Error 440 on chrome - embedded dashboard

aviv · March 17, 2020, 11:31am

I got a new error regarding the embedded dashboard inside our product,
all year around the dashboards were fine and present data to clients.
we embedded 3 dashboards in our products.

But 1 week ago all our clients working from home right now and my support team are working too - and all of them cant see the dashboard, they get a blue screen (Dundas splash screen) and they got on the console 440 error message - please see the attached message.
On my computer and on chrome all is working fine and I have some other teammates that everything is fine - but several clients and support team members are not seeing the dashboard on chrome.
What do you think the problem is?
On firefox is working fine.

Thanks for your help!

david.glickman · March 17, 2020, 1:00pm

It may be to do with cookies and user authentication tokens not being updated properly.
Does it work in incognito/private mode? Does clearing cookies and history help?

aviv · March 17, 2020, 1:25pm

Hi @david.glickman,
After clearing cookies and history everything stay the same.
This is the error I got on Dundas app logs -

WebApi failed to get the client ID cookie for TrackUsage. Requested URL: /Dashboard/1d670756-8cfb-49db-9ba1-f6242b8981f4

jeff · March 17, 2020, 1:31pm

I think that this is related to a change in Chrome over the way cookies work in iFrames in a cross domain setup. Most likely you have one domain and another subdomain in the iFrame which is no longer supported by them. This change occurs after Chrome 80 and is going to be compounded by the fact that other browsers use Chromium including the the latest versions of Edge.

Here is Chromes documentation for the breaking change - https://www.chromium.org/updates/same-site

We are aware of this and have taken steps to help - please update to the latest version of Dundas BI. If you continue to have issues, it’s best if you open a ticket to our support team to further assist.

aviv · March 17, 2020, 3:17pm

@jeff
I’m on version 80 and all of my dashboard are working fine, other clients and my colleagues are in version 80 as well and for them is just a blue screen of dundas.
I don’t know if this is related, but I will check it out.
Do you think it’s related to the fact of working from home, it’s started this week.

I already reached to support.

On another topic, I cant update my version - because a lot of my scripts are with “webAppService” and this was pulled off from version 7 - I have above 50 scripts, so right now I can’t update - maybe in several weeks.
So this problem is related to version 6?

Thanks,

costin.manea · March 17, 2020, 3:41pm

Hello @aviv,

I had a similar problem in Firefox a few month ago. My problem was that some functions/methods for Firefox core were changed somehow. If the problem is only in IE is clear that some methods are not supported.

jeff · March 17, 2020, 3:43pm

Hi Aviv,

The problem that I described is on Chrome in general for both version 6 and 7 of Dundas BI. Since version 6 is still officially supported, i understand that the intent was to provide a fix for both versions. Support will be your best resource on this one as i’m not aware of which exact revision this occured and anything that needs to be changed on your end. Can at least get to the latest revision of version 6?

aviv · March 17, 2020, 4:12pm

@jeff
Please saw the screenshot below, this is on my chrome, but I don’t have any error - so what is the problem?

