1226909 - Move more of CORS implementation into channels

Status: RESOLVED FIXED

(Core :: DOM: Security, defect)

Description

[Jonas Sicking (:sicking) No longer reading bugmail consistently]

Right now DOM consumers that use CORS still has to do a fair amount of logic, especially if they might trigger a redirect. We should move more of this into channel implementations to get more code sharing and to make sure that we get security checks consistent and correct.

Comment 1

[Jonas Sicking (:sicking) No longer reading bugmail consistently]

Attachment: Part 1: Do security checks in a redirect handler rather than when opening the redirected channel

Comment 2

[Jonas Sicking (:sicking) No longer reading bugmail consistently]

Attachment: Part 2: Let CORS preflight logic grab information from nsILoadInfo rather than duplicate it

Comment 3

[Jonas Sicking (:sicking) No longer reading bugmail consistently]

Attachment: Part 3: Move logic of when to initiate CORS preflight into channels. Allow CORS preflight to happen when doing a same-origin to cross-origin redirect

Comment 4

[Jonas Sicking (:sicking) No longer reading bugmail consistently]

Attachment: Part 4: Make AsyncOpen2 set taining information on channels. Use this information in XHR and fetch()

Comment 5

[Ben Kelly [:bkelly, not reviewing]]

Unfortunately I won't be able to review this until next week since I'm leaving for PTO shortly.  I think this is complex and sensitive enough I should not rush the review on the way out the door.  Sorry!

Comment 6

[Christoph Kerschbaumer [:ckerschb]]

Comment on attachment 8690653 [details] [diff] [review]
Part 1: Do security checks in a redirect handler rather than when opening the redirected channel

Review of attachment 8690653 [details] [diff] [review]:
-----------------------------------------------------------------

::: caps/nsScriptSecurityManager.cpp
@@ -1241,5 @@
> -nsScriptSecurityManager::AsyncOnChannelRedirect(nsIChannel* oldChannel, 
> -                                                nsIChannel* newChannel,
> -                                                uint32_t redirFlags,
> -                                                nsIAsyncVerifyRedirectCallback *cb)
> -{

It's nice to see that part move to the contentSecurityManager!

::: dom/security/nsContentSecurityManager.cpp
@@ +347,5 @@
> +  // if dealing with a redirected channel then we have already installed
> +  // streamlistener and redirect proxies and so we are done.
> +  if (loadInfo->GetInitialSecurityCheckDone()) {
> +    return NS_OK;
> +  }

Not sure if that makes a difference, but now that we enforce security checks in the redirecthandler rather than function, we could bail early by moving that InitialSecurityChecksDone() check to the very beginning of that function - up to you.

@@ +354,5 @@
> +    rv = DoCORSChecks(aChannel, loadInfo, aInAndOutListener);
> +    NS_ENSURE_SUCCESS(rv, rv);
> +  }
> +  else {
> +    rv = CheckChannel(aChannel);

Can we use a more descriptive name for that method? Or at least add a block statement on top of the method - thanks!

@@ +375,5 @@
> +  return NS_OK;
> +}
> +
> +NS_IMETHODIMP
> +nsContentSecurityManager::AsyncOnChannelRedirect(nsIChannel* aOldChannel, 

nit: trailing whitespace

@@ +412,5 @@
> +  if (NS_SUCCEEDED(rv) && newOriginalURI != newURI) {
> +      rv = nsContentUtils::GetSecurityManager()->
> +        CheckLoadURIWithPrincipal(oldPrincipal, newOriginalURI, flags);
> +  }
> +  NS_ENSURE_SUCCESS(rv, rv);  

nit: trailing whitespace.

