Onepage checkout fails in chrome

0
votes

I am trying to debug a clients site which is receiving an error in Chrome preventing users from checking out. It only happens in chrome, firefox and IE both work correctly.

Steps to reproduce:

  1. Add item to cart.
  2. Go to checkout.
  3. Enter billing information and click continue.
  4. Page redirects to cart and logs user out.
  5. User unable to log back in until cookies are deleted via devtools -> application
  6. Repeat

Magento 1.9.2.4

Chrome devtools log

Uncaught TypeError: this.each is not a function
    at NodeList.detect (prototype.js:905)
    at <anonymous>:1:86
Google Maps API error: MissingKeyMapError https://developers.google.com/maps/documentation/javascript/error-messages#missing-key-map-error
(anonymous) @ AuthenticationService.Authenticate?1shttps%3A%2F%2Fexample.com%2Fcheckout%2Fonepage%2F&callbac…:1
prototype.js:1739 GET https://exmample.com/checkout/onepage/progress/?prevStep=billing 403 (Forbidden)
prototype.js:1739 GET https://exmample.com/checkout/onepage/progress/?prevStep=shipping 403 (Forbidden)

Apache Access Log

216.206.223.26 - - [17/Jan/2017:13:31:07 -0500] "GET /customer/account/login/ HTTP/1.1" 200 9291 "https://example.com/checkout/cart/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36"
216.206.223.26 - - [17/Jan/2017:13:31:17 -0500] "POST /customer/account/loginPost/ HTTP/1.1" 302 20 "https://example.com/customer/account/login/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36"
216.206.223.26 - - [17/Jan/2017:13:31:18 -0500] "GET /customer/account/ HTTP/1.1" 200 9368 "https://example.com/customer/account/login/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36"
216.206.223.26 - - [17/Jan/2017:13:31:22 -0500] "GET /checkout/onepage/ HTTP/1.1" 200 33989 "https://example.com/customer/account/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36"
216.206.223.26 - - [17/Jan/2017:13:31:48 -0500] "POST /checkout/onepage/saveBilling/ HTTP/1.1" 200 3757 "https://example.com/checkout/onepage/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36"
216.206.223.26 - - [17/Jan/2017:13:31:50 -0500] "POST /checkout/onepage/getAdditional/ HTTP/1.1" 200 24 "https://example.com/checkout/onepage/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36"
216.206.223.26 - - [17/Jan/2017:13:31:50 -0500] "GET /checkout/onepage/progress/?prevStep=billing HTTP/1.1" 403 20 "https://example.com/checkout/onepage/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36"
216.206.223.26 - - [17/Jan/2017:13:31:50 -0500] "GET /checkout/cart/ HTTP/1.1" 200 8213 "https://example.com/checkout/onepage/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36"
216.206.223.26 - - [17/Jan/2017:13:31:50 -0500] "GET /checkout/onepage/progress/?prevStep=shipping HTTP/1.1" 403 20 "https://example.com/checkout/onepage/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36"

I attempted to fix the this.each function by updating prototype.js but that had no effect and I'm not sure if it's related.

Update

This is the output from chrome dev console when prototype attemps to post to https://example.com/checkout/onepage/progress/?prevStep=billing.

This occurs when in the one page checkout and you click next in billing information. It then moves to shipping methods and after ~1 second it errors and redirects to an empty cart page and logs the user out. The user is then not allowed to log back in. The error only occurs in chrome.

My current working theory is that it is an inadvertent side effect of the missing google api key in the ShipperHQ extension. I'm working with the customer to resolve this but I'm not 100% sure. Chrome is reporting the missing key with a higher severity than firefox is so I want to eliminate that as a possible cause.

General 
Request URL:https://example.com/checkout/onepage/progress/?prevStep=billing
Request Method:GET
Status Code:403 Forbidden
Remote Address:64.64.18.47:443
Response Headers 
Cache-Control:no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection:Keep-Alive
Content-Encoding:gzip
Content-Length:20
Content-Type:text/html; charset=UTF-8
Date:Thu, 19 Jan 2017 13:57:53 GMT
Expires:Thu, 19 Nov 1981 08:52:00 GMT
Keep-Alive:timeout=5, max=98
Login-Required:true
Login-Required:true
Pragma:no-cache
Server:Apache
Set-Cookie:frontend=bprTCXGvbgfI1bIrxGuNHHri477ynIVP; expires=Thu, 19-Jan-2017 14:57:53 GMT; Max-Age=3600; path=/; domain=example.com; httponly
Vary:Accept-Encoding
X-Frame-Options:SAMEORIGIN
X-Powered-By:PHP/5.6.14
Request Headers 
Accept:text/javascript, text/html, application/xml, text/xml, */*
Accept-Encoding:gzip, deflate, sdch, br
Accept-Language:en-US,en;q=0.8
Connection:keep-alive
Cookie:_gat=1; _ga=GA1.2.754122640.1484834242; frontend=bprTCXGvbgfI1bIrxGuNHHri477ynIVP; frontend_cid=s2kuTvouz73D2Zvo; frontend=bprTCXGvbgfI1bIrxGuNHHri477ynIVP
Host:example.com
Referer:https://example.com/checkout/onepage/
User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36
X-Prototype-Version:1.7.3
X-Requested-With:XMLHttpRequest
Query String Parameters 
prevStep:billing
2
magentomagento-1.9onepage-checkout

2 Answers

2
votes

After 2 day of trying figure this out it turned out to be a malware script injected to the footer block that was posting all input data to a remote third party script called conversion.php whenever a submit button was clicked. Including usernames, passwords, cc# etc.

As a result it was causing a duplicate frontend cookie to be created for some reason. There was a legitimate .example.com (http) cookie with the correct token, and a bogus example.com (non-http) cookie with an incorrect token.

Firefox was giving precedence to the legitimate cooking and sending it in the ajax request headers allowing it to work properly.

Chrome on the other hand was using the bogus cookie in the request headers which cause the 403 to come back from the server. When the 403 was received magento kicked the user back to an empty cart and logged them out. In the process the legitimate cookie token was set to the bad token value and it prevented the user from being able to login again.

Chrome dev tools and the network tab saved my bacon!

0
votes

Please check what cookie domain set for the site. Make sure there should not bee multiple cookie domain