0

I send a request ONLY ONCE in the browser but got 2 requests logged in the server. One of them is not expected and I wonder which mechanism triggered it.

The details

  1. Only under Chrome (see the HTTP header for version). Safari does not trigger it.
  2. Both of the logged requests are GET requests ( not a preflight I guess )

The differences are in the headers as below shows

enter image description here

The left one is what I'm expecting, as you can see my custom header 'abc'='123' there. The right one I don't really get where is it come from.

I checked 'Sec-fetch-site': 'none' saying that it's a user operation triggered request. But what I do is simply refreshing the browser. And as you can see from 'Referer' header on the left, what I refresh is "localhost:3111/lp/..." not "/sources.list"

The complete headers (don't read, just FYI)

First (expected)

[
  [ 'Host', 'localhost:3111' ],
  [ 'Connection', 'keep-alive' ],
  [
    'sec-ch-ua',
    '"Chromium";v="112", "Google Chrome";v="112", "Not:A-Brand";v="99"'
  ],
  [ 'abc', '123' ],
  [ 'content-type', 'application/json' ],
  [ 'sec-ch-ua-mobile', '?0' ],
  [
    'User-Agent',
    'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.0.0 Safari/537.36'
  ],
  [ 'sec-ch-ua-platform', '"macOS"' ],
  [ 'Accept', '*/*' ],
  [ 'Sec-Fetch-Site', 'same-origin' ],
  [ 'Sec-Fetch-Mode', 'cors' ],
  [ 'Sec-Fetch-Dest', 'empty' ],
  [
    'Referer',
    'http://localhost:3111/lp/44104bf9-c011-4b76-9b28-81416711e827'
  ],
  [ 'Accept-Encoding', 'gzip, deflate, br' ],
  [ 'Accept-Language', 'zh-CN,zh;q=0.9,en;q=0.8,zh-TW;q=0.7' ],
  [
    'Cookie',
    'sessions=%7B%7D; lastSignedIn=emailMagicLink; Idea-2c8ec7e9=7040e8cb-a902-4428-aa83-ee204ad56626; _xsrf=2|25b6023f|81dc3651ce8f50fb7837c48818d2a02a|1677900074; express_sid=s%3AqccgB6sOcy5YBP_MxUDbknYuUGkm8fH3.OFKlxJBixG8AVlmVhdwcoaxnb1W0ibR4N%2BHBRWreFEM; token=t.RmzJJ4wvn8AGgzk6kszg; prefsHttp={%22chatAlwaysVisible%22:true}'
  ]
]

The second (NOT expected)

 [
  [ 'Host', 'localhost:3111' ],
  [ 'Connection', 'keep-alive' ],
  [
    'sec-ch-ua',
    '"Chromium";v="112", "Google Chrome";v="112", "Not:A-Brand";v="99"'
  ],
  [ 'sec-ch-ua-mobile', '?0' ],
  [
    'User-Agent',
    'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.0.0 Safari/537.36'
  ],
  [ 'sec-ch-ua-platform', '"macOS"' ],
  [ 'Accept', '*/*' ],
  [ 'Sec-Fetch-Site', 'none' ],
  [ 'Sec-Fetch-Mode', 'cors' ],
  [ 'Sec-Fetch-Dest', 'empty' ],
  [ 'Accept-Encoding', 'gzip, deflate, br' ],
  [ 'Accept-Language', 'zh-CN,zh;q=0.9,en;q=0.8,zh-TW;q=0.7' ],
  [
    'Cookie',
    'sessions=%7B%7D; lastSignedIn=emailMagicLink; Idea-2c8ec7e9=7040e8cb-a902-4428-aa83-ee204ad56626; _xsrf=2|25b6023f|81dc3651ce8f50fb7837c48818d2a02a|1677900074; express_sid=s%3AqccgB6sOcy5YBP_MxUDbknYuUGkm8fH3.OFKlxJBixG8AVlmVhdwcoaxnb1W0ibR4N%2BHBRWreFEM; token=t.RmzJJ4wvn8AGgzk6kszg; prefsHttp={%22chatAlwaysVisible%22:true}'
  ]
]
sideshowbarker
  • 81,827
  • 26
  • 193
  • 197
addlistener
  • 871
  • 1
  • 12
  • 20
  • Can you share the client-side code that triggers the expected request? – Heiko Theißen Apr 22 '23 at 14:36
  • @HeikoTheißen I'm using trpc so the triggering code is a bit complex (it's not plain old fetch/xhr). But what I can tell you is that when I filter the url requested in the chrome network tab there's only 1 request sent – addlistener Apr 23 '23 at 00:18
  • I just setup a proxy server, which eliminates the chances of my server logging bug, and it indicates that there are indeed 2 requests received. So I guess it's chrome since there's only 1 requests in the network tab – addlistener Apr 23 '23 at 01:18

0 Answers0