Lazy Diary @ Hatena Blog

PowerShell / Java / miscellaneous things about software development, Tips & Gochas. CC BY-SA 4.0/Apache License 2.0

Chrome sends another request for "View page source"

Context:

  • You are developing a web application that has anti-CSRF function (transaction tokens).
  • You are using Chrome to test and debug the application.

Problem:

Once you had viewed the HTML source with “View page source” on the context menu, following requests will be failed because of unmatched token.

Reason:

If a page had received with HTTP headers like “Cache-Control: private, no-store, no-cache, must-revalidate”, Chrome will send another request for “View page source” operation to show the source of the page. It seems by design.

Solution:

  • Use TCP/IP monitor in Eclipse to see what returned from server.
  • Use Chrome Developer Tools to inspect the DOM of the page.