make audio autoplay on chrome
• How to handle «Uncaught (in promise) DOMException: play() failed because the user didn’t interact with the document first.» on Desktop with Chrome 66?
• how to open Jupyter notebook in chrome on windows
• Access Control Origin Header error using Axios in React Web throwing error in Chrome
• Invalid self signed SSL cert — «Subject Alternative Name Missing»
• Chrome violation : [Violation] Handler took 83ms of runtime
• Getting Error «Form submission canceled because the form is not connected»
• Violation Long running JavaScript task took xx ms
• Which ChromeDriver version is compatible with which Chrome Browser version?
• In Chrome 55, prevent showing Download button for HTML 5 video
• Why does this «Slow network detected…» log appear in Chrome?
• A Parser-blocking, cross-origin script is invoked via document.write — how to circumvent it?
• Disable Chrome strict MIME type checking
• Cannot open local file — Chrome: Not allowed to load local resource
• Chrome dev tools fails to show response even the content returned has header Content-Type:text/html; charset=UTF-8
• «Uncaught TypeError: a.indexOf is not a function» error when opening new foundation project
• Is there any way to debug chrome in any IOS device
• net::ERR_INSECURE_RESPONSE in Chrome
• How to change the locale in chrome browser
• What does ==$0 (double equals dollar zero) mean in Chrome Developer Tools?
• How to prevent «The play() request was interrupted by a call to pause()» error?
• Disable-web-security in Chrome 48+
• When you use ‘badidea’ or ‘thisisunsafe’ to bypass a Chrome certificate/HSTS error, does it only apply for the current site?
• How to open a link in new tab (chrome) using Selenium WebDriver?
• How to open google chrome from terminal?
• HTML 5 Video «autoplay» not automatically starting in CHROME
• Chrome / Safari not filling 100% height of flex parent
• Chrome:The website uses HSTS. Network errors…this page will probably work later
• Can a website detect when you are using Selenium with chromedriver?
• What is the «Upgrade-Insecure-Requests» HTTP header?
• require is not defined? Node.js
• Where does Chrome store cookies?
• Chrome net::ERR_INCOMPLETE_CHUNKED_ENCODING error
• Understanding Chrome network log «Stalled» state
• Edit and replay XHR chrome/firefox etc?
• Force hide address bar in Chrome on Android
• Google Chrome forcing download of «f.txt» file
• SSL cert «err_cert_authority_invalid» on mobile chrome only
• Run chrome in fullscreen mode on Windows
• «Proxy server connection failed» in google chrome
• How do I execute .js files locally in my browser?
• Google Chrome: This setting is enforced by your administrator

Questions with http tag:

• Access blocked by CORS policy: Response to preflight request doesn’t pass access control check
• Axios Delete request with body and headers?
• Read response headers from API response — Angular 5 + TypeScript
• Android 8: Cleartext HTTP traffic not permitted
• Angular 4 HttpClient Query Parameters
• Load json from local file with http.get() in angular 2
• Angular 2: How to access an HTTP response body?
• What is HTTP «Host» header?
• Golang read request body
• Angular 2 — Checking for server errors from subscribe
• How to read values from the querystring with ASP.NET Core?
• How to correctly set Http Request Header in Angular 2
• http post — how to send Authorization header?
• Chrome dev tools fails to show response even the content returned has header Content-Type:text/html; charset=UTF-8
• Page loaded over HTTPS but requested an insecure XMLHttpRequest endpoint
• Send FormData with other field in AngularJS
• CORS with POSTMAN
• Send multipart/form-data files with angular using $http
• Response to preflight request doesn’t pass access control check
• How to catch exception correctly from http.request()?
• Setting query string using Fetch GET request
• How to create cross-domain request?
• Angular2 http.get() ,map(), subscribe() and observable pattern — basic understanding
• How to pass url arguments (query string) to a HTTP request on Angular?
• How to send an HTTP request with a header parameter?
• How to send a POST request from node.js Express?
• Use .htaccess to redirect HTTP to HTTPs
• What is the «Upgrade-Insecure-Requests» HTTP header?
• Send POST parameters with MultipartFormData using Alamofire, in iOS Swift
• How to make HTTP Post request with JSON body in Swift
• What is the difference between PUT, POST and PATCH?
• Difference between request.getSession() and request.getSession(true)
• Go doing a GET request and building the Querystring
• javax.net.ssl.SSLException: Read error: ssl=0x9524b800: I/O error during system call, Connection reset by peer
• Correct way to set Bearer token with CURL
• Why is an OPTIONS request sent and can I disable it?
• How to get http headers in flask?
• Understanding Chrome network log «Stalled» state
• REST API — Bulk Create or Update in single request
• What is the difference between HTTP 1.1 and HTTP 2.0?
• Use of PUT vs PATCH methods in REST API real life scenarios
• How does OkHttp get Json string?
• Returning http 200 OK with error within response body
• POST request with a simple string in body with Alamofire
• REST API error code 500 handling
• Correct way of getting Client’s IP Addresses from http.Request
• Proper way to set response status and JSON content in a REST API made with nodejs and express
• How to define the basic HTTP authentication using cURL correctly?
• How to get response body using HttpURLConnection, when code other than 2xx is returned?
• wget: unable to resolve host address `http’

