Closed Bug 1196882 Opened 9 years ago Closed 9 years ago

Firefox not following 303/7 Status Code after 302

Categories

(Core :: Networking: HTTP, defect)

Product:
Core
Component:
Networking: HTTP
Version:
39 Branch
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla43
Tracking Flags:
Tracking Status
firefox41 --- fixed
firefox42 --- fixed
firefox43 --- fixed

People

(Reporter: benny, Assigned: mcmanus)

References

Details

(Keywords: dev-doc-complete, regression, site-compat)

Attachments

(1 file)

dont enforce h1 framing on non 2xx
5.17 KB, patch
bagder
: review+
ritu
: approval-mozilla-aurora+
ritu
: approval-mozilla-beta+
Details | Diff | Splinter Review
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36 Steps to reproduce: I'm a developer with spideroak.com. The OMVA we have built for our SMB and Enterprise customers has an option to `View User's Data` from a user's detail page. The process for linking to the user's data follows a 4 step process wherein the page is directed through a couple of channels, landing at the user's url: - Click the button. This kicks off the process of grabbing user's validation through an escrow process. - The process returns a 302 redirect with credentials to our internal processor. - The internal processor validates and returns a 303 with the supplied destination url. - Manager can then view user's data. Due to certain policies, I cannot provide a reduced test case. However, I can direct you to a secured a minimal as possible version of our product upon request for reproduction. Actual results: From the 303, the final supplied url should load. But Firefox spins for a while then just times out. Expected results: Firefox should follow 303 to the final destination. Note: This works in Firefox 38.0.5 but causes the above issue in 39.0.3 to Nightly 43.0a1
OS: Unspecified → All
Product: Core → Firefox
Hardware: Unspecified → All
Component: Untriaged → Networking: HTTP
Product: Firefox → Core
Maybe there is a regression in FF39. A dev will probably ask you an access to the testcase.
please supply an http log of the test case. When you upload the attachment you can mark it private. https://developer.mozilla.org/en-US/docs/Mozilla/Debugging/HTTP_logging
(In reply to Patrick McManus [:mcmanus] from comment #2) > please supply an http log of the test case. When you upload the attachment > you can mark it private. > > https://developer.mozilla.org/en-US/docs/Mozilla/Debugging/HTTP_logging The log files generated from this exceed the upload limit. I can attach them offsite in a spideroak.com ShareRoom. Alternatively can I trim the logs at a certain point? Currently the log generated from the 38.0.5 test case is 37.2MB and the one from 40.0.2 is 51.1MB Also - I didn't see an option in the Create New Attachment view for marking the files as private.
You can upload the log file to a third-party cloud service like Dropbox, Mediafire etc. and post the download link here.
on the upload screen there is a checkbox under privacy.. but if you're just going to include a link in a comment (which is fine) then you want the "make comment private" checkbox next to "additional comments"
oh - and those logs are text and compress very well..
(In reply to Patrick McManus [:mcmanus] from comment #6) > oh - and those logs are text and compress very well.. Here you go. This ShareRoom will be available till the conclusion of this ticket. https://spideroak.com/browse/share/Rustic/firefox-logs
Whiteboard: 1196237
Whiteboard: 1196237
if you find the 303 response in the log (see other is a good string to search for) it has a content-length of 246 but there are no body bytes sent after the headers and the server closes the connection. We detect that, correctly, as a malformed response. (and this is a new behavior) The fastest fix for you would be to make it well formed.. (c-l 0, or send a body, or just omit c-l as long as you close the connection) Given that this is a redirect and the response body is not all that important, I think we should also consider the firefox behavior an overreaction and let this slide on non 2xx cases for webcompat reasons. I'll attach a patch soon bagder ni just fyi
Flags: needinfo?(daniel)
Yeah, seeing that there are now more than one case of this and they're rather obscure to the users I can see how we might need to backpedal once again. Do you plan on loosening the check for redirects in particular or do it for all non-2xx status responses?
Flags: needinfo?(daniel)
(In reply to Daniel Stenberg [:bagder] from comment #9) > Yeah, seeing that there are now more than one case of this and they're > rather obscure to the users I can see how we might need to backpedal once > again. Do you plan on loosening the check for redirects in particular or do > it for all non-2xx status responses? can you include other bug numbers here?
I was thinking about bug 1186830 in addition to this.
Attachment #8655007 - Flags: review?(daniel)
Assignee: nobody → mcmanus
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
Comment on attachment 8655007 [details] [diff] [review] dont enforce h1 framing on non 2xx Looking good!
Attachment #8655007 - Flags: review?(daniel) → review+
Blocks: 237623
Comment on attachment 8655007 [details] [diff] [review] dont enforce h1 framing on non 2xx Approval Request Comment [Feature/regressing bug #]:237623 - gecko 39 [User impact if declined]: minor webcompat issue with non compliant http responses can lead to failed navigations. We can loosen the rules a little bit with this patch and still obtain the goal of 237623. [Describe test coverage new/current, TreeHerder]: new xpcshell test [Risks and why]: extremely low risk - 237623 tightened handling of non-compliant responses, and this change brings us back to where we were for a small subset of them for reasons of web compat. [String/UUID change made/needed]: none
Attachment #8655007 - Flags: approval-mozilla-beta?
Attachment #8655007 - Flags: approval-mozilla-aurora?
Benny, would you be able to verify the fix on Nightly build from 09-02 or later? I am hoping the fix will be in the next Nightly build. Thanks!
Flags: needinfo?(benny)
Adding the keyword regression and setting status affected for 41+
status-firefox41: --- → affected
status-firefox42: --- → affected
status-firefox43: --- → affected
Keywords: regression
(In reply to Ritu Kothari (:ritu) from comment #20) > Benny, would you be able to verify the fix on Nightly build from 09-02 or > later? I am hoping the fix will be in the next Nightly build. Thanks! Absolutely. I'll test as soon as the build comes out.
Flags: needinfo?(benny)
FF Nightly 43.0a1 (2015-09-02) fails. Will try again tomorrow. Let me know if you need anything.
https://hg.mozilla.org/mozilla-central/rev/9620db5a619d
Status: ASSIGNED → RESOLVED
Closed: 9 years ago
status-firefox43: affectedfixed
Flags: in-testsuite+
Resolution: --- → FIXED
Target Milestone: --- → mozilla43
Fix works as of Nightly 43.0a1 (2015-09-03) Do you know when this will go to production? Thanks!
(In reply to Benny M from comment #25) > Fix works as of Nightly 43.0a1 (2015-09-03) > > Do you know when this will go to production? > > Thanks! Many Thanks Benny! This should in 41.0b8 and 41 when it goes live.
Comment on attachment 8655007 [details] [diff] [review] dont enforce h1 framing on non 2xx Given that the patch was verified, I feel much more confident uplifting to Aurora42 and Beta41.
Attachment #8655007 - Flags: approval-mozilla-beta?
Attachment #8655007 - Flags: approval-mozilla-beta+
Attachment #8655007 - Flags: approval-mozilla-aurora?
Attachment #8655007 - Flags: approval-mozilla-aurora+
Can confirm that this issue is resolved in 41.0! Thanks a ton for all your work and your attention to this issue!
Usually we don't document bug fixes (unless very old). In this case, I think the site-compat info will be enough.
Keywords: dev-doc-neededdev-doc-complete
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: