Net
The network error codes.
Entries
An asynchronous IO operation is not yet complete. This usually does not indicate a fatal error. Typically this error will be generated as a notification to wait for some external notification that the IO operation finally completed.
An argument to the function is incorrect.
The handle or file descriptor is invalid.
The file or directory cannot be found.
The file is too large.
An unexpected error. This may be caused by a programming mistake or an invalid assumption.
Permission to access a resource, other than the network, was denied.
The operation failed because of unimplemented functionality.
There were not enough resources to complete the operation.
Memory allocation failed.
The file upload failed because the file's modification time was different from the expectation.
The socket is not connected.
The file already exists.
The path or file name is too long.
Not enough room left on the disk.
The file has a virus.
The client chose to block the request.
The network changed.
The request was blocked by the URL block list configured by the domain administrator.
The socket is already connected.
The upload failed because the upload stream needed to be re-read, due to a retry or a redirect, but the upload stream does not support that operation.
The request failed because the URLRequestContext is shutting down, or has been shut down.
The request failed because the response was delivered along with requirements which are not met (X-Frame-Options and Content-Security-Policy ancestor checks and Cross-Origin-Resource-Policy for instance).
The request was blocked by a Content Security Policy.
The request was blocked by CORB or ORB.
The request was blocked because it originated from a frame that has disabled network access.
The request was blocked by fingerprinting protections.
The request was blocked by the Incognito Mode URL block list configured by the domain administrator.
A connection was closed (corresponding to a TCP FIN).
A connection was reset (corresponding to a TCP RST).
A connection attempt was refused.
A connection timed out as a result of not receiving an ACK for data sent. This can include a FIN packet that did not get ACK'd.
A connection attempt failed.
The host name could not be resolved.
The Internet connection has been lost.
An SSL protocol error occurred.
The IP address or port number is invalid (e.g., cannot connect to the IP address 0 or the port 0).
The IP address is unreachable. This usually means that there is no route to the specified host or network.
The server requested a client certificate for SSL client authentication.
A tunnel connection through the proxy could not be established. For more info see the comment on PROXY_UNABLE_TO_CONNECT_TO_DESTINATION.
The client and server do not support a common SSL protocol version or cipher suite.
The server requested a renegotiation (rehandshake).
The proxy requested authentication (for tunnel establishment) with an unsupported method.
The SSL handshake failed because of a bad or missing client certificate.
A connection attempt timed out.
There are too many pending DNS resolves, so a request in the queue was aborted.
Failed establishing a connection to the SOCKS proxy server for a target host.
The SOCKS proxy server failed establishing connection to the target host because that host is unreachable.
The request to negotiate an alternate protocol failed.
The peer sent an SSL no_renegotiation alert message.
Winsock sometimes reports more data written than passed. This is probably due to a broken LSP.
An SSL peer sent a fatal decompression_failure alert. This typically occurs when a peer selects DEFLATE compression in the mistaken belief that it supports it.
An SSL peer sent a fatal bad_record_mac alert. This has been observed from servers with buggy DEFLATE support.
The proxy requested authentication (for tunnel establishment).
Could not create a connection to the proxy server. An error occurred either in resolving its name, or in connecting a socket to it. Note that this does NOT include failures during the actual CONNECT method of an HTTP proxy.
A mandatory proxy configuration could not be used. Currently this means that a mandatory PAC script could not be fetched, parsed or executed.
The socket pool hit the maximum socket limit while preconnecting. Additional preconnects are not attempted.
The permission to use the SSL client certificate's private key was denied.
The SSL client certificate has no private key.
The certificate presented by the HTTPS Proxy was invalid.
An error occurred when trying to do a name resolution (DNS).
Permission to access the network was denied. This is used to distinguish errors that were most likely caused by a firewall from other access denied errors.
The request throttler module cancelled this request to avoid DDOS.
The client could not sign the CertificateVerify data of an SSL client auth handshake with the client certificate's private key.
The message was too large for the transport (for example, a UDP message which exceeds the size threshold).
WebSocket protocol error. Indicates that the connection is terminated due to a malformed frame or other protocol violation.
Returned when attempting to bind an address that is already in use.
The certificate did not match the built-in public key pins for the host name. The pins are set in net/http/transport_security_state.cc and require that one of a set of public keys exist on the path from the leaf to the root.
Server request for client certificate did not contain any supported types.
An SSL peer sent a fatal decrypt_error alert. This typically occurs when a peer could not correctly verify a signature (in CertificateVerify or ServerKeyExchange) or validate a Finished message.
