Cloudflare system generated api.js long JS execution time issue afterthe recent Google Chrome Update to v.85

Performance
#1

Hi All,

I am monitoring sites performances of our company using webpagetest.org but an issue occured with the implementation of new the new chrome version last month.

Before the implementation of the new version of chrome, most of the sites I’ve been monitoring are under the 3 seconds mark. (See sample images below).
But after the update of on Aug. 25, the page loads 2 times slower than before.

Before (WPT test result on Aug. 24):
Version84-2

After (WPT test result on Aug. 25):

Version85-2
Version85-21064×813 114 KB

You will notice that the API.JS takes a lot of time to execute and to trigger the next resouces.

By the way, our company is an Enterprise level and we have Bot Management enable.

Tried solution:
I have tried to whitelist the public IP address of webpagetest but the result is still the same.

I would like to ask your thoughts regarding my issue. Or if you have any ideas on how will I approach the issue is much appreciated.

Thank you.

#2

It is related to BOT FIGHT MODE and JavaScript Detections (people who are using worker will see this). Cloudflare claim it is light weight javascript but executing time of this javascript is more than 3 second on desktop and 4+ second on mobile device causing website to run pretty slow.

you can disable it in Firewall->Settings

#3

Hi user3011,

Actually even before the chrome update on Aug. 25, api.js were already on our sites. but with a minimal execution time of around 200ms across all sites.

Thanks

#4

https://github.com/antoinevastel/picasso-like-canvas-fingerprinting this library needs an update.

1 Like
#5

Chrome has also released a new version with a possible fix for this issue.

High CVE-2020-6576: Use after free in offscreen canvas. Reported by Looben Yang on 2020-07-31

1 Like
#6

thanks for your answers user3011,

Hopefully with the new version released by chrome could address the issue but as I run the test now, somehow api.js still behaves the same as before.

also with regards to the picasso-like-canvas-fingerprinting library that bot management uses from cloudflare, I don’t know how will they address that.

#7

It will take sometime for webpagetest to update chrome version. I tested with Chicago server today and problem seems to be fixed now.

#8

Somehow it still didn’t fix the issue. I guess this has something to do with cloudflare itself with this library: https://github.com/antoinevastel/picasso-like-canvas-fingerprinting.

#9

Yep, mine not fixed as well.