Changes in Chrome 80 and impact on session handling in SAP systems – locked objects

Update: an earlier version of this blog said this change will come with Chrome 78; Google has changed their plans and moved this change out to Chrome 80 now, which will come only early February 2020.

Amongst many other changes, this version restricts the capabilities for web pages to react on the user navigating away from pages or closing tabs.

The immediate impact on SAP Fiori launchpad and Portal users is, that we expect issues in properly closing sessions on the SAP backend while navigating through apps in Chrome browser – resulting in end users seeing error messages on locked objects. The back-end session persists and objects remain locked until the server-side session timeout occurs, when an end user carries out any of the following actions:

• closing the browser
• refreshing the page
• navigating from one application to another application

This will lead to messages showing that data objects are locked and you are unable to continue your business process.

Technically, Google Chrome will per default

• disallow the sending of synchronous XHR requests and
• disallow the use of window.open

during the browser unload event.

This will cause the existing session handling of several SAP UI frameworks – including Web Dynpro ABAP, SAP GUI for HTML, and SAP Enterprise Portal – to stop working in the cases described above.

Customer action required

Currently, no solution exists for all use-cases that will work with the new Chrome default settings. SAP is in discussion with Google about possible workarounds. Once a solution is implemented by Google and SAP, we expect that customers will have to upgrade their SAP landscape dependent on the final solution.

Possible workarounds include:

• switch back to old browser behavior by enabling Chrome group policies or Chrome flags. This can be done either centrally by for IT department or manually by your end users depending on your company policies
• SAP provides updates improving the situation (without addressing it completely)
• use another user agent like Internet Explorer, Firefox or Safari (consider the Product Availability Matrix)
• downgrade to a Chrome version lower than 78

Google Chrome Settings

Google offers the possibility to enable the deprecated feature again (tentatively until Chrome 82). Please contact Google Support directly for further information.

SAP recommends to always enable both features, if possible via centrally managed policies or alternatively by instructing end-users how to change their browser settings.

1) Chrome 78: Disallow sync XHR in page dismissal

Short-term solution provided by Google is to use a flag or group policy to allow sync XHR during unload.

• Chrome Flag “chrome://flags/#enable-forbid-sync-xhr-in-page-dismissal” see document: https://www.chromestatus.com/feature/4664843055398912
• Chrome group policy “AllowSyncXHRInPageDismissal” see document https://cloud.google.com/docs/chrome-enterprise/policies/?policy=AllowSyncXHRInPageDismissal
• Site admins could opt your site into the AllowSyncXHRInPageDismissal origin trial, request a token, and turn the feature on for your origin (e.g. using SAP WebDispatcher)
  see document OriginTrials and https://developers.chrome.com/origintrials/#/trials/active –> Allow Sync XHR In Page Dismissal

2) Chrome 78: Don’t allow popups during page unload

Short term solution provided by Google is to use a Group Policy to allow Popups during unload.

• Chrome Flag “chrome://flags/#allow-popups-during-page-unload” see document: https://www.chromestatus.com/feature/4664843055398912
• Chrome group policy “AllowPopupsDuringPageUnloadl” see document https://cloud.google.com/docs/chrome-enterprise/policies/?policy=AllowPopupsDuringPageUnload and AllowsPopupsDuringPageUnload.

See the Google documents (for further information or HOW-TOs, contact Google):

• Here are the templates for deploying policies on the different platforms.
• Here is the administrator guide for setting the policies on those machines.
• For the mobile platforms, these will be managed via a cloud console. The documentation for that can be found here.

SAP improvements

We recommend to update your landscape using following notes which contain some improvements – see the specific notes for more detail:

• Web Dynpro ABAP – install newest available Unified Rendering TCI see SAP note 2500800 (at least greater than UR 1909)
• SAP GUI for HTML – install newest available Unified Rendering Patch >= 1909 see SAP note 2500800  (at least greater than UR 1909)
• NetWeaver Business Client for HTML see SAP note 2785190 (Patch 66 or higher)
• CRM (WEBCUIF) see SAP Note 2821623

Keep up-to-date

The information summarized in this blog post is available in more details in SAP note 2781622; please follow this note (see SAP Note 2171560 – How to be notified of new or updated SAP Notes or KBA’s in the ONE Support Launchpad) and revisit it for updates as we go through the process with Google to work out a reliable solution path going forward.