There are too many pending WebSocketJob instances, so the new job was not pushed to the queue.
The SSL server certificate changed in a renegotiation.
The SSL server sent a fatal unrecognized_name alert.
Failed to set the socket's receive buffer size as requested.
Failed to set the socket's send buffer size as requested.
Failed to set the socket's receive buffer size as requested, despite success return code from setsockopt.
Failed to set the socket's send buffer size as requested, despite success return code from setsockopt.
Failed to import a client certificate from the platform store into the SSL library.
Resolving a hostname to an IP address list included the IPv4 address 127.0.53.53. This is a special IP address which ICANN has recommended to indicate there was a name collision, and alert admins to a potential problem.
The SSL server presented a certificate which could not be decoded. This is not a certificate error code as no X509Certificate object is available. This error is fatal.
Certificate Transparency: Received a signed tree head that failed to parse.
Certificate Transparency: Received a signed tree head whose JSON parsing was OK but was missing some of the fields.
The attempt to reuse a connection to send proxy auth credentials failed before the AuthController was used to generate credentials. The caller should reuse the controller with a new connection. This error is only used internally by the network stack.
Certificate Transparency: Failed to parse the received consistency proof.
The SSL server required an unsupported cipher suite that has since been removed. This error will temporarily be signaled on a fallback for one or two releases immediately following a cipher suite's removal, after which the fallback will be removed.
When a WebSocket handshake is done successfully and the connection has been upgraded, the URLRequest is cancelled with this error code.
Socket ReadIfReady support is not implemented. This error should not be user visible, because the normal Read() method is used as a fallback.
No socket buffer space is available.
There were no common signature algorithms between the client certificate's private key and the server's preferences.
TLS 1.3 early data was rejected by the server. This will be received before any data is returned from the socket. The request should be retried with early data disabled.
TLS 1.3 early data was offered, but the server responded with TLS 1.2 or earlier. This is an internal error code to account for a backwards-compatibility issue with early data and TLS 1.2. It will be received before any data is returned from the socket. The request should be retried with early data disabled.
TLS 1.3 was enabled, but a lower version was negotiated and the server returned a value indicating it supported TLS 1.3. This is part of a security check in TLS 1.3, but it may also indicate the user is behind a buggy TLS-terminating proxy which implemented TLS 1.2 incorrectly.
The server's certificate has a keyUsage extension incompatible with the negotiated TLS key exchange method.
The ECHConfigList fetched over DNS cannot be parsed.
ECH was enabled, but the server was unable to decrypt the encrypted ClientHello.
ECH was enabled, the server was unable to decrypt the encrypted ClientHello, and additionally did not present a certificate valid for the public name.
An attempt to proxy a request failed because the proxy was not able to successfully connect to the destination. This likely indicates an issue with the request itself (for instance, the hostname failed to resolve to an IP address or the destination server refused the connection). This error code is used to indicate that the error is outside the control of the proxy server and thus the proxy chain should not be marked as bad. This is in contrast to TUNNEL_CONNECTION_FAILED which is used for general purpose errors connecting to the proxy and by the proxy request response handling when a proxy delegate does not indicate via a different error code whether proxy fallback should occur. Note that for IP Protection proxies this error code causes the proxy to be marked as bad since the preference is to fail open for general purpose errors, but for other proxies this error does not cause the proxy to be marked as bad.
Some implementations of ProxyDelegate query a separate entity to know whether it should cancel tunnel prior to: - The HTTP CONNECT requests being sent out - The HTTP CONNECT response being parsed An example is CronetProxyDelegate: Cronet allows developers to decide whether the tunnel being established should be canceled.
The server responded with a certificate whose common name did not match the host name. This could mean:
The server responded with a certificate that, by the system clock, appears to either not yet be valid or to have expired. This could mean:
The server responded with a certificate that is signed by an authority that is not trusted. This could mean:
The server responded with a certificate that contains errors. This error is not recoverable. MSDN describes this error as follows: "The SSL certificate contains errors."
The certificate has no mechanism for determining if it is revoked. In effect, this certificate cannot be revoked.
Revocation information for the security certificate for this site is not available. This could mean:
The server responded with a certificate that has been revoked. Ignoring this error is not recommended.
The server responded with a certificate that is invalid. This error is not recoverable.
The server responded with a certificate that is signed using a weak signature algorithm.
The host name specified in the certificate is not unique.
