Cross-Origin Read Blocking warning on Landing Page

Description description

Marketo Landing Page works correctly (forms submitting & Munchkin code tracking), but a “Cross-Origin Read Blocking (CORB)” issue is showing up in the Dev Console in Google Chrome

Resolution resolution

Note :- Chrome browser should be updated to the newest version .

In most instances, the restricted response is unlikely to impact the functionality of the web page, and the CORB error message can be safely disregarded. For instance, the warning might appear in scenarios where the blocked response’s body was already empty, or when the response was intended for a context incapable of handling it (e.g., an HTML document like a 404 error page being directed to an < img> tag). Note: Chrome will cease displaying warning messages for empty or error responses starting from Chrome 69, as these are false positives that have no bearing on site behavior. If you encounter CORB warnings in Chrome 67 or 68, it is advisable to test the site in Chrome 69 to check for any lingering warnings.

In rare situations, the CORB warning message could signal an issue on a website, potentially causing disruptions in its behavior when certain responses are blocked. For example, a response equipped with an “X-Content-Type-Options: nosniff” header and an incorrect “Content-Type” header may face blocking. This scenario could, for instance, impede the display of a genuine image mislabeled as “Content-Type: text/html” with “nosniff.” If such an occurrence hinders a page’s functionality, we recommend notifying the website and requesting a correction to the “Content-Type” header for the response.

If you suspect that Chrome is erroneously blocking a response, leading to disruptions in a website’s behavior, please submit a Chromium bug report detailing the inaccurately blocked response (including both headers and body) and/or the URL serving it. To confirm whether CORB is the cause of the issue, temporarily disable it by launching Chrome with the following command line flag:

–disable-features=CrossSiteDocumentBlockingAlways,CrossSiteDocumentBlockingIfIsolating"

Root Cause:
Cross-Origin Read Blocking (CORB) is an algorithm that can identify and block dubious cross-origin resource loads in web browsers before they reach the web page. CORB reduces the risk of leaking sensitive data by keeping it further from cross-origin web pages. In most browsers, it keeps such data out of untrusted script execution contexts. In browsers with Site Isolation, it can keep such data out of untrusted renderer processes entirely, helping even against side channel attacks like Spectre.