Chrome repeatedly blocks people from posting to this forum

[Paddy Landau]

Back in March 2017, Google added a new feature to Chrome to prevent XSS attacks. Unfortunately, it wasn't well tested, and it caused havoc with vBulletin forums.

Specifically, if your post or PM has a reference to another thread in the same forum, when you "Preview Post" or "Preview Message", Chrome raises the entirely misleading and highly frustrating error:

This page isn’t working
Chrome detected unusual code on this page and blocked it to protect your personal information (for example, passwords, phone numbers and credit cards).

(I got the same error when trying to post this message because of the link below.)

As you probably know, Google is highly unresponsive to bug reports, and has marked the bug report on its own site as "won't fix".

The solution (which is really a workaround) is:

Please add this HTTP Header Field: x-xss-protection: 0
Details: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection

I raised this back then, and reported a bug as requested, but it's over a year later and this problem still hits. It gives a bad impression to Chrome users, who think that the fault lies with Ubuntu Forums and not Google.

Could this issue be raised a level, please?

[Paddy Landau]

I wonder if this could be looked at, please? It's been a while now, and it still causes problems. (In fact, submitting this thread gave the problem.)

Information:

• Original Ubuntu Forums thread
• Bug report ticket to Canonical, unanswered
• Bug report 706038
• Bug report 702542

Summary:

• Trying to preview your post when it contains a link back to its own forum causes Chrome to throw a security error.
• The solution is for the website (in this case Ubuntu Forums) to add this header:
  x-xss-protection: 0

Thank you