Closed Bug 1233780 Opened 9 years ago Closed 9 years ago

[e10s] security csp command: unsafe CPOW usage forbidden

Categories

(DevTools Graveyard :: Graphic Commandline and Toolbar, defect)

46 Branch
x86
macOS
defect
Not set
normal

Tracking

(e10s+, firefox46 unaffected, firefox47+ fixed, firefox48 fixed)

RESOLVED FIXED
Firefox 48
Tracking Status
e10s + ---
firefox46 --- unaffected
firefox47 + fixed
firefox48 --- fixed

People

(Reporter: kjozwiak, Assigned: jryans)

References

()

Details

Attachments

(1 file)

When attempting to use "security csp" via the Developer Toolbar, sometimes I get the error pasted below. This doesn't happen all the time and not 100% reproducable, but I'm getting this pretty often with my current installation of fx. Front.prototype.send threw an exception: TypeError: this.conn._transport is null Stack: Front<.send/<@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/server/protocol.js:1162:9 Handler.prototype.process@resource://gre/modules/Promise.jsm -> resource://gre/modules/Promise-backend.js:933:23 this.PromiseWalker.walkerLoop@resource://gre/modules/Promise.jsm -> resource://gre/modules/Promise-backend.js:812:7 Promise*this.PromiseWalker.scheduleWalkerLoop@resource://gre/modules/Promise.jsm -> resource://gre/modules/Promise-backend.js:743:11 this.PromiseWalker.schedulePromise@resource://gre/modules/Promise.jsm -> resource://gre/modules/Promise-backend.js:775:7 Promise.prototype.then@resource://gre/modules/Promise.jsm -> resource://gre/modules/Promise-backend.js:450:5 Front<.send@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/server/protocol.js:1160:7 Front<.request@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/server/protocol.js:1180:5 frontProto/</proto[name]@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/server/protocol.js:1338:14 addLocalFunctions/</commandSpec.exec@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/shared/gcli/source/lib/gcli/system.js:347:16 Requisition.prototype.exec/<@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/shared/gcli/source/lib/gcli/cli.js:2083:16 createAsyncFunction/asyncFunction@resource://gre/modules/Task.jsm:239:18 Task_spawn@resource://gre/modules/Task.jsm:164:12 exports.exec@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/shared/gcli/source/lib/gcli/util/host.js:71:10 Requisition.prototype.exec@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/shared/gcli/source/lib/gcli/cli.js:2082:14 Inputter.prototype._handleReturn@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/shared/gcli/source/lib/gcli/mozui/inputter.js:560:12 Inputter.prototype.handleKeyUp@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/shared/gcli/source/lib/gcli/mozui/inputter.js:459:1 Inputter.prototype.onKeyUp@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/shared/gcli/source/lib/gcli/mozui/inputter.js:431:3 EventListener.handleEvent*Inputter@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/shared/gcli/source/lib/gcli/mozui/inputter.js:54:3 DeveloperToolbar.prototype.show/this._showPromise</</</<@resource://devtools/client/shared/DeveloperToolbar.jsm:427:27 promise callback*DeveloperToolbar.prototype.show/this._showPromise</</<@resource://devtools/client/shared/DeveloperToolbar.jsm:417:16 promise callback*DeveloperToolbar.prototype.show/this._showPromise</<@resource://devtools/client/shared/DeveloperToolbar.jsm:414:14 Handler.prototype.process@resource://gre/modules/Promise.jsm -> resource://gre/modules/Promise-backend.js:933:23 Promise*this.PromiseWalker.scheduleWalkerLoop@resource://gre/modules/Promise.jsm -> resource://gre/modules/Promise-backend.js:743:11 this.PromiseWalker.schedulePromise@resource://gre/modules/Promise.jsm -> resource://gre/modules/Promise-backend.js:775:7 this.PromiseWalker.completePromise@resource://gre/modules/Promise.jsm -> resource://gre/modules/Promise-backend.js:710:7 OutputPanel.prototype._init/onload@resource://devtools/client/shared/DeveloperToolbar.jsm:887:5 EventListener.handleEvent*OutputPanel.prototype._init@resource://devtools/client/shared/DeveloperToolbar.jsm:889:3 OutputPanel.create@resource://devtools/client/shared/DeveloperToolbar.jsm:814:10 DeveloperToolbar.prototype.show/this._showPromise<@resource://devtools/client/shared/DeveloperToolbar.jsm:402:7 Handler.prototype.process@resource://gre/modules/Promise.jsm -> resource://gre/modules/Promise-backend.js:933:23 Promise*this.PromiseWalker.scheduleWalkerLoop@resource://gre/modules/Promise.jsm -> resource://gre/modules/Promise-backend.js:743:11 this.PromiseWalker.schedulePromise@resource://gre/modules/Promise.jsm -> resource://gre/modules/Promise-backend.js:775:7 Promise.prototype.then@resource://gre/modules/Promise.jsm -> resource://gre/modules/Promise-backend.js:450:5 DeveloperToolbar.prototype.show@resource://devtools/client/shared/DeveloperToolbar.jsm:389:23 DeveloperToolbar.prototype.toggle@resource://devtools/client/shared/DeveloperToolbar.jsm:332:12 oncommand@chrome://browser/content/browser.xul:1:1 Line: 1162, column: 9 STR: - open the latest m-c (I used BuildID: 20151215030221 Changeset: ae37fdb042c0) - visited kamiljozwiak.io (or any website with CSP enabled) - opened the Developer Toolbar via "Hamburger Menu -> Developer" - typed in "sec" and tabbed to autocomplete "security csp" - once "security csp" was auto-completed, hit "Enter"
Now that CPOWs are blocked in the browser, I get a slightly different stack: Full Message: Error: unsafe CPOW usage forbidden Full Stack: get_contentDocumentAsCPOW@chrome://global/content/bindings/remote-browser.xml:164:1 get_contentDocumentAsCPOW@chrome://browser/content/tabbrowser.xml:3946:1 CommandUtils.createEnvironment/<.document@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/client/shared/developer-toolbar.js:198:9 exports.items<.exec@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/shared/gcli/commands/security.js:143:11 getChainConverter/<.exec@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/shared/gcli/source/lib/gcli/converters/converters.js:138:26 Converters.prototype.convert/<@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/shared/gcli/source/lib/gcli/converters/converters.js:261:14 createAsyncFunction/asyncFunction@resource://gre/modules/Task.jsm:243:18 Task_spawn@resource://gre/modules/Task.jsm:168:12 exports.exec@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/shared/gcli/source/lib/gcli/util/host.js:71:10 Converters.prototype.convert@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/shared/gcli/source/lib/gcli/converters/converters.js:260:12 Output.prototype.convert@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/shared/gcli/source/lib/gcli/cli.js:2183:10 OutputPanel.prototype._update@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/client/shared/developer-toolbar.js:1004:5 promise callback*OutputPanel.prototype._outputChanged@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/client/shared/developer-toolbar.js:982:5 exports.createEvent/event@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/shared/gcli/source/lib/gcli/util/util.js:106:7 Requisition.prototype.exec@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/shared/gcli/source/lib/gcli/cli.js:2041:3 Inputter.prototype._handleReturn@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/shared/gcli/source/lib/gcli/mozui/inputter.js:560:12 Inputter.prototype.handleKeyUp@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/shared/gcli/source/lib/gcli/mozui/inputter.js:459:12 Inputter.prototype.onKeyUp@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/shared/gcli/source/lib/gcli/mozui/inputter.js:431:3 EventListener.handleEvent*Inputter@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/shared/gcli/source/lib/gcli/mozui/inputter.js:54:3 promise callback*DeveloperToolbar.prototype.show/this._showPromise</</<@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/client/shared/developer-toolbar.js:386:16 promise callback*DeveloperToolbar.prototype.show/this._showPromise</<@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/client/shared/developer-toolbar.js:383:14 Handler.prototype.process@resource://gre/modules/Promise.jsm -> resource://gre/modules/Promise-backend.js:937:23 Promise*this.PromiseWalker.scheduleWalkerLoop@resource://gre/modules/Promise.jsm -> resource://gre/modules/Promise-backend.js:747:11 this.PromiseWalker.schedulePromise@resource://gre/modules/Promise.jsm -> resource://gre/modules/Promise-backend.js:779:7 this.PromiseWalker.completePromise@resource://gre/modules/Promise.jsm -> resource://gre/modules/Promise-backend.js:714:7 OutputPanel.prototype._init/onload@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/client/shared/developer-toolbar.js:856:5 EventListener.handleEvent*OutputPanel.prototype._init@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/client/shared/developer-toolbar.js:858:3 OutputPanel.create@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/client/shared/developer-toolbar.js:783:10 DeveloperToolbar.prototype.show/this._showPromise<@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/client/shared/developer-toolbar.js:371:7 Handler.prototype.process@resource://gre/modules/Promise.jsm -> resource://gre/modules/Promise-backend.js:937:23 Promise*this.PromiseWalker.scheduleWalkerLoop@resource://gre/modules/Promise.jsm -> resource://gre/modules/Promise-backend.js:747:11 this.PromiseWalker.schedulePromise@resource://gre/modules/Promise.jsm -> resource://gre/modules/Promise-backend.js:779:7 Promise.prototype.then@resource://gre/modules/Promise.jsm -> resource://gre/modules/Promise-backend.js:454:5 DeveloperToolbar.prototype.show@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/client/shared/developer-toolbar.js:358:23 DeveloperToolbar.prototype.focusToggle@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/client/shared/developer-toolbar.js:335:5 oncommand@chrome://browser/content/browser.xul:1:1
Component: Developer Tools: WebIDE → Developer Tools: Graphic Commandline and Toolbar
Summary: Front.prototype.send threw an exception: TypeError: this.conn._transport is null → security csp command: unsafe CPOW usage forbidden
[Tracking Requested - why for this release]: Fails in 47 due to CPOW blocking. This command may also need run at server-parent from bug 1221488.
Depends on: 1221488
Summary: security csp command: unsafe CPOW usage forbidden → [e10s] security csp command: unsafe CPOW usage forbidden
Blocks: dte10s
tracking-e10s: --- → +
[Tracking Requested - why for this release]: Nomi'ng for 46 tracking as well.
e10s rollouts planned for 46, tracking.
Okay, I've realized there are still two separate issues here. I have fixed the "unsafe CPOW" one, but it's still possible to reproduce the "TypeError: this.conn._transport is null" one that :kjozwiak originally reported here. Bug 1196189 tracks a very similar report as the original "TypeError: this.conn._transport is null" problem, so let's continue using this one for the "unsafe CPOW" issue only. Sorry for the confusion. Fixing unsafe CPOW does not need server-parent from bug 1221488.
Assignee: nobody → jryans
Status: NEW → ASSIGNED
No longer depends on: 1221488
Attachment #8733952 - Flags: review?(jwalker) → review+
Comment on attachment 8733952 [details] MozReview Request: Bug 1233780 - Avoid CPOWs in GCLI security csp. r=jwalker https://reviewboard.mozilla.org/r/42045/#review38807 Thanks for getting to this
Status: ASSIGNED → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
Target Milestone: --- → Firefox 48
Comment on attachment 8733952 [details] MozReview Request: Bug 1233780 - Avoid CPOWs in GCLI security csp. r=jwalker Approval Request Comment [Feature/regressing bug #]: Issue triggered by bug 1233497 which throws when browser code uses CPOWs. [User impact if declined]: If declined, the some Developer Toolbar commands will be broken. [Describe test coverage new/current, TreeHerder]: Manual testing, landed on m-c [Risks and why]: Low risk, only affects Developer Toolbar commands in DevTools [String/UUID change made/needed]: None
Attachment #8733952 - Flags: approval-mozilla-aurora?
Comment on attachment 8733952 [details] MozReview Request: Bug 1233780 - Avoid CPOWs in GCLI security csp. r=jwalker recent regression, e10s specific, Aurora47+
Attachment #8733952 - Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
Product: Firefox → DevTools
Product: DevTools → DevTools Graveyard
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: