Changes in Chrome 80 and impact on session handling in SAP systems – locked objects
Update: an earlier version of this blog said this change will come with Chrome 78; Google has changed their plans and moved this change out to Chrome 80 now, which will come only early February 2020.
Amongst many other changes, this version restricts the capabilities for web pages to react on the user navigating away from pages or closing tabs.
The immediate impact on SAP Fiori launchpad and Portal users is, that we expect issues in properly closing sessions on the SAP backend while navigating through apps in Chrome browser – resulting in end users seeing error messages on locked objects. The back-end session persists and objects remain locked until the server-side session timeout occurs, when an end user carries out any of the following actions:
- closing the browser
- refreshing the page
- navigating from one application to another application
This will lead to messages showing that data objects are locked and you are unable to continue your business process.
Technically, Google Chrome will per default
during the browser unload event.
This will cause the existing session handling of several SAP UI frameworks – including Web Dynpro ABAP, SAP GUI for HTML, and SAP Enterprise Portal – to stop working in the cases described above.
Customer action required
Currently, no solution exists for all use-cases that will work with the new Chrome default settings. SAP is in discussion with Google about possible workarounds. Once a solution is implemented by Google and SAP, we expect that customers will have to upgrade their SAP landscape dependent on the final solution.
Possible workarounds include:
- switch back to old browser behavior by enabling Chrome group policies or Chrome flags. This can be done either centrally by for IT department or manually by your end users depending on your company policies
- SAP provides updates improving the situation (without addressing it completely)
- use another user agent like Internet Explorer, Firefox or Safari (consider the Product Availability Matrix)
- downgrade to a Chrome version lower than 78
Google Chrome Settings
Google offers the possibility to enable the deprecated feature again (tentatively until Chrome 82). Please contact Google Support directly for further information.
SAP recommends to always enable both features, if possible via centrally managed policies or alternatively by instructing end-users how to change their browser settings.
1) Chrome 78: Disallow sync XHR in page dismissal
Short-term solution provided by Google is to use a flag or group policy to allow sync XHR during unload.
- Chrome Flag “chrome://flags/#enable-forbid-sync-xhr-in-page-dismissal” see document: https://www.chromestatus.com/feature/4664843055398912
- Chrome group policy “AllowSyncXHRInPageDismissal” see document https://cloud.google.com/docs/chrome-enterprise/policies/?policy=AllowSyncXHRInPageDismissal
- Site admins could opt your site into the AllowSyncXHRInPageDismissal origin trial, request a token, and turn the feature on for your origin (e.g. using SAP WebDispatcher)
see document OriginTrials and https://developers.chrome.com/origintrials/#/trials/active –> Allow Sync XHR In Page Dismissal
2) Chrome 78: Don’t allow popups during page unload
Short term solution provided by Google is to use a Group Policy to allow Popups during unload.
- Chrome Flag “chrome://flags/#allow-popups-during-page-unload” see document: https://www.chromestatus.com/feature/4664843055398912
- Chrome group policy “AllowPopupsDuringPageUnloadl” see document https://cloud.google.com/docs/chrome-enterprise/policies/?policy=AllowPopupsDuringPageUnload and AllowsPopupsDuringPageUnload.
See the Google documents (for further information or HOW-TOs, contact Google):
- Here are the templates for deploying policies on the different platforms.
- Here is the administrator guide for setting the policies on those machines.
- For the mobile platforms, these will be managed via a cloud console. The documentation for that can be found here.
We recommend to update your landscape using following notes which contain some improvements – see the specific notes for more detail:
- Web Dynpro ABAP – install newest available Unified Rendering TCI see SAP note 2500800 (at least greater than UR 1909)
- SAP GUI for HTML – install newest available Unified Rendering Patch >= 1909 see SAP note 2500800 (at least greater than UR 1909)
- NetWeaver Business Client for HTML see SAP note 2785190 (Patch 66 or higher)
- CRM (WEBCUIF) see SAP Note 2821623
The information summarized in this blog post is available in more details in SAP note 2781622; please follow this note (see SAP Note 2171560 – How to be notified of new or updated SAP Notes or KBA’s in the ONE Support Launchpad) and revisit it for updates as we go through the process with Google to work out a reliable solution path going forward.
Thanks for communicating this issue early,
we would like to test this in our own landscape to understand the impact. When testing with Chrome Canary "Version 79.0.3936.0 (Offizieller Build) canary (64-Bit)" I neither saw the problematic features active nor did I find the Chrome Flags for configuration. This confuses me. I would expect Canary 79 to contain these features. Am I wrong? We love using Canary because it allows us to use it in parallel to the "official" Chrome installation.
We just got notified by Google yesterday night that they decided to move this change out to Chrome 80. I have updated the post above. This has probably been just timed perfectly so you already have a version of Chrome Canary where the flag has been taken out again.
Google has also updated their documents by now.
Google will remove the flag AllowSyncXHRInPageDismissal with patch 88 – coming in January
thank you for this blog !
I just add a link to other blog linked to Google Chrome issue:
Handling Google Chrome SameSite cookie change in SAP on-prem applications