[e10s] security csp command: unsafe CPOW usage forbidden

RESOLVED FIXED in Firefox 47

Status

defect
RESOLVED FIXED
4 years ago
10 months ago

People

(Reporter: kjozwiak, Assigned: jryans)

Tracking

(Blocks 1 bug)

46 Branch
Firefox 48
x86
macOS
Dependency tree / graph

Firefox Tracking Flags

(e10s+, firefox46 unaffected, firefox47+ fixed, firefox48 fixed)

Details

()

Attachments

(1 attachment)

When attempting to use "security csp" via the Developer Toolbar, sometimes I get the error pasted below. This doesn't happen all the time and not 100% reproducable, but I'm getting this pretty often with my current installation of fx.

Front.prototype.send threw an exception: TypeError: this.conn._transport is null
Stack: Front<.send/<@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/server/protocol.js:1162:9
Handler.prototype.process@resource://gre/modules/Promise.jsm -> resource://gre/modules/Promise-backend.js:933:23
this.PromiseWalker.walkerLoop@resource://gre/modules/Promise.jsm -> resource://gre/modules/Promise-backend.js:812:7
Promise*this.PromiseWalker.scheduleWalkerLoop@resource://gre/modules/Promise.jsm -> resource://gre/modules/Promise-backend.js:743:11
this.PromiseWalker.schedulePromise@resource://gre/modules/Promise.jsm -> resource://gre/modules/Promise-backend.js:775:7
Promise.prototype.then@resource://gre/modules/Promise.jsm -> resource://gre/modules/Promise-backend.js:450:5
Front<.send@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/server/protocol.js:1160:7
Front<.request@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/server/protocol.js:1180:5
frontProto/</proto[name]@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/server/protocol.js:1338:14
addLocalFunctions/</commandSpec.exec@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/shared/gcli/source/lib/gcli/system.js:347:16
Requisition.prototype.exec/<@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/shared/gcli/source/lib/gcli/cli.js:2083:16
createAsyncFunction/asyncFunction@resource://gre/modules/Task.jsm:239:18
Task_spawn@resource://gre/modules/Task.jsm:164:12
exports.exec@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/shared/gcli/source/lib/gcli/util/host.js:71:10
Requisition.prototype.exec@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/shared/gcli/source/lib/gcli/cli.js:2082:14
Inputter.prototype._handleReturn@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/shared/gcli/source/lib/gcli/mozui/inputter.js:560:12
Inputter.prototype.handleKeyUp@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/shared/gcli/source/lib/gcli/mozui/inputter.js:459:1
Inputter.prototype.onKeyUp@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/shared/gcli/source/lib/gcli/mozui/inputter.js:431:3
EventListener.handleEvent*Inputter@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/shared/gcli/source/lib/gcli/mozui/inputter.js:54:3
DeveloperToolbar.prototype.show/this._showPromise</</</<@resource://devtools/client/shared/DeveloperToolbar.jsm:427:27
promise callback*DeveloperToolbar.prototype.show/this._showPromise</</<@resource://devtools/client/shared/DeveloperToolbar.jsm:417:16
promise callback*DeveloperToolbar.prototype.show/this._showPromise</<@resource://devtools/client/shared/DeveloperToolbar.jsm:414:14
Handler.prototype.process@resource://gre/modules/Promise.jsm -> resource://gre/modules/Promise-backend.js:933:23
Promise*this.PromiseWalker.scheduleWalkerLoop@resource://gre/modules/Promise.jsm -> resource://gre/modules/Promise-backend.js:743:11
this.PromiseWalker.schedulePromise@resource://gre/modules/Promise.jsm -> resource://gre/modules/Promise-backend.js:775:7
this.PromiseWalker.completePromise@resource://gre/modules/Promise.jsm -> resource://gre/modules/Promise-backend.js:710:7
OutputPanel.prototype._init/onload@resource://devtools/client/shared/DeveloperToolbar.jsm:887:5
EventListener.handleEvent*OutputPanel.prototype._init@resource://devtools/client/shared/DeveloperToolbar.jsm:889:3
OutputPanel.create@resource://devtools/client/shared/DeveloperToolbar.jsm:814:10
DeveloperToolbar.prototype.show/this._showPromise<@resource://devtools/client/shared/DeveloperToolbar.jsm:402:7
Handler.prototype.process@resource://gre/modules/Promise.jsm -> resource://gre/modules/Promise-backend.js:933:23
Promise*this.PromiseWalker.scheduleWalkerLoop@resource://gre/modules/Promise.jsm -> resource://gre/modules/Promise-backend.js:743:11
this.PromiseWalker.schedulePromise@resource://gre/modules/Promise.jsm -> resource://gre/modules/Promise-backend.js:775:7
Promise.prototype.then@resource://gre/modules/Promise.jsm -> resource://gre/modules/Promise-backend.js:450:5
DeveloperToolbar.prototype.show@resource://devtools/client/shared/DeveloperToolbar.jsm:389:23
DeveloperToolbar.prototype.toggle@resource://devtools/client/shared/DeveloperToolbar.jsm:332:12
oncommand@chrome://browser/content/browser.xul:1:1
Line: 1162, column: 9

STR:

- open the latest m-c (I used BuildID: 20151215030221 Changeset: ae37fdb042c0)
- visited kamiljozwiak.io (or any website with CSP enabled)
- opened the Developer Toolbar via "Hamburger Menu -> Developer"
- typed in "sec" and tabbed to autocomplete "security csp"
- once "security csp" was auto-completed, hit "Enter"
Now that CPOWs are blocked in the browser, I get a slightly different stack:

Full Message: Error: unsafe CPOW usage forbidden
Full Stack: get_contentDocumentAsCPOW@chrome://global/content/bindings/remote-browser.xml:164:1
get_contentDocumentAsCPOW@chrome://browser/content/tabbrowser.xml:3946:1
CommandUtils.createEnvironment/<.document@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/client/shared/developer-toolbar.js:198:9
exports.items<.exec@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/shared/gcli/commands/security.js:143:11
getChainConverter/<.exec@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/shared/gcli/source/lib/gcli/converters/converters.js:138:26
Converters.prototype.convert/<@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/shared/gcli/source/lib/gcli/converters/converters.js:261:14
createAsyncFunction/asyncFunction@resource://gre/modules/Task.jsm:243:18
Task_spawn@resource://gre/modules/Task.jsm:168:12
exports.exec@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/shared/gcli/source/lib/gcli/util/host.js:71:10
Converters.prototype.convert@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/shared/gcli/source/lib/gcli/converters/converters.js:260:12
Output.prototype.convert@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/shared/gcli/source/lib/gcli/cli.js:2183:10
OutputPanel.prototype._update@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/client/shared/developer-toolbar.js:1004:5
promise callback*OutputPanel.prototype._outputChanged@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/client/shared/developer-toolbar.js:982:5
exports.createEvent/event@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/shared/gcli/source/lib/gcli/util/util.js:106:7
Requisition.prototype.exec@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/shared/gcli/source/lib/gcli/cli.js:2041:3
Inputter.prototype._handleReturn@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/shared/gcli/source/lib/gcli/mozui/inputter.js:560:12
Inputter.prototype.handleKeyUp@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/shared/gcli/source/lib/gcli/mozui/inputter.js:459:12
Inputter.prototype.onKeyUp@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/shared/gcli/source/lib/gcli/mozui/inputter.js:431:3
EventListener.handleEvent*Inputter@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/shared/gcli/source/lib/gcli/mozui/inputter.js:54:3
promise callback*DeveloperToolbar.prototype.show/this._showPromise</</<@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/client/shared/developer-toolbar.js:386:16
promise callback*DeveloperToolbar.prototype.show/this._showPromise</<@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/client/shared/developer-toolbar.js:383:14
Handler.prototype.process@resource://gre/modules/Promise.jsm -> resource://gre/modules/Promise-backend.js:937:23
Promise*this.PromiseWalker.scheduleWalkerLoop@resource://gre/modules/Promise.jsm -> resource://gre/modules/Promise-backend.js:747:11
this.PromiseWalker.schedulePromise@resource://gre/modules/Promise.jsm -> resource://gre/modules/Promise-backend.js:779:7
this.PromiseWalker.completePromise@resource://gre/modules/Promise.jsm -> resource://gre/modules/Promise-backend.js:714:7
OutputPanel.prototype._init/onload@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/client/shared/developer-toolbar.js:856:5
EventListener.handleEvent*OutputPanel.prototype._init@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/client/shared/developer-toolbar.js:858:3
OutputPanel.create@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/client/shared/developer-toolbar.js:783:10
DeveloperToolbar.prototype.show/this._showPromise<@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/client/shared/developer-toolbar.js:371:7
Handler.prototype.process@resource://gre/modules/Promise.jsm -> resource://gre/modules/Promise-backend.js:937:23
Promise*this.PromiseWalker.scheduleWalkerLoop@resource://gre/modules/Promise.jsm -> resource://gre/modules/Promise-backend.js:747:11
this.PromiseWalker.schedulePromise@resource://gre/modules/Promise.jsm -> resource://gre/modules/Promise-backend.js:779:7
Promise.prototype.then@resource://gre/modules/Promise.jsm -> resource://gre/modules/Promise-backend.js:454:5
DeveloperToolbar.prototype.show@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/client/shared/developer-toolbar.js:358:23
DeveloperToolbar.prototype.focusToggle@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/client/shared/developer-toolbar.js:335:5
oncommand@chrome://browser/content/browser.xul:1:1
Component: Developer Tools: WebIDE → Developer Tools: Graphic Commandline and Toolbar
Summary: Front.prototype.send threw an exception: TypeError: this.conn._transport is null → security csp command: unsafe CPOW usage forbidden
[Tracking Requested - why for this release]:

