Cloudflare system generated api.js long JS execution time issue afterthe recent Google Chrome Update to v.85

jonathanr · September 9, 2020, 3:13am

Hi All,

I am monitoring sites performances of our company using webpagetest.org but an issue occured with the implementation of new the new chrome version last month.

Before the implementation of the new version of chrome, most of the sites I’ve been monitoring are under the 3 seconds mark. (See sample images below).
But after the update of on Aug. 25, the page loads 2 times slower than before.

Before (WPT test result on Aug. 24):
Version84-2

After (WPT test result on Aug. 25):

You will notice that the API.JS takes a lot of time to execute and to trigger the next resouces.

By the way, our company is an Enterprise level and we have Bot Management enable.

Tried solution:
I have tried to whitelist the public IP address of webpagetest but the result is still the same.

I would like to ask your thoughts regarding my issue. Or if you have any ideas on how will I approach the issue is much appreciated.

Thank you.

user3011 · September 9, 2020, 3:58am

It is related to BOT FIGHT MODE and JavaScript Detections (people who are using worker will see this). Cloudflare claim it is light weight javascript but executing time of this javascript is more than 3 second on desktop and 4+ second on mobile device causing website to run pretty slow.

you can disable it in Firewall->Settings

jonathanr · September 9, 2020, 4:47am

Hi user3011,

Actually even before the chrome update on Aug. 25, api.js were already on our sites. but with a minimal execution time of around 200ms across all sites.

Thanks

user3011 · September 9, 2020, 4:52am

https://github.com/antoinevastel/picasso-like-canvas-fingerprinting this library needs an update.

user3011 · September 9, 2020, 5:24am

Chrome has also released a new version with a possible fix for this issue.

High CVE-2020-6576: Use after free in offscreen canvas. Reported by Looben Yang on 2020-07-31

jonathanr · September 9, 2020, 8:25am

thanks for your answers user3011,

Hopefully with the new version released by chrome could address the issue but as I run the test now, somehow api.js still behaves the same as before.

also with regards to the picasso-like-canvas-fingerprinting library that bot management uses from cloudflare, I don’t know how will they address that.

user3011 · September 9, 2020, 4:41pm

It will take sometime for webpagetest to update chrome version. I tested with Chicago server today and problem seems to be fixed now.

jonathanr · September 16, 2020, 2:44am

Somehow it still didn’t fix the issue. I guess this has something to do with cloudflare itself with this library: https://github.com/antoinevastel/picasso-like-canvas-fingerprinting.

user3011 · September 16, 2020, 2:56am

Yep, mine not fixed as well.

system · October 9, 2020, 3:13am

This topic was automatically closed after 30 days. New replies are no longer allowed.