Static Content is not displayed when using Safari


#1

Hello there!

! READ UPDATES AFTER THE POST !
! PROBLEM SOLVED / CONFIGURATION ERROR ON OUR END !

I’ve got a weird problem with a Wordpress site.
When using Safari (V11.1.2 - but also tested with a couple of MacOS/Safari Versions) it seems the site loads indefinitely (till the timeout hits). While the site “loads” I can see a load spike originating from Safari on my local machine. The server logs don’t give me a single clue whats going on and neither is the wordpress debug log helpful in any way.
When using Chrome/Chromium/FF the site loads instandly. The problem does not occur with Safari when querying the webserver directly or when bypassing the Cloudflare cache!
Furthermore (when I remember correctly!!) the site loads with Safari when not using SSL.

I setup another Domain with a vanilla wordpress blog and the behaviour is exactly the same - so its not limited to a single site. I can’t tell if this is a bug recently introduced. A client told us about this approximately three weeks ago - Wordpress 4.9.8 was released early august - so there could be a correlation. I did not test and older version since I haven’t thought of that before.

Right now the sites are set up using Strict SSL Settings/Security Level Medium and the sites are equipped with LE Certificates on the serverside. Most CF settings are standard/Minimum TLS is 1.0.
I changed settings and googled for the better half of my day without any real success… only bypassing the cache does make a difference…

The test site is https://netzgaenger.de and a simple script querying lipsum.com is located at /test.php (which works fine in Safari).

If anybody could shove me in the right direction, I would be really glad :slight_smile:

Thx in advance!
dennis

UPDATE 1
The problem is not related to Wordpress. Static content is generally not displayed in Safari. For test purposes the domain given domain only serves two files right now - test.php and random.png. The second one is not displayed in Safari, but in any other Browser tested.

UPDATE 2
Simple config error related to apaches http2_module on our end caused invalid http headers which bothers only Safari… doh!


#2

Well. That’s strange. I can see DNS requests sent to Apple but no request in my proxy logs. :thinking: Using Safari mobile I have no option to reload the page. It just appears to be s new tab. Something I cannot imagine but it seem like Apple doesn’t like you. :frowning:

Seriously I have no idea at the moment.
@matteo any clue? Maybe?


#3

I don’t like them either… should still work though… :wink:

In lack of any other ideas I will try my luck with a downgraded versions. Still feels like voodoo to me, but I’ve seen plenty of that in the past.


#4

For starters I’d open the developer tools and check what’s going on while loading the page.


#5

Seen the mention only now. Will take a look in a bit!


#6

Thanks a lot!

I gave it a shot with Safaris debugging tools (which I never use) - It seems that no static ressource can be loaded with Safari?!

While /random.png, /wp-content/themes/twentyseventeen/assets/js/skip-link-focus-fix.js and /wp-content/themes/twentyseventeen/style.css for example load just fine in any browser, they won’t load in Safari.
So it’s not a problem with WP - however… I’am still clueless :frowning:


#7

When you say it cant load them, what exactly do you mean? Can you post a screenshot of that failed request from the developer tools?


#8

Tried looking into it, from Safari doesn’t load for me as well. Gives error NSPOSIXErrorDomain:100.

Looking at the headers the only thing I can think of is the link header, which only for the problematic path says:

link: <https://netzgaenger.de/wp-json/>; rel="https://api.w.org/"

Could you possibly try to remove that? It should fail like that, but you never know what he believes that means.


#9

Hi!

Thanks for the effort. Since no static ressouce is loading via CF/Safari I removed everything but the random.png and test.php.
While test.php loads fine - random.png does not in Safari.

Thats probably not the part you wanted to see, but I’am happy to screenshot anything you want :wink:


#10

Right now the entire site is down, but from your screenshot it would seem as if the browser cant download these files at all. Not even an error code is returned. :confused:


#11

check your HTTP headers in your configuration https://blog.christopherburg.com/2017/10/18/safari-11-multiline-http-headers-and-nsposixerrordomain100/

The moral of the story is if Safari 11 throws an NSPOSIXErrorDomain:100 error, check your HTTP headers to ensure they don’t contain multiline values.


#12

Sorry - see comment above!


#13

Though, considering it goes via Cloudflare and Cloudflare does a bit of rewriting, I’d assume Cloudflare would sanitise/normalise such headers :confused:


#14

For random.png I get these headers. Nothing out of the ordinary, its even a cache hit.

HTTP/2.0 200 OK
date: Tue, 18 Sep 2018 09:01:34 GMT
content-type: image/png
content-length: 246607
last-modified: Tue, 18 Sep 2018 07:39:42 GMT
etag: "3c34f-5762064971363"
cf-cache-status: HIT
expires: Tue, 18 Sep 2018 13:01:34 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
server: cloudflare
X-Firefox-Spdy: h2

#15

Fails (and gives a better error) also via curl:

curl -I https://netzgaenger.de/
HTTP/2 404 
date: Tue, 18 Sep 2018 09:03:55 GMT
content-type: text/html; charset=iso-8859-1
set-cookie: __cfduid=d30c5058ed96377e1746af1a04920bc0b1537261435; expires=Wed, 18-Sep-19 09:03:55 GMT; path=/; domain=.netzgaenger.de; HttpOnly; Secure
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 45c2a462af384352-MXP

curl -I https://netzgaenger.de/random.png
curl: (92) HTTP/2 stream 1 was not closed cleanly: PROTOCOL_ERROR (err 1)

Apparently it’s Chrome here at fault, they ignore a RFC rule doing a quick search. No idea how to fix it at the moment though.


#16

wget works though

Dont forget, the TCP connection is towards Cloudflare and not the origin. Could you try with HTTP 1.1? Maybe something 2.0 related?


#17

HTTP 1.1 works, actually… maybe wget ignores that rule as well.

curl -I --http1.1 https://netzgaenger.de/random.png
HTTP/1.1 200 OK
Date: Tue, 18 Sep 2018 09:10:31 GMT
Content-Type: image/png
Content-Length: 246607
Connection: keep-alive
Set-Cookie: __cfduid=d9da56eeef06deb249582f4c96b82c16d1537261831; expires=Wed, 18-Sep-19 09:10:31 GMT; path=/; domain=.netzgaenger.de; HttpOnly; Secure
Upgrade: http:/1.1
Last-Modified: Tue, 18 Sep 2018 07:39:42 GMT
ETag: "3c34f-5762064971363"
CF-Cache-Status: HIT
Expires: Tue, 18 Sep 2018 13:10:31 GMT
Cache-Control: public, max-age=14400
Accept-Ranges: bytes
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Server: cloudflare
CF-RAY: 45c2ae0c9da7be11-MXP

#18

wget seems to use HTTP 1.1, I just tried it with curl, using 2.0 and it failed. 1.1 worked

curl --http1.1 -I https://netzgaenger.de/random.png
HTTP/1.1 200 OK
Date: Tue, 18 Sep 2018 09:12:27 GMT
Content-Type: image/png
Content-Length: 246607
Connection: keep-alive
Set-Cookie: __cfduid=d17bc6353aa77b53677d8bf23f03da4531537261947; expires=Wed, 18-Sep-19 09:12:27 GMT; path=/; domain=.netzgaenger.de; HttpOnly; Secure
Upgrade: http:/1.1
Last-Modified: Tue, 18 Sep 2018 07:39:42 GMT
ETag: "3c34f-5762064971363"
CF-Cache-Status: HIT
Expires: Tue, 18 Sep 2018 13:12:27 GMT
Cache-Control: public, max-age=14400
Accept-Ranges: bytes
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Server: cloudflare
CF-RAY: 45c2b0e0d95d69ac-CDG

At this point I’d point towards HTTP 2.0


#19

Yep, but Cloudflare’s h2 implementation works for my website and every other on the planet, maybe something between them and the origin. Probably contacting support is the best bet?


#20

Yes, at this point this is probably the best course of action. :+1: