CORS Error for (some) Firefox Users

[fwebdev]

We are Logging Frontend Errors in the Browser an we always have these PNBadRequestCategory in our logs. Several thousand Times a Day. All from Firefox Users.

Object { error: true, category: "PNBadRequestCategory", operation: "PNSubscribeOperation", statusCode: 0, errorData: TypeError } ​category: "PNBadRequestCategory" error: true errorData: TypeError: NetworkError when attempting to fetch resource. columnNumber: 1 fileName: "" lineNumber: 0 message: "NetworkError when attempting to fetch resource." stack: "" <prototype>: TypeError.prototype { stack: "", … } operation: "PNSubscribeOperation" ​statusCode: 0

We also get this Error in the DevConsole
CORS Error (Cross-Origin): https://ps20.pndsn.com/v2/subscribe/sub-c-c356f98c-4451-xxx/0?heartbeat=300&tt=17368668493230380&tr=41&uuid=xxx&requestid=bc93eed9-bac6-49ce-a60b-d8972518cee6&pnsdk=PubNub-JS-Web%2F8.3.2.

It is not a general Problem for all Firefox Users. All other Browsers are also fine.
We can reproduce the Error when we are in our VPN behind the Firewall. After one Minute or so this Error pops up in the DevConsole.
This MIGHT be something with our Firewall unpackaging the HTTPS Request to do some DPI. It will repackage the Request with a self signed Certificate. This seems to cause trouble in Firefox according to this Stackoverflow: https://stackoverflow.com/questions/24371734/firefox-cross-origin-request-blocked-despite-headers

The Request Header look fine. Its the same Header as for the successfull Responses (without the Firewall).

GET /v2/subscribe/sub-c-c356f98c-4451-xxx/0?heartbeat=300&tt=17368668493230380&tr=41&uuid=xxx&requestid=be780f25-1a04-4058-b48a-6eab099adf1c&pnsdk=PubNub-JS-Web%2F8.3.2 HTTP/1.1
Host: ps20.pndsn.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:133.0) Gecko/20100101 Firefox/133.0
Accept: text/javascript
Accept-Language: de,en-US;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate, br, zstd
Referer: https://www.parship.de/
Origin: https://www.parship.de
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Connection: keep-alive
Priority: u=4
Cache-Control: max-age=0

(I shortend some entries with xxx for this Issue)

Is there anything that we can do to help our Firefox Customers that are apperently also behind a Firewall, or somehow get this CORS Error?

[parfeon]

Thank you for reaching out to us.

I've checked the thread, and it is not issue with PubNub service certificate, which you can check through the request to the mentioned subscribe call (issued for *.pndsn.com).

Also double-checked that the service doesn't have any issues with preflight (OPTIONS) requests and response contains CORS headers.

If a browser reports CORS issues, it means that the server didn't return Access-Control-Allow-Origin: with the same origin which has been used to make request. To be less restrictive, server basically echo Origin header value back.
Where it could happen:

1. Some tracker blocker extensions may try to modify the request and remove Origin.
2. Some services enlisted *.pndsn.com as dangerous and browser / firewall just block request - it happened few times before and in this case, we would need to know services which used to get blacklists to check and fix if required.
3. Firewall override more than expected and strip out the Origin field or override it with other value.
4. Some VPN also may do some unexpected manipulations.

subscribe request in question malformed (not about subscribe key) and doesn't contain channels or channel groups (path is invalid).
If it is possible to reproduce in dev console would it be possible to store on Firewall logs what it receives from PubNub service and if possible, intercept what arrives to the browser (browser itself may not show request properly)?

[fwebdev]

OK, thanks for checking that it is really most likely on the Clientside.