Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Internet Explorer: SCRIPT7002: XMLHttpRequest: Network Error 0x2f7d, Could not complete the operation due to error 00002f7d

This problem is driving me nuts. Our web app uses HTTP POST to login users and now IE 10 is aborting the connection and saying:

SCRIPT7002: XMLHttpRequest: Network Error 0x2f7d, Could not complete the operation due to error 00002f7d.

Here are all the details I have

  • IE version 10.0.9.16618, update version 10.0.6. I've also reproduced this on IE version 10.0.9200.16635, update version 10.0.7.
  • The domain is using HTTPS. The problem doesn't occur on HTTP connections
  • I've read that for some reason IE needs to get a certificate before it can do an HTTP POST, so I have HTTP GETs running before my POST request, but now the GET is erroring out. See network flow screen shot. The GET is super simple, just a PING page that returns "I'm up."
  • Asyn is turned off $.ajax({type: 'POST',url: url,async: false...}); I've read in other posts that this matters.
  • The certificate is good, see screen shot.
  • The problem goes away if the site is added as a "trusted site" but that's not really the user experience we're shooting for.
  • This just started about a month ago. Did Microsoft push some new updates recently?
  • I've already read: http://social.msdn.microsoft.com/Forums/windowsapps/en-US/dd5d2762-7643-420e-880a-9bf75554e383/intermittent-xmlhttprequest-network-error-0x2f7d-could-not-complete-the-operation-due-to-error. It doesn't help.

Screen shots:

Network flow: enter image description here

Cert is good:

enter image description here

Any help is greatly appreciated. I've spent a lot of hours on this with no luck. As you would expect this works fine in Chrome and Firefox. If you need any more detail about what's happening please let me know.

Thanks,

like image 324
etherton Avatar asked Jul 16 '13 16:07

etherton


2 Answers

Certificate revocation checks may block the initial JSON POST, but allow subsequent requests after the GET callback

We recently determined that URLMon's code (Win8, Win7, and probably earlier) to ignore certificate revocation check failures is not applied for content uploads (e.g. HTTP POST). Hence, if a Certificate Revocation check fails, that is fatal to the upload (e.g. IE will show a Page Cannot Be Displayed error message; other clients would show a different error). However, this rarely matters in the real world because in most cases, the user first performs a download (HTTP GET) from the target HTTPS site, and as a result the server's certificate is cached with the "ignore revocation check failures" exemption for the lifetime of the process and thus a subsequent POST inherits that flag and succeeds. The upload fails if the very first request to the HTTPS site in the current process was for an upload (e.g. as in a cross-origin POST request).

Here is how it works:

A little background: When a web browser initiates a HTTPS handshake with a web server, the server immediately sends down a digital certificate. The hostname of the server is listed inside the digital certificate, and the browser compares it to the hostname it was attempting to reach. If these hostnames do not match, the browser raises an error.

The matching-hostnames requirement causes a problem if a single-IP is configured to host multiple sites (sometimes known as “virtual-hosting”). Ordinarily, a virtual-hosting server examines the HTTP Host request header to determine what HTTP content to return. However, in the HTTPS case, the server must provide a digital certificate before it receives the HTTP headers from the browser. SNI resolves this problem by listing the target server’s hostname in the SNI extension field of the initial client handshake with the secure server. A virtual-hosting server may examine the SNI extension to determine which digital certificate to send back to the client.

The GET may be victim of the operation aborted scenario:

The HTML file is being parsed, and encounters a script block. The script block contains inline script which creates a new element and attempts to add it to the BODY element before the closing BODY tag has been encountered by the parser.

<body>
  <div>
    <script>document.body.appendChild(newElem)</script>
  </div>
</body>

Note that if I removed the <div> element, then this problem would not occur because the script block's immediate parent would be BODY, and the script block's immediate parent is immune to this problem.

References

  • Understanding Certificate Revocation Checks

  • Client Certificates vs Server Certificates

  • Understanding and Managing the Certificate Stores

  • Preventing Operation Aborted Scenarios

  • HTTPS Improvements in IE

  • Online Certificate Status Protocol - OCSP

like image 142
Paul Sweatte Avatar answered Oct 21 '22 10:10

Paul Sweatte


[SOLVED]

I only observed this error today. for me the Error code was different though.

SCRIPT7002: XMLHttpRequest: Network Error 0x2efd, Could not complete the operation due to error 00002efd.

I was occuring randomly and not all time. but what it noticed is, if it comes it comes for subsequent ajax calls.. so i put some delay of 5 seconds between the ajax calls and it resolved.

Also the CORS must be configured on your web server.

like image 43
Amit Shah Avatar answered Oct 21 '22 09:10

Amit Shah