Treeherder prompts for Flash use

RESOLVED FIXED

Status

P2
normal
RESOLVED FIXED
5 years ago
4 years ago

People

(Reporter: jimm, Assigned: mdoglio)

Tracking

Details

Attachments

(1 attachment)

(Reporter)

Description

5 years ago
https://treeherder.mozilla.org/ui/#/jobs

This prompted me to allow flash to run. IMO, we should rely on 3rd party plugins for internal tools. FWIW, denying plugin use didn't seem to break anything.
(Reporter)

Comment 1

5 years ago
/should/shouldn't !
Bug 1030710 removed the "copy to clipboard" use of flash - I can't see anything else that uses it - other than a socket.io fallback [1], but we shouldn't be hitting that in a recent browser?

Could you paste the swf URL?

(I agree we shouldn't be using flash in our tools)

[1] https://github.com/mozilla/treeherder-ui/blob/de8457d14805a4178eb3d2e445a8b49aef18dd01/webapp/app/vendor/socket.io.js#L2595
Blocks: 1030636
Priority: -- → P2
Summary: Tree herder prompts for Flash use → Treeherder prompts for Flash use
Flags: needinfo?(jmathies)
(Reporter)

Comment 3

5 years ago
(In reply to Ed Morley [:edmorley] from comment #2)
> Bug 1030710 removed the "copy to clipboard" use of flash - I can't see
> anything else that uses it - other than a socket.io fallback [1], but we
> shouldn't be hitting that in a recent browser?
> 
> Could you paste the swf URL?

I can't trap it. The plugin object tag/window are created initially but appear to get removed shortly after they show up and we prompt. Allowing it to load doesn't provide any useful info in the plugin instance code, there's no src url and the object tag is created by script. Dev tools doesn't seem to understand the treeherder page at all (the network view is empty), and page info provides no plugin data.  

the url of the page is:
https://treeherder.mozilla.org/ui/#/jobs

I can see the plugin click-to-play frame briefly in the lower left side of the page during page load.
Flags: needinfo?(jmathies)
(Reporter)

Comment 4

5 years ago
Hmm, still not sure. Seems to load up about the same time |https://treeherder.mozilla.org/ui/partials/jobs.html| loads based on dev tools -> network -> html loads view.
So I'm seeing an <object> inserted by this code:

https://github.com/mozilla/treeherder-ui/blob/de8457d14805a4178eb3d2e445a8b49aef18dd01/webapp/app/vendor/socket.io.js#L2695

This is unconditionally creating an <object> with type="application/x-shockwave-flash" and sticking it into the DOM.

Specifically the relevant bit is (prettyprinted, but still with the crap minified names, sorry):

            var r = "object",
                q = "application/x-shockwave-flash";

            function C(X) {
                return j.createElement(X)
            }

            function V() {
                var X = j.getElementsByTagName("body")[0];
                var aa = C(r);
                aa.setAttribute("type", q);
                var Z = X.appendChild(aa);

followed by doing Z.GetVariable("$version") and the like.  Complete with a settimeout poll for that version to be available.  Then once is has the version or has spent 100ms polling, whichever comes first:

                        X.removeChild(aa);
This looks relevant:
https://github.com/Automattic/socket.io/issues/424

Do we just need to build a custom socket.io.js then?
Flags: needinfo?(cdawson)
edmorley I think that's exactly what we need to do. We will be landing a PR for it shortly. The swf loading is being done here:

https://github.com/mozilla/treeherder-ui/blob/de8457d14805a4178eb3d2e445a8b49aef18dd01/webapp/app/vendor/socket.io.js#L2695

It's a minified js line containing the SWFObject module. We commented that out locally and also prevented the initialization of the FlashSocket here:

https://github.com/mozilla/treeherder-ui/blob/de8457d14805a4178eb3d2e445a8b49aef18dd01/webapp/app/vendor/socket.io.js#L3045

This prevents the swf from ever being loaded and minimizes any related js console errors assuming the conditions for falling back to FlashSocket usage are not met at runtime. Most certainly a hack but gets the job done.
Flags: needinfo?(cdawson)
The github issue linked in comment 6 implies this could be scripted, via a custom generated build on socket.io; the approach in comment 7 sounds good short term - but might the generated approach make it easier to track socket.io updates in the future?
The solution described here, https://github.com/Automattic/socket.io/issues/424, would definitely be preferable but I'm unable to get a local build to work at the moment, will investigate a bit more.
(Assignee)

Comment 10

5 years ago
Created attachment 8461391 [details] [review]
Pull request 105 - treeherder-ui
(Assignee)

Comment 11

5 years ago
The attached PR disable the flash transport method for socket.io. There are no flash warnings on my machine with this applied, let me know if the problem still persists
That's great - thank you :-)

I was looking into this a bit more and noticed socket.io 1.x is also now out - but that can be dealt with later on - filed bug 1043292 for that.
Assignee: nobody → mdoglio
Status: NEW → ASSIGNED
Attachment #8461391 - Flags: feedback+
(Assignee)

Comment 13

5 years ago
Moving to Socket.io is more complicated than you would expect. Out server side implementation of the socket.io server is based on a python library (gevent-socketio) so we need to wait for this library to be updated to support the new socket.io client. I'll add some details on bug 1043292.
This merged and so can be marked as fixed right?
(Assignee)

Comment 15

5 years ago
Yep, I'm closing it
Status: ASSIGNED → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → FIXED
Has this been deployed yet?  Because https://treeherder.mozilla.org/ui/#/jobs?repo=try&revision=b06af5a36993 still wants to use flash on my machine.
(Assignee)

Comment 17

5 years ago
(In reply to Kyle Huey [:khuey] (khuey@mozilla.com) from comment #16)
> Has this been deployed yet?  Because
> https://treeherder.mozilla.org/ui/#/jobs?repo=try&revision=b06af5a36993
> still wants to use flash on my machine.

We are going to push it to production today
Commits pushed to master at https://github.com/mozilla/treeherder

https://github.com/mozilla/treeherder/commit/25bf115cf7e0ab70d9c2f5714a9eb85944085808
Prevent flash warning (bug 1042627)

I produced a custom build of the socket.io client to not include the
flash transport implementation. I also upgraded its version to the
latest release on the 0.9 branch.

https://github.com/mozilla/treeherder/commit/e0e4648d62fbe736371b2a2533fbf57513c1695b
Merge pull request #105 from mozilla/disable-socketio-flash

Disable socketio flash (bug 1042627)
You need to log in before you can comment on or make changes to this bug.