Comment 7

[Christoph Kerschbaumer [:ckerschb]]

Comment on attachment 8690657 [details] [diff] [review]
Part 3: Move logic of when to initiate CORS preflight into channels. Allow CORS preflight to happen when doing a same-origin to cross-origin redirect

Review of attachment 8690657 [details] [diff] [review]:
-----------------------------------------------------------------

::: netwerk/protocol/http/nsCORSListenerProxy.cpp
@@ +953,5 @@
> +  nsTArray<nsCString> headers;
> +  nsAutoCString contentTypeHeader;
> +  nsresult rv = http->GetRequestHeader(NS_LITERAL_CSTRING("Content-Type"),
> +                                       contentTypeHeader);
> +  // Why the NS_SUCCEEDED check here?

I think you can remove that comment :-) Would it make more sense to check whether the contentTypeHeader is non empty? Up to you.

::: netwerk/protocol/http/nsIHttpChannelInternal.idl
@@ +275,5 @@
>      /**
>       * Make cross-origin CORS loads happen with a CORS preflight, and specify
>       * the CORS preflight parameters.
>       */
> +    [noscript, notxpcom, nostdcall]

do you have to touch the uuid in such a case? If not, then don't forget to add the magic word to the commit message.

Comment 8

[Ben Kelly [:bkelly, not reviewing]]

Comment on attachment 8690658 [details] [diff] [review]
Part 4: Make AsyncOpen2 set taining information on channels. Use this information in XHR and fetch()

Review of attachment 8690658 [details] [diff] [review]:
-----------------------------------------------------------------

r=me with comments addressed.

::: dom/base/nsXMLHttpRequest.cpp
@@ +1076,5 @@
> +    return false;
> +  }
> +
> +  nsCOMPtr<nsILoadInfo> loadInfo = mChannel->GetLoadInfo();
> +  MOZ_ASSERT(loadInfo);

nit: nsCOMPtr<nsILoadInfo> already asserts for !nullptr.

@@ +1078,5 @@
> +
> +  nsCOMPtr<nsILoadInfo> loadInfo = mChannel->GetLoadInfo();
> +  MOZ_ASSERT(loadInfo);
> +
> +  return loadInfo->GetTainting() == LoadTainting::CORS;

Would it be safer to do != LoadTainting::Basic?  Or at least assert we either have Basic or CORS here.

@@ +3495,5 @@
>  
>      // If authentication fails, XMLHttpRequest origin and
>      // the request URL are same origin, ...
>      /* Disabled - bug: 799540
> +    if (IsCrossSiteCORSRequest()) {

This code is commented out.  Do we still need it?

::: dom/fetch/FetchDriver.cpp
@@ +98,5 @@
>    return rv;
>  }
>  
> +static void
> +AddLoadFlags(nsIRequest *aRequest, nsLoadFlags aNewFlags)

nit: anonymous namespace function instead of static.

@@ +101,5 @@
> +static void
> +AddLoadFlags(nsIRequest *aRequest, nsLoadFlags aNewFlags)
> +{
> +  nsLoadFlags flags;
> +  aRequest->GetLoadFlags(&flags);

MOZ_ASSERT(aRequest)

@@ +621,5 @@
>    // FetchEvent.respondWith() just passes the already-tainted Response back to
>    // the outer fetch().  In gecko, however, we serialize the Response through
>    // the channel and must regenerate the tainting from the channel in the
>    // interception case.
> +  mRequest->MaybeIncreaseResponseTainting(loadInfo->GetTainting());

We are guaranteed a loadInfo here?  It seems some channels don't have it.

::: dom/fetch/FetchDriver.h
@@ -96,3 @@
>    nsresult ContinueFetch();
>    nsresult HttpFetch();
> -  bool IsUnsafeRequest();

The declaration for IsUnsafeRequest() is removed, but I don't see the definition in FetchDriver.cpp removed in this patch.  Was that put in another patch or something?

Comment 9

[Jonas Sicking (:sicking) No longer reading bugmail consistently]

> > +  nsCOMPtr<nsILoadInfo> loadInfo = mChannel->GetLoadInfo();
> > +  MOZ_ASSERT(loadInfo);
> 
> nit: nsCOMPtr<nsILoadInfo> already asserts for !nullptr.

nsCOMPtr does not assert if you assign null to it. That's a perfectly valid thing to do.

