Closed
Bug 1143155
Opened 9 years ago
Closed 9 years ago
Filtered response should allow access to underlying unfiltered headers
Categories
(Core :: DOM: Workers, defect)
Tracking
()
RESOLVED
FIXED
mozilla39
Tracking | Status | |
---|---|---|
firefox39 | --- | fixed |
People
(Reporter: nsm, Assigned: nsm)
References
Details
Attachments
(1 file, 1 obsolete file)
39 bytes,
text/x-review-board-request
|
Details |
Since SW interception happens lower in our network stack than CORS handling it is important to allow access to unfiltered headers internally. For example, if a SW intercepts CORS requests and replies transparently onfetch = function(e) { e.respondWith(fetch(e.request)); } fetch() will return a Response which is CORS filtered and does not have access-control-allow-origin and other headers. But the intercepted channel needs these headers since there are other cors listeners 'upstream' which will fail the request if they can't observe the headers.
Assignee | ||
Comment 1•9 years ago
|
||
/r/5405 - Bug 1143155 - Filtered response stores internal response and allows access to headers Pull down this commit: hg pull review -r 26caee261cc759d54634915cd8e1b36592ad4045
Attachment #8577481 -
Flags: review?(josh)
Attachment #8577481 -
Flags: review?(bkelly)
Assignee | ||
Comment 2•9 years ago
|
||
FYI relevant spec section https://fetch.spec.whatwg.org/#concept-filtered-response
Comment 3•9 years ago
|
||
I'm not sure my review here is very meaningful, as I've never looked at most of the code being touched.
Comment 4•9 years ago
|
||
Comment on attachment 8577481 [details] MozReview Request: bz://1143155/nsm https://reviewboard.mozilla.org/r/5403/#review4371 I don't think this handles `Clone()` correctly. Right now you will clone the wrapper filtered response, but the underlying mWrappedResponse is not cloned. Does this pass our currentl clone() tests? I would expect it to fail if we are actually generating filtered responses from fetch(). ::: dom/fetch/InternalResponse.h (Diff revision 1) > + return mWrappedResponse->GetBody(aStream); `MOZ_ASSERT(!mBody);` ::: dom/fetch/InternalResponse.cpp (Diff revision 1) > if (!mBody) { You need to check for mWrappedResponse here and clone the wrapped response as well. ::: dom/fetch/InternalResponse.h (Diff revision 1) > + UnfilteredHeaders() Should we expose this as a [ChromeOnly] webidl method so we can verify the unfiltered headers in a mochitest?
Attachment #8577481 -
Flags: review?(bkelly)
Comment 5•9 years ago
|
||
Also, I think we need test coverage for wrapped and non-wrapped cases.
Updated•9 years ago
|
Attachment #8577481 -
Flags: review?(josh)
Assignee | ||
Updated•9 years ago
|
Attachment #8577481 -
Flags: review?(josh)
Attachment #8577481 -
Flags: review?(bkelly)
Assignee | ||
Comment 6•9 years ago
|
||
Comment on attachment 8577481 [details] MozReview Request: bz://1143155/nsm /r/5405 - Bug 1143155 - Filtered response stores internal response and allows access to headers Pull down this commit: hg pull review -r 2757349e508b89e4af2a9a1837a10d669c8de6c9
Assignee | ||
Updated•9 years ago
|
Attachment #8577481 -
Flags: review?(josh)
Assignee | ||
Comment 7•9 years ago
|
||
Ben, it is not possible to test for the wrapped headers (via [ChromeOnly]) through JS when the worker intercepts it because the Necko intermediate code will swallow the InternalResponse and put the properties on the channel, where stuff like nsCORSListenerProxy will remove the headers. The closest we can get to is https://bugzilla.mozilla.org/show_bug.cgi?id=1143981 since our fetch() tests already check response.type and ensure the body is hidden and headers match and so on.
Comment 8•9 years ago
|
||
Comment on attachment 8577481 [details] MozReview Request: bz://1143155/nsm https://reviewboard.mozilla.org/r/5403/#review4535 Sorry, before r+'ing, can you clarify all the extract changes regarding mSecurityInfo. etc? ::: dom/fetch/InternalResponse.h (Diff revisions 1 - 2) > + response->mSecurityInfo = mSecurityInfo; Why did all this stuff change in the patch? Is it a rebase? The mozreview interface does not make it obvious... ::: dom/fetch/InternalResponse.cpp (Diff revisions 1 - 2) > -InternalResponse::InternalResponse(const InternalResponse& aOther) If you want to disallow copying, I think you should add this to your header: ``` InternalResponse(const InternalResponse&) = delete; InternalResponse& operator=(const InternalResponse&) = delete; ``` ::: dom/fetch/InternalResponse.h (Diff revisions 1 - 2) > - if (mWrappedResponse) { > + if (mWrappedResponse && (Type() != ResponseType::Opaque)) { I think this would be easier to understand as: ``` if (Type() == ResponseType::Opaque) { return nullptr; } ``` ::: dom/fetch/InternalResponse.cpp (Diff revisions 1 - 2) > + clone->mWrappedResponse = mWrappedResponse->Clone(); I think it would be clearer to do this: ``` MOZ_ASSERT(!mBody); return clone.forget(); ```
Attachment #8577481 -
Flags: review?(bkelly)
Assignee | ||
Comment 9•9 years ago
|
||
Comment on attachment 8577481 [details] MozReview Request: bz://1143155/nsm /r/5405 - Bug 1143155 - Filtered response stores internal response and allows access to headers Pull down this commit: hg pull review -r 3581bdf02cd5f51be7beef5fedfb7a6dfd4ab92d
Attachment #8577481 -
Flags: review?(bkelly)
Comment 10•9 years ago
|
||
Comment on attachment 8577481 [details] MozReview Request: bz://1143155/nsm https://reviewboard.mozilla.org/r/5403/#review4547 r=me with the !mBody check fixed in the Clone method. ::: dom/fetch/InternalResponse.cpp (Diff revisions 2 - 3) > - if (!mBody) { You still need the !mBody check for the case where its a non-wrapped Response, but it just doesn't have a body.
Attachment #8577481 -
Flags: review?(bkelly) → review+
Assignee | ||
Comment 11•9 years ago
|
||
Comment on attachment 8577481 [details] MozReview Request: bz://1143155/nsm /r/5405 - Bug 1143155 - Filtered response stores internal response and allows access to headers Pull down this commit: hg pull review -r 8168e08463535783a46ceb931d9033481f6a580b
Attachment #8577481 -
Flags: review+ → review?(bkelly)
Assignee | ||
Comment 12•9 years ago
|
||
Comment on attachment 8577481 [details] MozReview Request: bz://1143155/nsm /r/5405 - Bug 1143155 - Filtered response stores internal response and allows access to headers Pull down this commit: hg pull review -r 8168e08463535783a46ceb931d9033481f6a580b
Attachment #8577481 -
Flags: review?(bkelly)
Assignee | ||
Comment 13•9 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/5fb84103d54c
Comment 14•9 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/5fb84103d54c
Assignee: nobody → nsm.nikhil
Status: NEW → RESOLVED
Closed: 9 years ago
status-firefox39:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla39
Assignee | ||
Comment 15•9 years ago
|
||
Attachment #8577481 -
Attachment is obsolete: true
Assignee | ||
Comment 16•9 years ago
|
||
You need to log in
before you can comment on or make changes to this bug.
Description
•