[英]Intermittent ERR_SSL_PROTOCOL_ERROR error for cross domain request
The users of my website are seeing intermittent ERR_SSL_PROTOCOL_ERROR
when making cross domain requests to api.flickr.com
我网站的用户在向
ERR_SSL_PROTOCOL_ERROR
发出跨域请求时看到间歇性的api.flickr.com
By intermittent I mean that I've seen this happen 4 times out of ~1200 requests to the api yesterday.我所说的间歇性是指昨天在 api 的约 1200 个请求中我已经看到这种情况发生了 4 次。
Failed to load resource: net::ERR_SSL_PROTOCOL_ERROR https://api.flickr.com/services/rest/?method=flickr.photos.getInfo&api_key=.....
My site is and AngularJS application running on Google App Engine and is exclusivley avalable on HTTPS.我的站点是运行在 Google App Engine 上的 AngularJS 应用程序,并且在 HTTPS 上是独家可用的。
sslchecker shows that my site's certificate & certificate chain is installed correctly. sslchecker 显示我站点的证书和证书链已正确安装。 Well, I think it looks ok!
嗯,我觉得还行!
sslchecker for api.flickr.com
shows that ROOT 1
of the certificate chain is missing. api.flickr.com 的
api.flickr.com
显示证书链的ROOT 1
丢失。 Is that the problem?那是问题所在吗? Is there any way around that for me?
我有什么办法吗?
Any other ideas?还有其他想法吗? Is the problem that our certificates are issues by different authorities maybe?
我们的证书可能是由不同机构颁发的问题吗?
Edit - Some other possibly relevant info gleaned from google analytics编辑 -从谷歌分析中收集的一些其他可能相关的信息
Persistent SSL Protocol Errors may be caused by problems like持久性SSL 协议错误可能是由以下问题引起的
the destination server expects a different protocol (eg SSLv1, SSLv2, SSLv3)目标服务器需要不同的协议(例如 SSLv1、SSLv2、SSLv3)
a violation of a security policy (eg some servers don't honor certificate requests made from client)违反安全策略(例如,某些服务器不接受来自客户端的证书请求)
Firewall impedance filtering / ciphering防火墙阻抗过滤/加密
Intermittent SSL Protocol Errors are very hard to diagnose.间歇性SSL 协议错误很难诊断。 They can be the result of expired session, expired key, connectivity hiccup, lost packets, etc
它们可能是会话过期、密钥过期、连接中断、数据包丢失等的结果
Even worse, they can be caused by Server Side issues like date-time sync, server connection pool full, etc.更糟糕的是,它们可能是由服务器端问题引起的,例如日期时间同步、服务器连接池已满等。
Best practice is to re-send the request: because such issues are often a temporary glitch, and usually succeed at 2nd attempt.最佳做法是重新发送请求:因为此类问题通常是暂时性故障,通常会在第二次尝试时成功。
Flickr switched their API to SSL-only on June 27th, 2014 (a little under a year). Flickr于2014年6 月 27 日(不到一年)将他们的 API 切换为仅 SSL。 Their Forum has blown up with SSL related problems since then.
从那时起,他们的论坛就因与 SSL 相关的问题而炸毁。
In the past few months many users have reported ( check thread ) sporadic SSL Protocol Errors .在过去的几个月中,许多用户报告( 检查线程)零星的SSL 协议错误。
These Protocol Errors appear across all device types ( laptops, desktops, mobile, Linux, Windows , etc) and usually an immediate re-try is successful.这些协议错误出现在所有设备类型(笔记本电脑、台式机、移动设备、Linux、Windows等)中,通常立即重试即可成功。 The commonality and highly infrequent nature of these problems indicates there is some issue on the host side completely unrelated to anything on the client.
这些问题的共性和非常罕见的性质表明主机端存在一些与客户端上的任何事情完全无关的问题。
Since a re-fresh or 2nd attempt is usually successful, I suggest trapping the error, and making 1-3 more attempts:由于重新尝试或第二次尝试通常会成功,我建议捕获错误,然后再尝试 1-3 次:
var promise = flickrService.get(...);
promise.success(function (data, status, headers, config) {
// Big Party
})
.error(function(data, status, headers, config) {
if (status == 107) {
promise = flickrService.get(...);
promise.success(function (data, status, headers, config) {
// Big Party
})
.error(function (data, status, headers, config) {
AlertService.RaiseErrorAlert("Flickr temporarily unavailable.Please try again later");
});
}
});
If you continue to get a "Protocol Error" , then inform the user that Flickr is temporarily unavailable and to try again later.如果您继续收到“协议错误” ,则通知用户 Flickr 暂时不可用并稍后重试。
if you run into this error and you are testing localhost endpoint just make sure you use http
instead of https
as your url.如果遇到此错误并且正在测试本地主机端点,请确保使用
http
而不是https
作为 url。
eg: http://localhost:8080/
not https://localhost:8080/
例如:
http://localhost:8080/
不是https://localhost:8080/
This might be the answer, but i'm guessing that this is probably not a client issue, so i would suggest you to update your api's server with that line added in the header :这可能是答案,但我猜这可能不是客户端问题,所以我建议你更新你的 api 的服务器,并在标题中添加该行:
Access-Control-Allow-Origin: https://api.flickr.com/*
This should fix the troubles some of your users are facing.这应该可以解决您的一些用户面临的问题。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.