The server responded with a certificate that contains a weak key (e.g. a too-small RSA key).
The certificate claimed DNS names that are in violation of name constraints.
The certificate's validity period is too long.
Certificate Transparency was required for this connection, but the server did not provide CT information that complied with the policy.
The certificate is known to be used for interception by an entity other than the device owner.
The certificate is self-signed and it is being used for either an RFC1918 IP literal URL, or a URL ending in .local.
The URL is invalid.
The scheme of the URL is disallowed.
The scheme of the URL is unknown.
Attempting to load a URL resulted in a redirect to an invalid URL.
Attempting to load a URL resulted in too many redirects.
Attempting to load a URL resulted in an unsafe redirect (e.g., a redirect to file:// is considered unsafe).
Attempting to load a URL with an unsafe port number. These are port numbers that correspond to services, which are not robust to spurious input that may be constructed as a result of an allowed web construct (e.g., HTTP looks a lot like SMTP, so form submission to port 25 is denied).
The server's response was invalid.
Error in chunked transfer encoding.
The server did not support the request method.
The response was 407 (Proxy Authentication Required), yet the request was not sent to a proxy.
The server closed the connection without sending any data.
The headers section of the response is too large.
The evaluation of the PAC script failed.
The response was 416 (Requested range not satisfiable) and the server cannot satisfy the range requested.
The identity used for authentication is invalid.
Content decoding of the response body failed.
An operation could not be completed because all network IO is suspended.
There are no supported proxies in the provided list.
There is an HTTP/2 protocol error.
Credentials could not be established during HTTP Authentication.
An HTTP Authentication scheme was tried which is not supported on this machine.
Detecting the encoding of the response failed.
(GSSAPI) No Kerberos credentials were available during HTTP Authentication.
An unexpected, but documented, SSPI or GSSAPI status code was returned.
The environment was not set up correctly for authentication (for example, no KDC could be found or the principal is unknown).
An undocumented SSPI or GSSAPI status code was returned.
The HTTP response was too big to drain.
The HTTP response contained multiple distinct Content-Length headers.
HTTP/2 headers have been received, but not all of them - status or version headers are missing, so additional frames are expected to complete them.
No PAC URL configuration could be retrieved from DHCP. This can indicate either a failure to retrieve the DHCP configuration, or that there was no PAC URL configured in DHCP.
The HTTP response contained multiple Content-Disposition headers.
The HTTP response contained multiple Location headers.
HTTP/2 server refused the request without processing, and sent either a GOAWAY frame with error code NO_ERROR and Last-Stream-ID lower than the stream id corresponding to the request indicating that this request has not been processed yet, or a RST_STREAM frame with error code REFUSED_STREAM. Client MAY retry (on a different connection).
HTTP/2 server did not respond to the PING message.
The HTTP response body transferred fewer bytes than were advertised by the Content-Length header when the connection is closed.
The HTTP response body is transferred with Chunked-Encoding, but the terminating zero-length chunk was never sent when the connection is closed.
There is a QUIC protocol error.
The HTTP headers were truncated by an EOF.
The QUIC crypto handshake failed. This means that the server was unable to read any requests sent, so they may be resent.
Transport security is inadequate for the HTTP/2 version.
The peer violated HTTP/2 flow control.
The peer sent an improperly sized HTTP/2 frame.
Decoding or encoding of compressed HTTP/2 headers failed.
Proxy Auth Requested without a valid 'Client Socket Handle'.
HTTP_1_1_REQUIRED error code received on HTTP/2 session.
HTTP_1_1_REQUIRED error code received on HTTP/2 session to proxy.
The PAC script terminated fatally and must be reloaded.
Signals that the request requires the IPP proxy.
The server was expected to return an HTTP/1.x response, but did not. Rather than treat it as HTTP/0.9, this error is returned.
Initializing content decoding failed.
Received HTTP/2 RST_STREAM frame with NO_ERROR error code. This error should be handled internally by HTTP/2 code, and should not make it above the SpdyStream layer.
An HTTP transaction was retried too many times due to authentication or invalid certificates. This may be due to a bug in the net stack that would otherwise infinite loop, or if the server or proxy continually requests fresh credentials or presents a fresh invalid certificate.
Received an HTTP/2 frame on a closed stream.
The server returned a non-2xx HTTP response code.
The certificate presented on a QUIC connection does not chain to a known root and the origin connected to is not on a list of domains where unknown roots are allowed.
A GOAWAY frame has been received indicating that the request has not been processed and is therefore safe to retry on a different connection.
