Hello, I’ve posted something similar in the past but I have some updated information to see if anyone can help me. My company uses the Global Protect vpn and when people are using the vpn, websites on google chrome refuse to load whereas other browsers work perfectly fine. I am finally affected by this so it’s a lot easier for me to look into it now.
I’ve noticed looking in the developer tools that I get an error that says “The Cross-Origin-Opener-Policy header has been ignored, because the URL’s origin was untrustworthy. It was defined either in the final response or a chrome-error://chromewebdata/:1 redirect. Please deliver the response using the HTTPS protocol. You can also use the ‘local host’ origin as instead.”
When going to google.com it doesn’t load and it i click the lock by the url i get that this site isn’t secure even though it’s using https.
Does anybody know what could be the cause and how to fix this?
It being specific to chrome, have you tried disabling QUIC? chrome://flags/#enable-quic
If that’s not it, it’s likely a question for your company IT to answer tbh.
Also can’t do decryption via quic. So, disable and move on.
Welcome to nazi america.
Wonder if comment will get flagged/deleted… lol
Quic is actually recommended by Palo to be Denied. It is actually a experimental protocol that is not in full release state yet and causes issues:
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClarCAC
Friends don’t let friends do QUIC.
Disable quic as others have responded. Are all sites affected or just some websites wont load. There is also cert-pinning to be aware of for google specific sites when using chrome. I.e, I used to use a google search as my main connectivity check from chrome, and it was a bad idea because of the cert-pinning issue. Have them try cnn.com. Not my choice of news, but has 100s of dependencies on their own webservers, CDNs, advertisers, etc to view, so if it works, you know you have good connectivity, the firewall is working, and you are not going to have a high risk of decryption errors.