> @@ +1078,5 @@
> > +
> > +  nsCOMPtr<nsILoadInfo> loadInfo = mChannel->GetLoadInfo();
> > +  MOZ_ASSERT(loadInfo);
> > +
> > +  return loadInfo->GetTainting() == LoadTainting::CORS;
> 
> Would it be safer to do != LoadTainting::Basic?  Or at least assert we
> either have Basic or CORS here.

Good catch! I think that the code that deals with resetting the document and turning off cookie access should be done anytime the tainting != LoadTainting::Basic.

But for other code we actually explicitly want to check for CORS tainting. It deal with things like hiding headers and status codes, and preventing progress events.

For systemXHR we actually end up with opaque tainting, but we still don't want to do the header filtering.

So keeping the IsCrossSiteCORS function as loadInfo->GetTainting() == LoadTainting::CORS, but changing the document-handling code to do a != LoadTainting::Basic check instead.

> @@ +3495,5 @@
> >  
> >      // If authentication fails, XMLHttpRequest origin and
> >      // the request URL are same origin, ...
> >      /* Disabled - bug: 799540
> > +    if (IsCrossSiteCORSRequest()) {
> 
> This code is commented out.  Do we still need it?

Sadly I don't know what this code does. So not removing for now.

> ::: dom/fetch/FetchDriver.cpp
> @@ +98,5 @@
> >    return rv;
> >  }
> >  
> > +static void
> > +AddLoadFlags(nsIRequest *aRequest, nsLoadFlags aNewFlags)
> 
> nit: anonymous namespace function instead of static.

Why? Seems like more typing for no benefit?

> @@ +621,5 @@
> >    // FetchEvent.respondWith() just passes the already-tainted Response back to
> >    // the outer fetch().  In gecko, however, we serialize the Response through
> >    // the channel and must regenerate the tainting from the channel in the
> >    // interception case.
> > +  mRequest->MaybeIncreaseResponseTainting(loadInfo->GetTainting());
> 
> We are guaranteed a loadInfo here?  It seems some channels don't have it.

Since we created the channel with a loadinfo, it will have it. Only channels that were created without providing a loadingPrincipal/triggeringprincipal/loadingnode/etc will lack a loadinfo.

I.e. whether loadinfo exist isn't a function of the channel-type, but a function what the code that created the channel did.

> ::: dom/fetch/FetchDriver.h
> @@ -96,3 @@
> >    nsresult ContinueFetch();
> >    nsresult HttpFetch();
> > -  bool IsUnsafeRequest();
> 
> The declaration for IsUnsafeRequest() is removed, but I don't see the
> definition in FetchDriver.cpp removed in this patch.  Was that put in
> another patch or something?

Indeed, this function was removed in part 3. I'll move the .h update as well.

Comment 10

[Pulsebot]

https://hg.mozilla.org/integration/mozilla-inbound/rev/9ae2af3cf86d
https://hg.mozilla.org/integration/mozilla-inbound/rev/26318a5e3006
https://hg.mozilla.org/integration/mozilla-inbound/rev/4dbf06183e6c
https://hg.mozilla.org/integration/mozilla-inbound/rev/a7f1a289dd78

Comment 11

[Sebastian Hengst [:aryx] (needinfo me if it's about an intermittent or backout)]

Backed out together with bug 1216687 in https://hg.mozilla.org/integration/mozilla-inbound/rev/e648ed99a3a2 for M(1,2,5) failures on all platforms:

Backout job: https://treeherder.mozilla.org/#/jobs?repo=mozilla-inbound&revision=e648ed99a3a2
Failing job: https://treeherder.mozilla.org/#/jobs?repo=mozilla-inbound&revision=09d64535bcda

Failure example: https://treeherder.mozilla.org/logviewer.html#?job_id=18328115&repo=mozilla-inbound

04:32:02     INFO -  463 INFO TEST-START | dom/base/test/test_XHRDocURI.html
04:32:03     INFO -  TEST-INFO | started process screentopng
04:32:06     INFO -  TEST-INFO | screentopng: exit 0
04:32:06     INFO -  <snipped 1 output lines - if you need more context, please use SimpleTest.requestCompleteLog() in your test>
04:32:06     INFO -  464 INFO TEST-PASS | dom/base/test/test_XHRDocURI.html | wrong url
04:32:06     INFO -  465 INFO TEST-PASS | dom/base/test/test_XHRDocURI.html | wrong base
04:32:06     INFO -  466 INFO TEST-PASS | dom/base/test/test_XHRDocURI.html | wrong base (xml:base)
04:32:06     INFO -  467 INFO TEST-PASS | dom/base/test/test_XHRDocURI.html | wrong url
04:32:06     INFO -  468 INFO TEST-PASS | dom/base/test/test_XHRDocURI.html | wrong base
04:32:06     INFO -  469 INFO TEST-PASS | dom/base/test/test_XHRDocURI.html | wrong base (after <base> changed)
04:32:06     INFO -  470 INFO TEST-PASS | dom/base/test/test_XHRDocURI.html | should not have document
04:32:06     INFO -  471 INFO TEST-PASS | dom/base/test/test_XHRDocURI.html | should not have document
04:32:06     INFO -  472 INFO TEST-PASS | dom/base/test/test_XHRDocURI.html | should not have document
04:32:06     INFO -  473 INFO TEST-PASS | dom/base/test/test_XHRDocURI.html | wrong url
04:32:06     INFO -  474 INFO TEST-PASS | dom/base/test/test_XHRDocURI.html | wrong base
04:32:06     INFO -  475 INFO TEST-PASS | dom/base/test/test_XHRDocURI.html | wrong base (xml:base)
04:32:06     INFO -  476 INFO TEST-PASS | dom/base/test/test_XHRDocURI.html | wrong url
04:32:06     INFO -  477 INFO TEST-PASS | dom/base/test/test_XHRDocURI.html | wrong base
04:32:06     INFO -  478 INFO TEST-PASS | dom/base/test/test_XHRDocURI.html | wrong base (after <base> changed)
04:32:06     INFO -  479 INFO TEST-PASS | dom/base/test/test_XHRDocURI.html | wrong url
04:32:06     INFO -  480 INFO TEST-PASS | dom/base/test/test_XHRDocURI.html | wrong base
04:32:06     INFO -  481 INFO TEST-PASS | dom/base/test/test_XHRDocURI.html | wrong base (xml:base)
04:32:06     INFO -  482 INFO TEST-PASS | dom/base/test/test_XHRDocURI.html | wrong url
04:32:06     INFO -  483 INFO TEST-PASS | dom/base/test/test_XHRDocURI.html | wrong base
04:32:06     INFO -  484 INFO TEST-PASS | dom/base/test/test_XHRDocURI.html | wrong base (after <base> changed)
04:32:06     INFO -  485 INFO TEST-PASS | dom/base/test/test_XHRDocURI.html | should not have document
04:32:06     INFO -  486 INFO TEST-PASS | dom/base/test/test_XHRDocURI.html | should not have document
04:32:06     INFO -  487 INFO TEST-PASS | dom/base/test/test_XHRDocURI.html | should not have document
04:32:06     INFO -  488 INFO TEST-PASS | dom/base/test/test_XHRDocURI.html | wrong url
04:32:06     INFO -  489 INFO TEST-PASS | dom/base/test/test_XHRDocURI.html | wrong url (.documentObjectURI)
04:32:06     INFO -  490 INFO TEST-PASS | dom/base/test/test_XHRDocURI.html | wrong base
04:32:06     INFO -  491 INFO TEST-PASS | dom/base/test/test_XHRDocURI.html | wrong base (.baseURIObject)
04:32:06     INFO -  492 INFO TEST-PASS | dom/base/test/test_XHRDocURI.html | wrong base (xml:base)
04:32:06     INFO -  493 INFO TEST-PASS | dom/base/test/test_XHRDocURI.html | wrong base (.baseURIObject, xml:base)
04:32:06     INFO -  494 INFO TEST-PASS | dom/base/test/test_XHRDocURI.html | wrong url (clone)
04:32:06     INFO -  495 INFO TEST-PASS | dom/base/test/test_XHRDocURI.html | wrong base (clone)
04:32:06     INFO -  496 INFO TEST-PASS | dom/base/test/test_XHRDocURI.html | wrong url
04:32:06     INFO -  497 INFO TEST-PASS | dom/base/test/test_XHRDocURI.html | wrong url (.documentURIObject)
04:32:06     INFO -  498 INFO TEST-PASS | dom/base/test/test_XHRDocURI.html | wrong base
04:32:06     INFO -  499 INFO TEST-PASS | dom/base/test/test_XHRDocURI.html | wrong url (.baseURIObject)
04:32:06     INFO -  500 INFO TEST-PASS | dom/base/test/test_XHRDocURI.html | wrong base (doc base and xml:base are same)
04:32:06     INFO -  501 INFO TEST-PASS | dom/base/test/test_XHRDocURI.html | wrong base (.baseURIObject, doc base and xml:base are same)
04:32:06     INFO -  502 INFO TEST-PASS | dom/base/test/test_XHRDocURI.html | wrong attr base (doc base and xml:base are same)
04:32:06     INFO -  503 INFO TEST-PASS | dom/base/test/test_XHRDocURI.html | wrong attr base (.baseURIObject, doc base and xml:base are same)
04:32:06     INFO -  504 INFO TEST-PASS | dom/base/test/test_XHRDocURI.html | wrong base (after <base> changed)
04:32:06     INFO -  505 INFO TEST-PASS | dom/base/test/test_XHRDocURI.html | wrong base (.baseURIObject, after <base> changed)
04:32:06     INFO -  506 INFO TEST-PASS | dom/base/test/test_XHRDocURI.html | wrong url (clone)
04:32:06     INFO -  507 INFO TEST-PASS | dom/base/test/test_XHRDocURI.html | wrong base (clone)
04:32:06     INFO -  508 INFO TEST-PASS | dom/base/test/test_XHRDocURI.html | wrong url
04:32:06     INFO -  509 INFO TEST-PASS | dom/base/test/test_XHRDocURI.html | wrong url (.documentObjectURI)
04:32:06     INFO -  510 INFO TEST-PASS | dom/base/test/test_XHRDocURI.html | wrong base
04:32:06     INFO -  511 INFO TEST-PASS | dom/base/test/test_XHRDocURI.html | wrong base (.baseURIObject)
04:32:06     INFO -  512 INFO TEST-PASS | dom/base/test/test_XHRDocURI.html | wrong base (xml:base)
04:32:06     INFO -  513 INFO TEST-PASS | dom/base/test/test_XHRDocURI.html | wrong base (.baseURIObject, xml:base)
04:32:06     INFO -  514 INFO TEST-PASS | dom/base/test/test_XHRDocURI.html | wrong url (clone)
04:32:06     INFO -  515 INFO TEST-PASS | dom/base/test/test_XHRDocURI.html | wrong base (clone)
04:32:06     INFO -  516 INFO TEST-PASS | dom/base/test/test_XHRDocURI.html | wrong url
04:32:06     INFO -  517 INFO TEST-PASS | dom/base/test/test_XHRDocURI.html | wrong url (.documentURIObject)
04:32:06     INFO -  518 INFO TEST-PASS | dom/base/test/test_XHRDocURI.html | wrong base
04:32:06     INFO -  519 INFO TEST-PASS | dom/base/test/test_XHRDocURI.html | wrong url (.baseURIObject)
04:32:06     INFO -  520 INFO TEST-PASS | dom/base/test/test_XHRDocURI.html | wrong base (doc base and xml:base are same)
