Closed
Bug 1233780
Opened 9 years ago
Closed 9 years ago
[e10s] security csp command: unsafe CPOW usage forbidden
Categories
(DevTools Graveyard :: Graphic Commandline and Toolbar, defect)
Tracking
(e10s+, firefox46 unaffected, firefox47+ fixed, firefox48 fixed)
RESOLVED
FIXED
Firefox 48
Tracking | Status | |
---|---|---|
e10s | + | --- |
firefox46 | --- | unaffected |
firefox47 | + | fixed |
firefox48 | --- | fixed |
People
(Reporter: kjozwiak, Assigned: jryans)
References
()
Details
Attachments
(1 file)
58 bytes,
text/x-review-board-request
|
jwalker
:
review+
ritu
:
approval-mozilla-aurora+
|
Details |
When attempting to use "security csp" via the Developer Toolbar, sometimes I get the error pasted below. This doesn't happen all the time and not 100% reproducable, but I'm getting this pretty often with my current installation of fx.
Front.prototype.send threw an exception: TypeError: this.conn._transport is null
Stack: Front<.send/<@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/server/protocol.js:1162:9
Handler.prototype.process@resource://gre/modules/Promise.jsm -> resource://gre/modules/Promise-backend.js:933:23
this.PromiseWalker.walkerLoop@resource://gre/modules/Promise.jsm -> resource://gre/modules/Promise-backend.js:812:7
Promise*this.PromiseWalker.scheduleWalkerLoop@resource://gre/modules/Promise.jsm -> resource://gre/modules/Promise-backend.js:743:11
this.PromiseWalker.schedulePromise@resource://gre/modules/Promise.jsm -> resource://gre/modules/Promise-backend.js:775:7
Promise.prototype.then@resource://gre/modules/Promise.jsm -> resource://gre/modules/Promise-backend.js:450:5
Front<.send@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/server/protocol.js:1160:7
Front<.request@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/server/protocol.js:1180:5
frontProto/</proto[name]@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/server/protocol.js:1338:14
addLocalFunctions/</commandSpec.exec@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/shared/gcli/source/lib/gcli/system.js:347:16
Requisition.prototype.exec/<@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/shared/gcli/source/lib/gcli/cli.js:2083:16
createAsyncFunction/asyncFunction@resource://gre/modules/Task.jsm:239:18
Task_spawn@resource://gre/modules/Task.jsm:164:12
exports.exec@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/shared/gcli/source/lib/gcli/util/host.js:71:10
Requisition.prototype.exec@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/shared/gcli/source/lib/gcli/cli.js:2082:14
Inputter.prototype._handleReturn@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/shared/gcli/source/lib/gcli/mozui/inputter.js:560:12
Inputter.prototype.handleKeyUp@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/shared/gcli/source/lib/gcli/mozui/inputter.js:459:1
Inputter.prototype.onKeyUp@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/shared/gcli/source/lib/gcli/mozui/inputter.js:431:3
EventListener.handleEvent*Inputter@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/shared/gcli/source/lib/gcli/mozui/inputter.js:54:3
DeveloperToolbar.prototype.show/this._showPromise</</</<@resource://devtools/client/shared/DeveloperToolbar.jsm:427:27
promise callback*DeveloperToolbar.prototype.show/this._showPromise</</<@resource://devtools/client/shared/DeveloperToolbar.jsm:417:16
promise callback*DeveloperToolbar.prototype.show/this._showPromise</<@resource://devtools/client/shared/DeveloperToolbar.jsm:414:14
Handler.prototype.process@resource://gre/modules/Promise.jsm -> resource://gre/modules/Promise-backend.js:933:23
Promise*this.PromiseWalker.scheduleWalkerLoop@resource://gre/modules/Promise.jsm -> resource://gre/modules/Promise-backend.js:743:11
this.PromiseWalker.schedulePromise@resource://gre/modules/Promise.jsm -> resource://gre/modules/Promise-backend.js:775:7
this.PromiseWalker.completePromise@resource://gre/modules/Promise.jsm -> resource://gre/modules/Promise-backend.js:710:7
OutputPanel.prototype._init/onload@resource://devtools/client/shared/DeveloperToolbar.jsm:887:5
EventListener.handleEvent*OutputPanel.prototype._init@resource://devtools/client/shared/DeveloperToolbar.jsm:889:3
OutputPanel.create@resource://devtools/client/shared/DeveloperToolbar.jsm:814:10
DeveloperToolbar.prototype.show/this._showPromise<@resource://devtools/client/shared/DeveloperToolbar.jsm:402:7
