🔧Troubleshooting HTTP

Check MDN docs for more details.

Detection

It can be detected on NGINX logs, which follows this format:

bash
$remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent  "$http_referer" "$http_user_agent"

where $status is the HTTP status code and is not between 200 and 399.

It can also be detected by opening the inspector tool in your browser by pushing the F12 key and checking the Network tab.

inspector-tools

Investigations & mitigations

On nginx you are searching for server failures, while on the inspector of the browser, you are searching for client failures.

Network failures can causes issues to the Client without the server being aware of it.

Here's a common list of issues that can be seen in the Network tab:

HTTP errors (server is reachable, but answers with an error):

  • 404: Page not found

    • Either the page is really not there.

    • OR, the reverse proxy/ingress controller doesn't have any route for that page.

    • Mitigation: check the URL used by the client, and check the Ingress rule in the Helm Charts

  • 401: Unauthorized

    • The user is not authenticated.

  • 403: Forbidden

    • The user doesn't have access to the page.

  • 500: Internal Server Error

    • The server has a problem. It "may" be worth reporting this to Toucan.

    • Usually this means there are logs in the server associated with the error.

    • Mitigation: fetch the logs from the server and send a ticket to Toucan Toco.

  • 503: Service Unavailable

    • The server is down.

    • Mitigation: check the health of the server.

  • 504: Gateway Timeout

    • The server is receiving the request, but it's taking too long to process it.

    • Mitigation: check the resources of the server and ingress controller.

  • 502: Bad Gateway

    • The reverse proxy/ingress controller is not configured correctly.

    • Mitigation: check the Ingress rule in the Helm Charts.

Network failures (server is not reachable):

  • net::ERR_FAILED

    • General network failure. Maybe the client doesn't have any connectivity.

    • Mitigation: disable every proxy, VPN and try on LTE/4G.

  • net::ERR_INTERNET_DISCONNECTED

    • Network connection is down. The client doesn't have any connectivity.

  • net::ERR_NAME_NOT_RESOLVED

    • The client can't resolve the hostname. This is usually a DNS issue.

    • If the client has a local network that is still alive, but the gateway is down, this error can be seen.

    • Mitigation: check the DNS configuration, check if the client is able to reach the DNS.

  • net::ERR_CONNECTION_REFUSED

    • The client is reaching the server, but the reverse proxy/ingress controller has its port closed.

    • Mitigation: check the ingress controller configuration.

  • net::ERR_CONNECTION_TIMED_OUT

    • The client is reaching the server, but the reverse proxy/ingress controller is not responding.

    • Mitigation: disable every proxy, VPN and try on LTE/4G.

  • net::ERR_CONNECTION_RESET

    • The client has been disconnected from the server or an intermediary.

    • Mitigation: disable every proxy, VPN and try on LTE/4G.

Protocol failures (server is reachable, but the browser forbids the user to access it):

  • net::ERR_BLOCKED_BY_CLIENT

    • The user is probably using an ad blocker.

    • Mitigation: disable the ad blocker.

  • net::ERR_CERT_AUTHORITY_INVALID

    • The server is using a certificate that cannot be verified by the browser.

    • It's usually the server's fault.

    • Mitigation: report the error to the server owner to fix the certificate.

  • net::ERR_SSL_PROTOCOL_ERROR

    • The server is probably not using TLS.

    • It's usually the server's fault.

    • Mitigation: report the error to the server owner to enable TLS.

  • net::ERR_BLOCKED_BY_RESPONSE

    • Resource blocked by the client due to invalid HTTP response headers.

    • It's usually the server's fault.

    • Mitigation: see below.

  • net::ERR_EMPTY_RESPONSE

    • The server is sending an empty response.

  • net::ERR_TOO_MANY_REDIRECTS

    • The server has a page that causes too many redirections to the client.

    • It's usually the server's fault.

net::ERR_BLOCKED_BY_RESPONSE mitigations

Check the Console tab of the browser to find out the error message.

These error messages can appear:

  • Access to fetch at '...' from origin '...' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

    • The response is missing CORS headers.

    • Mitigation: make sure the preflight has ben sent with success and send a ticket to Toucan Toco with the error message, request headers and response headers.

  • The value of the 'Access-Control-Allow-Credentials' header in the response is '' which must be 'true' when the request's credentials mode is 'include'.

    • Mitigation: make sure the preflight has ben sent with success and send a ticket to Toucan Toco with the error message, request headers and response headers.

  • Request header field 'X-Custom-Header' is not allowed by Access-Control-Allow-Headers in preflight response.

    • Mitigation: make sure the preflight has ben sent with success and send a ticket to Toucan Toco with the error message, request headers and response headers.

  • Preflight response is not successful

    • Mitigation: send a ticket to Toucan Toco with the error message, request headers and response headers.

  • Refused to load the script/style/image/font/... because it violates the following Content Security Policy directive: "..."

    • Mitigation: send a ticket to Toucan Toco.

CORS errors can happen when the server is failing, meaning it might not be the root cause of the failure. It's important to check the status code of the preflight request to see if it's a 200 OK.

Last updated

Was this helpful?