04:32:06     INFO -  521 INFO TEST-PASS | dom/base/test/test_XHRDocURI.html | wrong base (.baseURIObject, doc base and xml:base are same)
04:32:06     INFO -  522 INFO TEST-PASS | dom/base/test/test_XHRDocURI.html | wrong attr base (doc base and xml:base are same)
04:32:06     INFO -  523 INFO TEST-PASS | dom/base/test/test_XHRDocURI.html | wrong attr base (.baseURIObject, doc base and xml:base are same)
04:32:06     INFO -  524 INFO TEST-PASS | dom/base/test/test_XHRDocURI.html | wrong base (after <base> changed)
04:32:06     INFO -  525 INFO TEST-PASS | dom/base/test/test_XHRDocURI.html | wrong base (.baseURIObject, after <base> changed)
04:32:06     INFO -  526 INFO TEST-PASS | dom/base/test/test_XHRDocURI.html | wrong url (clone)
04:32:06     INFO -  527 INFO TEST-PASS | dom/base/test/test_XHRDocURI.html | wrong base (clone)
04:32:06     INFO -  528 INFO TEST-PASS | dom/base/test/test_XHRDocURI.html | wrong url
04:32:06     INFO -  529 INFO TEST-PASS | dom/base/test/test_XHRDocURI.html | wrong url (.documentObjectURI)
04:32:06     INFO -  530 INFO TEST-PASS | dom/base/test/test_XHRDocURI.html | wrong base
04:32:06     INFO -  531 INFO TEST-PASS | dom/base/test/test_XHRDocURI.html | wrong base (.baseURIObject)
04:32:06     INFO -  532 INFO TEST-PASS | dom/base/test/test_XHRDocURI.html | wrong base (xml:base)
04:32:06     INFO -  533 INFO TEST-PASS | dom/base/test/test_XHRDocURI.html | wrong base (.baseURIObject, xml:base)
04:32:06     INFO -  534 INFO TEST-PASS | dom/base/test/test_XHRDocURI.html | wrong url (clone)
04:32:06     INFO -  535 INFO TEST-PASS | dom/base/test/test_XHRDocURI.html | wrong base (clone)
04:32:06     INFO -  536 INFO TEST-PASS | dom/base/test/test_XHRDocURI.html | wrong url
04:32:06     INFO -  537 INFO TEST-PASS | dom/base/test/test_XHRDocURI.html | wrong url (.documentURIObject)
04:32:06     INFO -  538 INFO TEST-PASS | dom/base/test/test_XHRDocURI.html | wrong base
04:32:06     INFO -  539 INFO TEST-PASS | dom/base/test/test_XHRDocURI.html | wrong url (.baseURIObject)
04:32:06     INFO -  540 INFO TEST-PASS | dom/base/test/test_XHRDocURI.html | wrong base (doc base and xml:base are same)
04:32:06     INFO -  541 INFO TEST-PASS | dom/base/test/test_XHRDocURI.html | wrong base (.baseURIObject, doc base and xml:base are same)
04:32:06     INFO -  542 INFO TEST-PASS | dom/base/test/test_XHRDocURI.html | wrong attr base (doc base and xml:base are same)
04:32:06     INFO -  543 INFO TEST-PASS | dom/base/test/test_XHRDocURI.html | wrong attr base (.baseURIObject, doc base and xml:base are same)
04:32:06     INFO -  544 INFO TEST-PASS | dom/base/test/test_XHRDocURI.html | wrong base (after <base> changed)
04:32:06     INFO -  545 INFO TEST-PASS | dom/base/test/test_XHRDocURI.html | wrong base (.baseURIObject, after <base> changed)
04:32:06     INFO -  546 INFO TEST-PASS | dom/base/test/test_XHRDocURI.html | wrong url (clone)
04:32:06     INFO -  547 INFO TEST-PASS | dom/base/test/test_XHRDocURI.html | wrong base (clone)
04:32:06     INFO -  548 INFO TEST-PASS | dom/base/test/test_XHRDocURI.html | wrong url
04:32:06     INFO -  549 INFO TEST-PASS | dom/base/test/test_XHRDocURI.html | wrong url (.documentObjectURI)
04:32:06     INFO -  550 INFO TEST-PASS | dom/base/test/test_XHRDocURI.html | wrong base
04:32:06     INFO -  551 INFO TEST-PASS | dom/base/test/test_XHRDocURI.html | wrong base (.baseURIObject)
04:32:06     INFO -  552 INFO TEST-PASS | dom/base/test/test_XHRDocURI.html | wrong base (xml:base)
04:32:06     INFO -  553 INFO TEST-PASS | dom/base/test/test_XHRDocURI.html | wrong base (.baseURIObject, xml:base)
04:32:06     INFO -  554 INFO TEST-PASS | dom/base/test/test_XHRDocURI.html | wrong url
04:32:06     INFO -  555 INFO TEST-PASS | dom/base/test/test_XHRDocURI.html | wrong url (.documentURIObject)
04:32:06     INFO -  556 INFO TEST-PASS | dom/base/test/test_XHRDocURI.html | wrong base
04:32:06     INFO -  557 INFO TEST-PASS | dom/base/test/test_XHRDocURI.html | wrong url (.baseURIObject)
04:32:06     INFO -  558 INFO TEST-PASS | dom/base/test/test_XHRDocURI.html | wrong base (doc base and xml:base are same)
04:32:06     INFO -  559 INFO TEST-PASS | dom/base/test/test_XHRDocURI.html | wrong base (.baseURIObject, doc base and xml:base are same)
04:32:06     INFO -  560 INFO TEST-PASS | dom/base/test/test_XHRDocURI.html | wrong attr base (doc base and xml:base are same)
04:32:06     INFO -  561 INFO TEST-PASS | dom/base/test/test_XHRDocURI.html | wrong attr base (.baseURIObject, doc base and xml:base are same)
04:32:06     INFO -  562 INFO TEST-PASS | dom/base/test/test_XHRDocURI.html | wrong base (after <base> changed)
04:32:06     INFO -  563 INFO TEST-PASS | dom/base/test/test_XHRDocURI.html | wrong base (.baseURIObject, after <base> changed)
04:32:06     INFO -  564 INFO TEST-UNEXPECTED-FAIL | dom/base/test/test_XHRDocURI.html | wrong url - got "http://mochi.test:8888/tests/dom/base/test/test_XHRDocURI.html", expected "http://example.com/tests/dom/base/test/file_XHRDocURI.xml"
04:32:06     INFO -      SimpleTest.is@SimpleTest/SimpleTest.js:267:5
04:32:06     INFO -      testChromeXMLDocURI@dom/base/test/test_XHRDocURI.html:46:3
04:32:06     INFO -      runTest/xhr.onreadystatechange@dom/base/test/test_XHRDocURI.html:428:5
04:32:06     INFO -      EventHandlerNonNull*runTest@dom/base/test/test_XHRDocURI.html:418:3
04:32:06     INFO -      runTest/xhr.onreadystatechange@dom/base/test/test_XHRDocURI.html:410:7
04:32:06     INFO -      EventHandlerNonNull*runTest@dom/base/test/test_XHRDocURI.html:399:3
04:32:06     INFO -      runTest/xhr.onreadystatechange@dom/base/test/test_XHRDocURI.html:390:7
04:32:06     INFO -      EventHandlerNonNull*runTest@dom/base/test/test_XHRDocURI.html:378:3
04:32:06     INFO -      runTest/xhr.onreadystatechange@dom/base/test/test_XHRDocURI.html:367:7
04:32:06     INFO -      EventHandlerNonNull*runTest@dom/base/test/test_XHRDocURI.html:355:3
04:32:06     INFO -      runTest/xhr.onreadystatechange@dom/base/test/test_XHRDocURI.html:346:7
04:32:06     INFO -      EventHandlerNonNull*runTest@dom/base/test/test_XHRDocURI.html:333:3
04:32:06     INFO -      runTest/xhr.onreadystatechange@dom/base/test/test_XHRDocURI.html:325:7