Fails in 47 due to CPOW blocking.

This command may also need run at server-parent from bug 1221488.
Depends on: 1221488
Summary: security csp command: unsafe CPOW usage forbidden → [e10s] security csp command: unsafe CPOW usage forbidden
Blocks: dte10s
tracking-e10s: --- → +
[Tracking Requested - why for this release]: Nomi'ng for 46 tracking as well.
e10s rollouts planned for 46, tracking.
This should only occur in 47 and later due to bug 1233497.
Okay, I've realized there are still two separate issues here.  I have fixed the "unsafe CPOW" one, but it's still possible to reproduce the "TypeError: this.conn._transport is null" one that :kjozwiak originally reported here.

Bug 1196189 tracks a very similar report as the original "TypeError: this.conn._transport is null" problem, so let's continue using this one for the "unsafe CPOW" issue only.

Sorry for the confusion.

Fixing unsafe CPOW does not need server-parent from bug 1221488.
Assignee: nobody → jryans
Status: NEW → ASSIGNED
No longer depends on: 1221488
Attachment #8733952 - Flags: review?(jwalker) → review+
Comment on attachment 8733952 [details]
MozReview Request: Bug 1233780 - Avoid CPOWs in GCLI security csp. r=jwalker

https://reviewboard.mozilla.org/r/42045/#review38807

Thanks for getting to this
https://hg.mozilla.org/mozilla-central/rev/aadf5e15faf8
Status: ASSIGNED → RESOLVED
Closed: 3 years ago
Resolution: --- → FIXED
Target Milestone: --- → Firefox 48
Comment on attachment 8733952 [details]
MozReview Request: Bug 1233780 - Avoid CPOWs in GCLI security csp. r=jwalker

Approval Request Comment
[Feature/regressing bug #]: Issue triggered by bug 1233497 which throws when browser code uses CPOWs.
[User impact if declined]: If declined, the some Developer Toolbar commands will be broken.
[Describe test coverage new/current, TreeHerder]: Manual testing, landed on m-c
[Risks and why]: Low risk, only affects Developer Toolbar commands in DevTools
[String/UUID change made/needed]: None
Attachment #8733952 - Flags: approval-mozilla-aurora?
Comment on attachment 8733952 [details]
MozReview Request: Bug 1233780 - Avoid CPOWs in GCLI security csp. r=jwalker

recent regression, e10s specific, Aurora47+
Attachment #8733952 - Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
Product: Firefox → DevTools
Product: DevTools → DevTools Graveyard
You need to log in before you can comment on or make changes to this bug.