Page MenuHomePhabricator

Uncaught SyntaxError: Unexpected identifier < (checkLoggedIn script)
Closed, DeclinedPublic

Description

Errors occur originating from the file_uri https://login.wikimedia.org/wiki/Special:CentralAutoLogin/checkLoggedIn?type=script&wikiid=commonswiki&proto=https . Usually these appear as "Script Error" but occassionaly as a "SyntaxError"

I'm not sure of the cause without understanding how CentralAutoLogin works but it seems to impact users using the desktop site on Chrome OSX or Windows based browsers.

https://logstash.wikimedia.org/app/kibana#/doc/logstash-*/logstash-2020.09.14/clienterror/?id=AXSN0aaHc14jQX20Aw0H

Event Timeline

Jdlrobson renamed this task from Uncaught SyntaxError: Unexpected identifier - CentralAuthLogin throwing SyntaxError on Wikimedia Commons to Errors in checkLoggedIn script.Dec 8 2020, 4:09 PM
Jdlrobson updated the task description. (Show Details)
Jdlrobson updated the task description. (Show Details)

All the script in question does is update the personal toolbar so it looks like you are logged in. (You are, in fact, logged in at that point, but the page was rendered earlier; so this is a hack to avoid reloading the page after an AJAX-based login.) Script errors are inconsequential; at worst the user toolbar will look weird, or will not look logged-in until you reload the page.

So, I don't think this is related to login failures.

"Script error" is because the origin of the script is different and most modern browsers hide error details in such cases to prevent fingerprinting from non-script pages.

If some of the errors for some reason don't do that (older browser?), they might give a clue to what the problem is.

https://logstash.wikimedia.org/app/kibana#/doc/logstash-*/logstash-2020.09.14/clienterror/?id=AXSN0aaHc14jQX20Aw0H

Are we not logging line / column numbers? Unlike ResourceLoader-loaded scripts, this is static output so it would be quite useful here.

Krinkle subscribed.

The script served from here seems pretty trivial and consistent:

All the hits seem to be from Chrome OS, e.g.:

Mozilla/5.0 (X11; CrOS x86_64 ##) AppleWebKit/## (KHTML, like Gecko) Chrome/85.## Safari/##

The checkLoggedIn endpoint always responds with the same content, which clearly doesn't contain a SyntaxError, so not sure what's up with that. Not sure how it could be anything other than a broken client. Unless someone with Chrome OS can reproduce it? The volume is pretty low in any case, especially considering we're live on enwiki and these are not cached (always have a file URL).

A common cause for static content endpoints returning syntax errors, in my experience, has been because of 50x http errors returning html error pages for a short period and the code including the javascript not being able to handle that. Not sure if that is an issue you already ruled out here, so wanted to share.

Yes I am pretty sure these are due to HTML error pages being treated as JS. I have witnessed this happen on one occasion. (Not on login)

Krinkle closed this task as Declined.EditedJul 29 2022, 1:52 AM

In general, browsers do not execute JavaScript if the response to a script request does not have a javascript content-type, such as HTTP 500 error messages. I've confirmed this in Firefox, Safari and Chrome locally.

Screenshot 2022-07-28 at 18.42.49.png (1×2 px, 180 KB)
Screenshot 2022-07-28 at 18.43.46.png (1×2 px, 232 KB)
Screenshot 2022-07-28 at 18.41.26.png (1×2 px, 181 KB)

There would be a SyntaxError reported in the console if the browser even considered parsing or executing these responses.

I imagine this kind of SyntaxError would be more commonly reported if browsers did this anytime an asset request failed in an HTTP 500. While this is fortunately not common in production, we have had a number of isolated incidents in recent years and given the instrumentation is unsampled and on all Wikipedias, this would statitically have to have been logged by now.

In any event, SyntaxErrors due to HTML responses under error scenarios are not something I think requires any action or further improvement.

  • Each script runs as its own task with its own call stack. This means it is not affecting other features or web requests.
  • The reporting happens regardless of whether the error is already handled by the UI.
  • Our UI and internal loading logic is able to, and generally does, handle this when appropiate. E.g. propagate error state, or acknowledge and display an error, or go into a recovery/fallback.
  • If there is an outage or intermittent issue preventing the script from being delived, then that state is essentially final. Unless the task is about the cause of the HTTP 500 response itself, there isn't anything we need to do about the cascading reports of the (invisible, and generally gracefully degrading) script failures from such error reponse.
Krinkle renamed this task from Errors in checkLoggedIn script to Uncaught SyntaxError: Unexpected identifier < (checkLoggedIn script).Jul 29 2022, 1:53 AM