04:32:06     INFO -      EventHandlerNonNull*runTest@dom/base/test/test_XHRDocURI.html:313:3
04:32:06     INFO -      runTest/xhr.onreadystatechange@dom/base/test/test_XHRDocURI.html:304:7
04:32:06     INFO -      EventHandlerNonNull*runTest@dom/base/test/test_XHRDocURI.html:291:3
04:32:06     INFO -      runTest/xhr.onreadystatechange@dom/base/test/test_XHRDocURI.html:283:7
04:32:06     INFO -      EventHandlerNonNull*runTest@dom/base/test/test_XHRDocURI.html:271:3
04:32:06     INFO -      runTest/xhr.onreadystatechange@dom/base/test/test_XHRDocURI.html:262:7
04:32:06     INFO -      EventHandlerNonNull*runTest@dom/base/test/test_XHRDocURI.html:249:3
04:32:06     INFO -      runTest/xhr.onreadystatechange@dom/base/test/test_XHRDocURI.html:238:7
04:32:06     INFO -      EventHandlerNonNull*runTest@dom/base/test/test_XHRDocURI.html:235:3
04:32:06     INFO -      runTest/xhr.onreadystatechange@dom/base/test/test_XHRDocURI.html:227:7
04:32:06     INFO -      EventHandlerNonNull*runTest@dom/base/test/test_XHRDocURI.html:217:3
04:32:06     INFO -      runTest/xhr.onreadystatechange@dom/base/test/test_XHRDocURI.html:208:7
04:32:06     INFO -      EventHandlerNonNull*runTest@dom/base/test/test_XHRDocURI.html:197:3
04:32:06     INFO -      runTest/xhr.onreadystatechange@dom/base/test/test_XHRDocURI.html:189:7
04:32:06     INFO -      EventHandlerNonNull*runTest@dom/base/test/test_XHRDocURI.html:179:3
04:32:06     INFO -      runTest/xhr.onreadystatechange@dom/base/test/test_XHRDocURI.html:170:7
04:32:06     INFO -      EventHandlerNonNull*runTest@dom/base/test/test_XHRDocURI.html:159:3
04:32:06     INFO -      runTest/xhr.onreadystatechange@dom/base/test/test_XHRDocURI.html:151:7
04:32:06     INFO -      EventHandlerNonNull*runTest@dom/base/test/test_XHRDocURI.html:148:3
04:32:06     INFO -      runTest/xhr.onreadystatechange@dom/base/test/test_XHRDocURI.html:140:7
04:32:06     INFO -      EventHandlerNonNull*runTest@dom/base/test/test_XHRDocURI.html:130:3
04:32:06     INFO -      runTest/xhr.onreadystatechange@dom/base/test/test_XHRDocURI.html:121:7
04:32:06     INFO -      EventHandlerNonNull*runTest@dom/base/test/test_XHRDocURI.html:110:3
04:32:06     INFO -      startTest/<@dom/base/test/test_XHRDocURI.html:34:5

Comment 12

[Ben Kelly [:bkelly, not reviewing]]

The nsCOMPtr asserts not-null on dereference.  That happens immediately after you assign to it afaict.  It's a bit though.

Comment 13

[Pulsebot]

https://hg.mozilla.org/integration/mozilla-inbound/rev/e772b5154e0c
https://hg.mozilla.org/integration/mozilla-inbound/rev/dd7c08e6c572
https://hg.mozilla.org/integration/mozilla-inbound/rev/64f42cace9f3
https://hg.mozilla.org/integration/mozilla-inbound/rev/989bbde310f5

Comment 14

[Pulsebot]

https://hg.mozilla.org/integration/mozilla-inbound/rev/9bcd5408bd60

Comment 15

[Carsten Book [:Tomcat]]

https://hg.mozilla.org/mozilla-central/rev/e772b5154e0c
https://hg.mozilla.org/mozilla-central/rev/dd7c08e6c572
https://hg.mozilla.org/mozilla-central/rev/64f42cace9f3
https://hg.mozilla.org/mozilla-central/rev/989bbde310f5
https://hg.mozilla.org/mozilla-central/rev/9bcd5408bd60