The ACCEPT_CH restart has been triggered too many times.
The IP address space of the remote endpoint differed from the previous observed value during the same request. Any cache entry for the affected request should be invalidated.
The IP address space of the cached remote endpoint is blocked by private network access check.
The connection is blocked by private network access checks.
Content decoding failed due to the zstd window size being too big (over 8MB).
The compression dictionary cannot be loaded.
The header of a dictionary-compressed stream does not match the expected value.
The cache does not have the requested entry.
Unable to read from the disk cache.
Unable to write to the disk cache.
The operation is not supported for this entry.
The disk cache is unable to open this entry.
The disk cache is unable to create this entry.
Multiple transactions are racing to create disk cache entries. This is an internal error returned from the HttpCache to the HttpCacheTransaction that tells the transaction to restart the entry-creation logic because the state of the cache has changed.
The cache was unable to read a checksum record on an entry. This can be returned from attempts to read from the cache. It is an internal error, returned by the SimpleCache backend, but not by any URLRequest methods or members.
The cache found an entry with an invalid checksum. This can be returned from attempts to read from the cache. It is an internal error, returned by the SimpleCache backend, but not by any URLRequest methods or members.
Internal error code for the HTTP cache. The cache lock timeout has fired.
Received a challenge after the transaction has read some data, and the credentials are not available. There is no way to get them at that point.
Internal not-quite error code for the HTTP cache. In-memory hints suggest that the cache entry would not have been usable with the transaction's current configuration (e.g. load flags, mode, etc.).
The disk cache is unable to doom this entry.
The disk cache is unable to open or create this entry.
The server's response was insecure (e.g. there was a cert error).
An attempt to import a client certificate failed, as the user's key database lacked a corresponding private key.
An error adding a certificate to the OS certificate database.
An error occurred while handling a signed exchange.
An error occurred while handling a Web Bundle source.
A Trust Tokens protocol operation-executing request failed for one of a number of reasons (precondition failure, internal error, bad response).
When handling a Trust Tokens protocol operation-executing request, the system was able to execute the request's Trust Tokens operation without sending the request to its destination: for instance, the results could have been present in a local cache (for redemption) or the operation could have been diverted to a local provider (for platform-provided issuance).
PKCS #12 import failed due to incorrect password.
PKCS #12 import failed due to other error.
CA import failed - not a CA cert.
Import failed - certificate already exists in database.
CA import failed due to some other error.
Server certificate import failed due to some internal error.
PKCS #12 import failed due to invalid MAC.
PKCS #12 import failed due to invalid/corrupt file.
PKCS #12 import failed due to unsupported features.
Key generation failed.
Failure to export private key.
Self-signed certificate generation failed.
The certificate database changed in some way.
The certificate verifier configuration changed in some way.
DNS resolver received a malformed response.
DNS server requires TCP.
DNS transaction timed out.
The entry was not found in cache or other local sources, for lookups where only local sources were queried.
Suffix search list rules prevent resolution of the given host name.
Failed to sort addresses according to RFC3484.
Failed to resolve the hostname of a DNS-over-HTTPS server.
DNS identified the request as disallowed for insecure connection (http/ws). The error should be handled as if an HTTP redirect was received to redirect to https or wss.
All DNS requests associated with this job have been cancelled.
The hostname resolution of an HTTPS record was expected to be resolved with ALPN values of supported protocols, but did not.
When checking whether secure DNS can be used, the response returned for the requested probe record either had no answer or was invalid.
Returned when DNS cache invalidation is in progress. This is a transient error. Callers may want to retry later.
The DNS server responded with a format error response code.
The DNS server responded with a server failure response code.
The DNS server responded that the query type is not implemented.
The DNS server responded that the request was refused.
The DNS server responded with an rcode indicating that the request failed, but there is no specific error code for the rcode. In other words, the rcode was not one of the following: - NOERR - FORMERR - SERVFAIL - NXDOMAIN - NOTIMP - REFUSED
The construction arguments are invalid. This is considered a bad IPC.
There is not enough memory for the blob.
A file could not be created or written. File system error, like a full disk.
The renderer was destroyed while data was in transit.
The renderer destructed the blob before it was done transferring, and there were no outstanding references (no one is waiting to read) to keep the blob alive.
A blob referenced during construction is broken, or a browser-side builder tries to build a blob with a blob reference that is not finished constructing.
A file referenced during construction is not accessible to the renderer trying to create the blob.