You can see the logs from the console - this is a client that has the 440 error
A cookie associated with a cross-site resource at https://eu.mi.graduway.com/ was set without the SameSite attribute. It has been blocked, as Chrome now only delivers cookies with cross-site requests if they are set with SameSite=None and Secure. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032.
general:1 A cookie associated with a cross-site resource at http://graduway.com/ was set without the SameSite attribute. It has been blocked, as Chrome now only delivers cookies with cross-site requests if they are set with SameSite=None and Secure. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032.
VM44 base.min.js:11 Running window message received from origin ‘https://sussexconnect.org’ which was in the accepted list. If this was not expected, this might be an XSS attack.
VM6 jquery.min.js:6 GET https://eu.mi.graduway.com/api/session/b87f4087-2d9a-46db-b8ef-51f5064ee10d?includeSecureAttributes=false 440
send @ VM6 jquery.min.js:6
ajax @ VM6 jquery.min.js:6
callWebApi @ VM44 base.min.js:3
getSessionById @ VM44 base.min.js:198
invalidateCurrentSession @ VM44 base.min.js:3
ready @ VM44 base.min.js:3
(anonymous) @ VM5 dashboard.min.js:3
l @ VM6 jquery.min.js:4
fireWith @ VM6 jquery.min.js:4
ready @ VM6 jquery.min.js:4
S @ VM6 jquery.min.js:4
VM44 base.min.js:11 session/{0} (GET) error:
status:440 error
response message:An error has occurred.
exception message:The caller is not associated with a valid session.
exception type:Dundas.BI.WebApi.CleanException
stack trace:
VM44 base.min.js:3 Uncaught TypeError: Cannot read property ‘hasPrivilege’ of undefined
at m.checkUserSettingRequirements (VM44 base.min.js:3)
at m.getUserSettings (VM44 base.min.js:3)
at m.onReady (VM44 base.min.js:1445)
at m.onReady (VM44 base.min.js:2)
at m.onReady (VM5 dashboard.min.js:3)
at m.onReady (VM44 base.min.js:2)
at m. (VM44 base.min.js:3)
at m. (VM44 base.min.js:3)
at l (VM6 jquery.min.js:4)
at Object.fireWith [as rejectWith] (VM6 jquery.min.js:4)
checkUserSettingRequirements @ VM44 base.min.js:3
getUserSettings @ VM44 base.min.js:3
onReady @ VM44 base.min.js:1445
(anonymous) @ VM44 base.min.js:2
onReady @ VM5 dashboard.min.js:3
(anonymous) @ VM44 base.min.js:2
(anonymous) @ VM44 base.min.js:3
(anonymous) @ VM44 base.min.js:3
l @ VM6 jquery.min.js:4
fireWith @ VM6 jquery.min.js:4
i. @ VM6 jquery.min.js:4
(anonymous) @ VM44 base.min.js:3
l @ VM6 jquery.min.js:4
fireWith @ VM6 jquery.min.js:4
i. @ VM6 jquery.min.js:4
(anonymous) @ VM44 base.min.js:198
l @ VM6 jquery.min.js:4
fireWith @ VM6 jquery.min.js:4
k @ VM6 jquery.min.js:6
(anonymous) @ VM6 jquery.min.js:6
load (async)
send @ VM6 jquery.min.js:6
ajax @ VM6 jquery.min.js:6
callWebApi @ VM44 base.min.js:3
getSessionById @ VM44 base.min.js:198
invalidateCurrentSession @ VM44 base.min.js:3
ready @ VM44 base.min.js:3
(anonymous) @ VM5 dashboard.min.js:3
l @ VM6 jquery.min.js:4
fireWith @ VM6 jquery.min.js:4
ready @ VM6 jquery.min.js:4
S @ VM6 jquery.min.js:4
1d670756-8cfb-49db-9ba1-f6242b8981f4?logonTokenId=b0eed481-8a0b-442c-9475-9219e64f4da2&vo=viewonly:1 [Intervention] Slow network is detected. See https://www.chromestatus.com/feature/5636954674692096 for more details. Fallback font will be used while loading: https://fonts.gstatic.com/s/lato/v16/S6uyw4BMUTPHjx4wXg.woff2
2VM44 base.min.js:1445 Uncaught TypeError: Cannot read property ‘windowResize’ of null
at m.onResize (VM44 base.min.js:1445)
at m.onResize (VM44 base.min.js:2)
onResize @ VM44 base.min.js:1445
(anonymous) @ VM44 base.min.js:2
setTimeout (async)
(anonymous) @ VM44 base.min.js:3
dispatch @ VM6 jquery.min.js:5
y.handle @ VM6 jquery.min.js:5
base.min.js?v=179234638000:11 DOMException: Blocked a frame with origin “https://eu.mi.graduway.com” from accessing a cross-origin frame.
at m._tryGetParentWindow (https://eu.mi.graduway.com/Scripts/bunches/dundas/base.min.js?v=179234638000:3:26082)
at m.ready (https://eu.mi.graduway.com/Scripts/bunches/dundas/base.min.js?v=179234638000:3:9200)
at HTMLDocument. (https://eu.mi.graduway.com/Scripts/bunches/dundas/logon.min.js?v=179234640000:2:8629)
at l (https://eu.mi.graduway.com/Scripts/bunches/jquery.min.js?v=179234644000:4:24584)
at Object.fireWith [as resolveWith] (https://eu.mi.graduway.com/Scripts/bunches/jquery.min.js?v=179234644000:4:25405)
at Function.ready (https://eu.mi.graduway.com/Scripts/bunches/jquery.min.js?v=179234644000:4:2897)
at HTMLDocument.S (https://eu.mi.graduway.com/Scripts/bunches/jquery.min.js?v=179234644000:4:550)
base.min.js?v=179234638000:11 logon boot is ready!
base.min.js?v=179234638000:11 Running window message received from origin ‘https://sussexconnect.org’ which was in the accepted list. If this was not expected, this might be an XSS attack.

jeff · March 17, 2020, 5:12pm

Hi Aviv,

This certainly looks like the same issue. In previous versions of the .NET Framework the value of ‘None’ was not valid and used to emit nothing. With the change you get ‘Lax’ by default which is contributing to this problem. Please do upgrade to the latest version of Dundas BI and then also apply the following fixes.

KB4531182
KB4524421

I’m also going to reach out to support for you and make sure they are treating this as priority and will be in touch offline to add any additional detail they can provide.

aviv · March 18, 2020, 8:51am

Hi Jeff,
I updated my instance to 6.0.3.1011, I can’t update to version 7 because all of my dashboard will be invalid because of the scripts.
I didn’t install those fixes you asked me, I download them and then got a message it’s not possible to install them.

My clients still have problems and 440 error when they are trying to enter…I have written to support.
Why this is happening to some clients and not to all of them? why I can view the dashboard?

Thanks,

jeff · March 18, 2020, 1:22pm

Hi Aviv - i’m not personally in touch with this issue enough to guess why some of your clients are not experiencing this. You should able to get an answer from our development team through support who has been tracking this.