• Set cookies for cross origin requests
• Adding a HTTP header to the Angular HttpClient doesn’t send the header, why?
• Passing headers with axios POST request
• What is HTTP «Host» header?
• CORS error :Request header field Authorization is not allowed by Access-Control-Allow-Headers in preflight response
• Using Axios GET with Authorization Header in React-Native App
• Axios get access to response header fields
• Custom header to HttpClient request
• Send multipart/form-data files with angular using $http
• Best HTTP Authorization header type for JWT
• How to add headers to OkHttp request interceptor?
• What is the «Upgrade-Insecure-Requests» HTTP header?
• How does Content Security Policy (CSP) work?
• Change user-agent for Selenium web-driver
• How to get http headers in flask?
• What exactly does the Access-Control-Allow-Credentials header do?
• How to set a header for a HTTP GET request, and trigger file download?
• What are all the possible values for HTTP «Content-Type» header?
• «CAUTION: provisional headers are shown» in Chrome debugger
• How does «304 Not Modified» work exactly?
• Download text/csv content as files from server in Angular
• Keep-alive header clarification
• Do I need Content-Type: application/octet-stream for file download?
• Forward request headers from nginx proxy server
• How to add header data in XMLHttpRequest when using formdata?
• How to get host name with port from a http or https request
• How to set a header in an HTTP response?
• What is «X-Content-Type-Options=nosniff»?
• Android : Capturing HTTP Requests with non-rooted android device
• HTTP post XML data in C#
• S3 — Access-Control-Allow-Origin Header
• What’s the point of the X-Requested-With header?
• What is http multipart request?
• Adding a custom header to HTTP request using angular.js
• What’s the difference of $host and $http_host in Nginx
• How to add a response header on nginx when using proxy_pass?
• How to prevent Browser cache for php site
• Duplicate headers received from server
• Possible reason for NGINX 499 error codes
• What is Cache-Control: private?
• Setting HTTP headers
• Access-Control-Allow-Origin: * in tomcat
• Set HTTP header for one request
• Getting HTTP code in PHP using curl
• How to prevent http file caching in Apache httpd (MAMP)
• Python send POST with header
• Set Content-Type to application/json in jsp file
• Difference between Pragma and Cache-Control headers?
• Access Control Request Headers, is added to header in AJAX request with jQuery
• Getting only response header from HTTP POST using curl

• When adding a Javascript library, Chrome complains about a missing source map, why?
• Chrome dev tools fails to show response even the content returned has header Content-Type:text/html; charset=UTF-8
• Is there any way to debug chrome in any IOS device
• Is it possible to open developer tools console in Chrome on Android phone?
• What does ==$0 (double equals dollar zero) mean in Chrome Developer Tools?
• Understanding Chrome network log «Stalled» state
• How to use color picker (eye dropper)?
• Bizarre Error in Chrome Developer Console — Failed to load resource: net::ERR_CACHE_MISS
• Google Chromecast sender error if Chromecast extension is not installed or using incognito
• How to open the Chrome Developer Tools in a new window?
• How to find what code is run by a button or element in Chrome using Developer Tools
• Copying HTML code in Google Chrome’s inspect element
• What’s the difference between «Request Payload» vs «Form Data» as seen in Chrome dev tools Network tab
• Chrome DevTools Devices does not detect device when plugged in
• How does Facebook disable the browser’s integrated Developer Tools?
• «CAUTION: provisional headers are shown» in Chrome debugger
• How do I download/extract font from chrome developers tools?
• Console.log not working at all
• How can I force a hard reload in Chrome for Android
• jQuery’s jquery-1.10.2.min.map is triggering a 404 (Not Found)
• Freeze screen in chrome debugger / DevTools panel for popover inspection?
• Chrome Dev Tools — Modify javascript and reload
• Making HTTP Requests using Chrome Developer tools
• How to disable JavaScript in Chrome Developer Tools?
• How can I inspect element in an Android browser?
• How to terminate script execution when debugging in Google Chrome?
• Paused in debugger in chrome?
• Automatically open Chrome developer tools when new tab/new window is opened
• iOS Remote Debugging
• How to use Chrome’s network debugger with redirects
• Javascript Debugging line by line using Google Chrome
• How do I view events fired on an element in Chrome DevTools?
• How to reposition Chrome Developer Tools
• Find JavaScript function definition in Chrome
• Using Chrome’s Element Inspector in Print Preview Mode?
• Calling a Javascript Function from Console
• How can I inspect element in chrome when right click is disabled?
• Colors in JavaScript console
• How to force Chrome’s script debugger to reload javascript?
• Resource interpreted as Document but transferred with MIME type application/json warning in Chrome Developer Tools
• How to save CSS changes of Styles panel of Chrome Developer Tools?
• Disabling Chrome cache for website development
• Tools to selectively Copy HTML+CSS+JS From A Specific Element of DOM
• See :hover state in Chrome Developer Tools
• View HTTP headers in Google Chrome?
• How to search all loaded scripts in Chrome Developer Tools?
• What do the crossed style properties in Google Chrome devtools mean?
• Is there a way to get the XPath in Google Chrome?
• View list of all JavaScript variables in Google Chrome Console
• How do I debug Node.js applications?