Closed Bug 858225 Opened 11 years ago Closed 6 years ago

getAllResponseHeaders on XHR broken for packaged apps

Categories

(Firefox OS Graveyard :: General, defect, P1)

Product:
Firefox OS Graveyard
Component:
General
Platform:
x86
Gonk (Firefox OS)
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX

People

(Reporter: basta, Unassigned)

Details

Since packaged apps can only access CORSed URLs, all requests suffer from this issue. This appears to be the same symptoms as bug 608735, which may not have been fixed for FXOS.

Calling xhr.getAllResponseHeaders() for any CORSed request seems to return null/empty string. This breaks jQuery's XHR and anything that relies on response headers to function.

I have not tested this in an app which requests the systemXHR permission.
Adding a few people Andrew recommended that might have some input.

What impact does this have on marketplace specifically?
This prevents the Marketplace from looking at the Content-Type (or any other header) of any request that's coming back. This means that jQuery doesn't parse JSON on FXOS, but does on desktop. This also means that other applications won't be compatible with FXOS out-of-the-box if they rely on jQuery (or a jQuery-like library). 

A dirty hack is to patch jQuery that I'm using in Fireplace:

responseHeaders = xhr.getAllResponseHeaders();
// FIXME: This is a hack to work around bug 858225
if (!responseHeaders) {
    responseHeaders = 'Content-Type: ' + xhr.getResponseHeader('Content-Type');
}

We shouldn't need to do this, though, because getAllResponseHeaders should work.
What resource do you try to access?
This is the test URI that I've been working with:

http://chimney.paas.allizom.org/api/v1/home/page/
The origin of that URI is:
http://chimney.paas.allizom.org

and the origin of your application is:
app://{guid}

Why do you expect the request to work cross-origin?
As it says in comment 0, the URL has CORS headers. The body is accessible, just not the headers.
(In reply to Matt Basta [:basta] from comment #6)
> As it says in comment 0, the URL has CORS headers. The body is accessible,
> just not the headers.

Comment 0 do not specify that the body is accessible.

Do you have this problem with other apps than packaged apps? with regular web pages?
The problem conceivably happens with all apps and not just packaged apps. I have not tested with a web app. It's more important for packaged apps, though, because ALL requests are affected since there are no URLs which share the app's origin.
(In reply to Matt Basta [:basta] from comment #8)
> The problem conceivably happens with all apps and not just packaged apps. I
> have not tested with a web app. It's more important for packaged apps,
> though, because ALL requests are affected since there are no URLs which
> share the app's origin.

I'm curious -- if you add the systemXHR privilege to your app, does that make it work?
(In reply to Bill Walker [:bwalker] [@wfwalker] from comment #9)
> I'm curious -- if you add the systemXHR privilege to your app, does that
> make it work?

You'll have to give me a while to try this out, I'm unfortunately not equipped at the moment to make that happen. I'll try to give you an answer by the beginning of next week.
Firefox OS is not being worked on
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.