4

When I type URL into chromium URL bar, ie http://10.10.10.3:80 and the server is currently unreachable, when I wand chromium to stop trying to load, and I press the "stop loading this page" button, the URL disappears. This is evil!

Lets say, I have the port wrong, so I want to try again with another port. I have to type the whole URL again.

When I press the "stop loading this page" button, the URL should stay there as I typed it, so that I can correct it.

Instead, it is replaced by the "last successful URL" that was there before.

is there a way to fix this evil feature?

Martin Vegter
  • 40

3 Answers3

2

This is not possible because of how the web traffic works, each request have/need a resulting status and can not be stateless this is why chromium remove the address you were trying to connect to (other than the security aspect of such thing).

When you request a connection to a domain/ip, the result can be for instance: 200 (OK page load), 404 (not found), 408 (timeout) etc. when you cancel your request before reaching a state, it's obvious that the browser does not display any result/url because of the cancel action and there is no HTTP state XXX code that is meant for "cancelled request" (list of http requests).

Impossible is nothing, three possible ways of resolving this issue:

  • Create an extension for the matter
  • Patch to chromium to add an xxx state (non RFC) for cancelled requests (note that chromium require a very long time to build)
  • Decrease the default timeout (408), this is not possible on chromium without patching it, it is discussed here and here as well.
    • Acknowledge that this may introduce other non desired effect like timing-out slow sites.
    • Also note that this is doable on Firefox with network.http.connection-timeout setting.
intika
  • 1,383
1

This behavior is by design and a few years ago the developers of all browsers made a big effort to make it impossible to have a page displayed with the wrong URL. This was actually possible before, until this technique started being used by malware.

The behavior you are asking for is a security hole. If it was possible to display a page with the wrong URL, an attacker could display the URL of your bank together with his own page, this way getting you to type in your account number and password, then emptying all your accounts. This did actually happen, until this loophole was closed.

Showing a wrong URL is only possible on the new-tab page, where it happens automatically. The reason it works here is that there is no real page being displayed, so there is no security reason not to display the entered (wrong) URL.

This behavior is not particular to Chromium. Every browser I have encountered does exactly the same, as this is the secure thing to do.

In addition, browser developers even made it impossible for a thrown dialog to obscure the address bar, since this technique was immediately used by attackers when it became impossible to modify the URL itself, to mimic a false address bar.

The only solution I can offer is to copy a long typed URL before hitting Enter, and this is what I already do. You should get into the habit of doing CtrlA and CtrlC before, just in case.

Here is how an attacker can use the option you ask for to get your bank login:

  • The attacker's add-on or JavaScript script throws up his own website attacker.com/exploit which looks exactly like your bank, except that the address bar gives it away.
  • The attacker would like to have your bank's URL or something very similar in the address bar, but can't, since all APIs that do so were carefully weeded out by the developers.
  • The attacker then invokes a website with a URL that is very similar, or that whose name is displayed exactly the same (Unicode tricks), as your bank's URL.
  • This website does not exist, but the wrong URL will stay in the address bar. Together with the displayed page, this would look like you are really in your bank's site.
  • You do the login, and a few seconds later, all your bank accounts have been emptied out. Bye bye all your savings. The bank rightfully claims that this is your fault and returns nothing.
harrymc
  • 498,455
1

Good Practice

There is a simple way to avoid the annoiance,
as simple as to press Ctrl T or Ctrl N:
open a new tab or a new window and to write there the new URL.

In case of a manually interruption there is no preloaded page and the URL will be not deleted from the bar.

Fix

If you want to fix it, you may have to manually patch the source code and recompile it, for each update.

You may find useful to download the source code, write a fork and apply the differences to each of the following updated version. But remember that the present behavior is made to avoid attempts of scam... so the best practice above.

Final remarks (Tl;dr)

I know it often ends up being easier to change our behavior than to find the right program setting... and it should not be so...

The fact is that, this time, there is a serious reason that suggests that we change our behavior and that it can be considered good practice.

In this case the suggestion is not to find a way to change the behavior of the program, no matters how, but to change (by pressing only two keys) our behavior in order to avoid potential risks.

Hastur
  • 19,483
  • 9
  • 55
  • 99