Handler.prototype.process@resource://gre/modules/Promise.jsm -> resource://gre/modules/Promise-backend.js:933:23
Promise*this.PromiseWalker.scheduleWalkerLoop@resource://gre/modules/Promise.jsm -> resource://gre/modules/Promise-backend.js:743:11
this.PromiseWalker.schedulePromise@resource://gre/modules/Promise.jsm -> resource://gre/modules/Promise-backend.js:775:7
Promise.prototype.then@resource://gre/modules/Promise.jsm -> resource://gre/modules/Promise-backend.js:450:5
DeveloperToolbar.prototype.show@resource://devtools/client/shared/DeveloperToolbar.jsm:389:23
DeveloperToolbar.prototype.toggle@resource://devtools/client/shared/DeveloperToolbar.jsm:332:12
oncommand@chrome://browser/content/browser.xul:1:1
Line: 1162, column: 9
STR:
- open the latest m-c (I used BuildID: 20151215030221 Changeset: ae37fdb042c0)
- visited kamiljozwiak.io (or any website with CSP enabled)
- opened the Developer Toolbar via "Hamburger Menu -> Developer"
- typed in "sec" and tabbed to autocomplete "security csp"
- once "security csp" was auto-completed, hit "Enter"
Assignee | ||
Comment 1•9 years ago
|
||
Now that CPOWs are blocked in the browser, I get a slightly different stack:
Full Message: Error: unsafe CPOW usage forbidden
Full Stack: get_contentDocumentAsCPOW@chrome://global/content/bindings/remote-browser.xml:164:1
get_contentDocumentAsCPOW@chrome://browser/content/tabbrowser.xml:3946:1
CommandUtils.createEnvironment/<.document@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/client/shared/developer-toolbar.js:198:9
exports.items<.exec@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/shared/gcli/commands/security.js:143:11
getChainConverter/<.exec@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/shared/gcli/source/lib/gcli/converters/converters.js:138:26
Converters.prototype.convert/<@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/shared/gcli/source/lib/gcli/converters/converters.js:261:14
createAsyncFunction/asyncFunction@resource://gre/modules/Task.jsm:243:18
Task_spawn@resource://gre/modules/Task.jsm:168:12
exports.exec@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/shared/gcli/source/lib/gcli/util/host.js:71:10
Converters.prototype.convert@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/shared/gcli/source/lib/gcli/converters/converters.js:260:12
Output.prototype.convert@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/shared/gcli/source/lib/gcli/cli.js:2183:10
OutputPanel.prototype._update@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/client/shared/developer-toolbar.js:1004:5
promise callback*OutputPanel.prototype._outputChanged@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/client/shared/developer-toolbar.js:982:5
exports.createEvent/event@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/shared/gcli/source/lib/gcli/util/util.js:106:7
Requisition.prototype.exec@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/shared/gcli/source/lib/gcli/cli.js:2041:3
Inputter.prototype._handleReturn@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/shared/gcli/source/lib/gcli/mozui/inputter.js:560:12
Inputter.prototype.handleKeyUp@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/shared/gcli/source/lib/gcli/mozui/inputter.js:459:12
Inputter.prototype.onKeyUp@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/shared/gcli/source/lib/gcli/mozui/inputter.js:431:3
EventListener.handleEvent*Inputter@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/shared/gcli/source/lib/gcli/mozui/inputter.js:54:3
promise callback*DeveloperToolbar.prototype.show/this._showPromise</</<@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/client/shared/developer-toolbar.js:386:16
promise callback*DeveloperToolbar.prototype.show/this._showPromise</<@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/client/shared/developer-toolbar.js:383:14
Handler.prototype.process@resource://gre/modules/Promise.jsm -> resource://gre/modules/Promise-backend.js:937:23
Promise*this.PromiseWalker.scheduleWalkerLoop@resource://gre/modules/Promise.jsm -> resource://gre/modules/Promise-backend.js:747:11
this.PromiseWalker.schedulePromise@resource://gre/modules/Promise.jsm -> resource://gre/modules/Promise-backend.js:779:7
this.PromiseWalker.completePromise@resource://gre/modules/Promise.jsm -> resource://gre/modules/Promise-backend.js:714:7
OutputPanel.prototype._init/onload@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/client/shared/developer-toolbar.js:856:5
EventListener.handleEvent*OutputPanel.prototype._init@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/client/shared/developer-toolbar.js:858:3
OutputPanel.create@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/client/shared/developer-toolbar.js:783:10
DeveloperToolbar.prototype.show/this._showPromise<@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/client/shared/developer-toolbar.js:371:7
Handler.prototype.process@resource://gre/modules/Promise.jsm -> resource://gre/modules/Promise-backend.js:937:23
Promise*this.PromiseWalker.scheduleWalkerLoop@resource://gre/modules/Promise.jsm -> resource://gre/modules/Promise-backend.js:747:11
this.PromiseWalker.schedulePromise@resource://gre/modules/Promise.jsm -> resource://gre/modules/Promise-backend.js:779:7
Promise.prototype.then@resource://gre/modules/Promise.jsm -> resource://gre/modules/Promise-backend.js:454:5
DeveloperToolbar.prototype.show@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/client/shared/developer-toolbar.js:358:23
DeveloperToolbar.prototype.focusToggle@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/client/shared/developer-toolbar.js:335:5
oncommand@chrome://browser/content/browser.xul:1:1
Component: Developer Tools: WebIDE → Developer Tools: Graphic Commandline and Toolbar
Summary: Front.prototype.send threw an exception: TypeError: this.conn._transport is null → security csp command: unsafe CPOW usage forbidden
Assignee | ||
Comment 2•9 years ago
|
||
[Tracking Requested - why for this release]:
Fails in 47 due to CPOW blocking.
This command may also need run at server-parent from bug 1221488.
tracking-firefox47:
--- → ?
Depends on: 1221488
Summary: security csp command: unsafe CPOW usage forbidden → [e10s] security csp command: unsafe CPOW usage forbidden
Updated•9 years ago
|
Blocks: dte10s
tracking-e10s:
--- → +
[Tracking Requested - why for this release]: Nomi'ng for 46 tracking as well.
Assignee | ||
Comment 5•9 years ago
|
||
This should only occur in 47 and later due to bug 1233497.
status-firefox48:
--- → affected
tracking-firefox46:
+ → ---
Assignee | ||
Comment 6•9 years ago
|
||
Okay, I've realized there are still two separate issues here. I have fixed the "unsafe CPOW" one, but it's still possible to reproduce the "TypeError: this.conn._transport is null" one that :kjozwiak originally reported here.
Bug 1196189 tracks a very similar report as the original "TypeError: this.conn._transport is null" problem, so let's continue using this one for the "unsafe CPOW" issue only.
Sorry for the confusion.
Fixing unsafe CPOW does not need server-parent from bug 1221488.
Assignee | ||
Comment 7•9 years ago
|
||
Review commit: https://reviewboard.mozilla.org/r/42045/diff/#index_header
See other reviews: https://reviewboard.mozilla.org/r/42045/
Attachment #8733952 -
Flags: review?(jwalker)
Assignee | ||
Comment 8•9 years ago
|
||
Updated•9 years ago
|
Attachment #8733952 -
Flags: review?(jwalker) → review+
Comment 9•9 years ago
|
||
Comment on attachment 8733952 [details]
MozReview Request: Bug 1233780 - Avoid CPOWs in GCLI security csp. r=jwalker
https://reviewboard.mozilla.org/r/42045/#review38807
Thanks for getting to this
Comment 11•9 years ago
|
||
bugherder |
Status: ASSIGNED → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
Target Milestone: --- → Firefox 48
Assignee | ||
Comment 12•9 years ago
|
||
Comment on attachment 8733952 [details]
MozReview Request: Bug 1233780 - Avoid CPOWs in GCLI security csp. r=jwalker
Approval Request Comment
[Feature/regressing bug #]: Issue triggered by bug 1233497 which throws when browser code uses CPOWs.
[User impact if declined]: If declined, the some Developer Toolbar commands will be broken.
[Describe test coverage new/current, TreeHerder]: Manual testing, landed on m-c
[Risks and why]: Low risk, only affects Developer Toolbar commands in DevTools
[String/UUID change made/needed]: None
Attachment #8733952 -
Flags: approval-mozilla-aurora?
Comment on attachment 8733952 [details]
MozReview Request: Bug 1233780 - Avoid CPOWs in GCLI security csp. r=jwalker
recent regression, e10s specific, Aurora47+
Attachment #8733952 -
Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
Comment 14•9 years ago
|
||
bugherder uplift |
Updated•6 years ago
|
Product: Firefox → DevTools
Updated•6 years ago
|
Product: DevTools → DevTools Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•