Closed Bug 1233780 Opened 5 years ago Closed 4 years ago

[e10s] security csp command: unsafe CPOW usage forbidden

Categories

(DevTools Graveyard :: Graphic Commandline and Toolbar, defect)

46 Branch
x86
macOS
defect
Not set
normal

Tracking

(e10s+, firefox46 unaffected, firefox47+ fixed, firefox48 fixed)

RESOLVED FIXED
Firefox 48
Tracking Status
e10s + ---
firefox46 --- unaffected
firefox47 + fixed
firefox48 --- fixed

People

(Reporter: kjozwiak, Assigned: jryans)

References

()

Details

Attachments

(1 file)

When attempting to use "security csp" via the Developer Toolbar, sometimes I get the error pasted below. This doesn't happen all the time and not 100% reproducable, but I'm getting this pretty often with my current installation of fx.

Front.prototype.send threw an exception: TypeError: this.conn._transport is null
Stack: Front<.send/<@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/server/protocol.js:1162:9
Handler.prototype.process@resource://gre/modules/Promise.jsm -> resource://gre/modules/Promise-backend.js:933:23
this.PromiseWalker.walkerLoop@resource://gre/modules/Promise.jsm -> resource://gre/modules/Promise-backend.js:812:7
Promise*this.PromiseWalker.scheduleWalkerLoop@resource://gre/modules/Promise.jsm -> resource://gre/modules/Promise-backend.js:743:11
this.PromiseWalker.schedulePromise@resource://gre/modules/Promise.jsm -> resource://gre/modules/Promise-backend.js:775:7
Promise.prototype.then@resource://gre/modules/Promise.jsm -> resource://gre/modules/Promise-backend.js:450:5
Front<.send@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/server/protocol.js:1160:7
Front<.request@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/server/protocol.js:1180:5
frontProto/</proto[name]@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/server/protocol.js:1338:14
addLocalFunctions/</commandSpec.exec@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/shared/gcli/source/lib/gcli/system.js:347:16
Requisition.prototype.exec/<@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/shared/gcli/source/lib/gcli/cli.js:2083:16
createAsyncFunction/asyncFunction@resource://gre/modules/Task.jsm:239:18
Task_spawn@resource://gre/modules/Task.jsm:164:12
exports.exec@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/shared/gcli/source/lib/gcli/util/host.js:71:10
Requisition.prototype.exec@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/shared/gcli/source/lib/gcli/cli.js:2082:14
Inputter.prototype._handleReturn@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/shared/gcli/source/lib/gcli/mozui/inputter.js:560:12
Inputter.prototype.handleKeyUp@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/shared/gcli/source/lib/gcli/mozui/inputter.js:459:1
Inputter.prototype.onKeyUp@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/shared/gcli/source/lib/gcli/mozui/inputter.js:431:3
EventListener.handleEvent*Inputter@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/shared/gcli/source/lib/gcli/mozui/inputter.js:54:3
DeveloperToolbar.prototype.show/this._showPromise</</</<@resource://devtools/client/shared/DeveloperToolbar.jsm:427:27
promise callback*DeveloperToolbar.prototype.show/this._showPromise</</<@resource://devtools/client/shared/DeveloperToolbar.jsm:417:16
promise callback*DeveloperToolbar.prototype.show/this._showPromise</<@resource://devtools/client/shared/DeveloperToolbar.jsm:414:14
Handler.prototype.process@resource://gre/modules/Promise.jsm -> resource://gre/modules/Promise-backend.js:933:23
Promise*this.PromiseWalker.scheduleWalkerLoop@resource://gre/modules/Promise.jsm -> resource://gre/modules/Promise-backend.js:743:11
this.PromiseWalker.schedulePromise@resource://gre/modules/Promise.jsm -> resource://gre/modules/Promise-backend.js:775:7
this.PromiseWalker.completePromise@resource://gre/modules/Promise.jsm -> resource://gre/modules/Promise-backend.js:710:7
OutputPanel.prototype._init/onload@resource://devtools/client/shared/DeveloperToolbar.jsm:887:5
EventListener.handleEvent*OutputPanel.prototype._init@resource://devtools/client/shared/DeveloperToolbar.jsm:889:3
OutputPanel.create@resource://devtools/client/shared/DeveloperToolbar.jsm:814:10
DeveloperToolbar.prototype.show/this._showPromise<@resource://devtools/client/shared/DeveloperToolbar.jsm:402:7
Handler.prototype.process@resource://gre/modules/Promise.jsm -> resource://gre/modules/Promise-backend.js:933:23
Promise*this.PromiseWalker.scheduleWalkerLoop@resource://gre/modules/Promise.jsm -> resource://gre/modules/Promise-backend.js:743:11
this.PromiseWalker.schedulePromise@resource://gre/modules/Promise.jsm -> resource://gre/modules/Promise-backend.js:775:7
Promise.prototype.then@resource://gre/modules/Promise.jsm -> resource://gre/modules/Promise-backend.js:450:5
DeveloperToolbar.prototype.show@resource://devtools/client/shared/DeveloperToolbar.jsm:389:23
DeveloperToolbar.prototype.toggle@resource://devtools/client/shared/DeveloperToolbar.jsm:332:12
oncommand@chrome://browser/content/browser.xul:1:1
Line: 1162, column: 9

STR:

- open the latest m-c (I used BuildID: 20151215030221 Changeset: ae37fdb042c0)
- visited kamiljozwiak.io (or any website with CSP enabled)
- opened the Developer Toolbar via "Hamburger Menu -> Developer"
- typed in "sec" and tabbed to autocomplete "security csp"
- once "security csp" was auto-completed, hit "Enter"
Now that CPOWs are blocked in the browser, I get a slightly different stack:

Full Message: Error: unsafe CPOW usage forbidden
Full Stack: get_contentDocumentAsCPOW@chrome://global/content/bindings/remote-browser.xml:164:1
get_contentDocumentAsCPOW@chrome://browser/content/tabbrowser.xml:3946:1
CommandUtils.createEnvironment/<.document@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/client/shared/developer-toolbar.js:198:9
exports.items<.exec@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/shared/gcli/commands/security.js:143:11
getChainConverter/<.exec@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/shared/gcli/source/lib/gcli/converters/converters.js:138:26
Converters.prototype.convert/<@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/shared/gcli/source/lib/gcli/converters/converters.js:261:14
createAsyncFunction/asyncFunction@resource://gre/modules/Task.jsm:243:18
Task_spawn@resource://gre/modules/Task.jsm:168:12
exports.exec@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/shared/gcli/source/lib/gcli/util/host.js:71:10
Converters.prototype.convert@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/shared/gcli/source/lib/gcli/converters/converters.js:260:12
Output.prototype.convert@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/shared/gcli/source/lib/gcli/cli.js:2183:10
OutputPanel.prototype._update@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/client/shared/developer-toolbar.js:1004:5
promise callback*OutputPanel.prototype._outputChanged@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/client/shared/developer-toolbar.js:982:5
exports.createEvent/event@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/shared/gcli/source/lib/gcli/util/util.js:106:7
Requisition.prototype.exec@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/shared/gcli/source/lib/gcli/cli.js:2041:3
Inputter.prototype._handleReturn@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/shared/gcli/source/lib/gcli/mozui/inputter.js:560:12
Inputter.prototype.handleKeyUp@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/shared/gcli/source/lib/gcli/mozui/inputter.js:459:12
Inputter.prototype.onKeyUp@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/shared/gcli/source/lib/gcli/mozui/inputter.js:431:3
EventListener.handleEvent*Inputter@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/shared/gcli/source/lib/gcli/mozui/inputter.js:54:3
promise callback*DeveloperToolbar.prototype.show/this._showPromise</</<@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/client/shared/developer-toolbar.js:386:16
promise callback*DeveloperToolbar.prototype.show/this._showPromise</<@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/client/shared/developer-toolbar.js:383:14
Handler.prototype.process@resource://gre/modules/Promise.jsm -> resource://gre/modules/Promise-backend.js:937:23
Promise*this.PromiseWalker.scheduleWalkerLoop@resource://gre/modules/Promise.jsm -> resource://gre/modules/Promise-backend.js:747:11
this.PromiseWalker.schedulePromise@resource://gre/modules/Promise.jsm -> resource://gre/modules/Promise-backend.js:779:7
this.PromiseWalker.completePromise@resource://gre/modules/Promise.jsm -> resource://gre/modules/Promise-backend.js:714:7
OutputPanel.prototype._init/onload@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/client/shared/developer-toolbar.js:856:5
EventListener.handleEvent*OutputPanel.prototype._init@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/client/shared/developer-toolbar.js:858:3
OutputPanel.create@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/client/shared/developer-toolbar.js:783:10
DeveloperToolbar.prototype.show/this._showPromise<@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/client/shared/developer-toolbar.js:371:7
Handler.prototype.process@resource://gre/modules/Promise.jsm -> resource://gre/modules/Promise-backend.js:937:23
Promise*this.PromiseWalker.scheduleWalkerLoop@resource://gre/modules/Promise.jsm -> resource://gre/modules/Promise-backend.js:747:11
this.PromiseWalker.schedulePromise@resource://gre/modules/Promise.jsm -> resource://gre/modules/Promise-backend.js:779:7
Promise.prototype.then@resource://gre/modules/Promise.jsm -> resource://gre/modules/Promise-backend.js:454:5
DeveloperToolbar.prototype.show@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/client/shared/developer-toolbar.js:358:23
DeveloperToolbar.prototype.focusToggle@resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/client/shared/developer-toolbar.js:335:5
oncommand@chrome://browser/content/browser.xul:1:1
Component: Developer Tools: WebIDE → Developer Tools: Graphic Commandline and Toolbar
Summary: Front.prototype.send threw an exception: TypeError: this.conn._transport is null → security csp command: unsafe CPOW usage forbidden
[Tracking Requested - why for this release]:

Fails in 47 due to CPOW blocking.

This command may also need run at server-parent from bug 1221488.
Depends on: 1221488
Summary: security csp command: unsafe CPOW usage forbidden → [e10s] security csp command: unsafe CPOW usage forbidden
Blocks: dte10s
tracking-e10s: --- → +
[Tracking Requested - why for this release]: Nomi'ng for 46 tracking as well.
e10s rollouts planned for 46, tracking.
Okay, I've realized there are still two separate issues here.  I have fixed the "unsafe CPOW" one, but it's still possible to reproduce the "TypeError: this.conn._transport is null" one that :kjozwiak originally reported here.

Bug 1196189 tracks a very similar report as the original "TypeError: this.conn._transport is null" problem, so let's continue using this one for the "unsafe CPOW" issue only.

Sorry for the confusion.

Fixing unsafe CPOW does not need server-parent from bug 1221488.
Assignee: nobody → jryans
Status: NEW → ASSIGNED
No longer depends on: 1221488
Attachment #8733952 - Flags: review?(jwalker) → review+
Comment on attachment 8733952 [details]
MozReview Request: Bug 1233780 - Avoid CPOWs in GCLI security csp. r=jwalker

https://reviewboard.mozilla.org/r/42045/#review38807

Thanks for getting to this
https://hg.mozilla.org/mozilla-central/rev/aadf5e15faf8
Status: ASSIGNED → RESOLVED
Closed: 4 years ago
Resolution: --- → FIXED
Target Milestone: --- → Firefox 48
Comment on attachment 8733952 [details]
MozReview Request: Bug 1233780 - Avoid CPOWs in GCLI security csp. r=jwalker

Approval Request Comment
[Feature/regressing bug #]: Issue triggered by bug 1233497 which throws when browser code uses CPOWs.
[User impact if declined]: If declined, the some Developer Toolbar commands will be broken.
[Describe test coverage new/current, TreeHerder]: Manual testing, landed on m-c
[Risks and why]: Low risk, only affects Developer Toolbar commands in DevTools
[String/UUID change made/needed]: None
Attachment #8733952 - Flags: approval-mozilla-aurora?
Comment on attachment 8733952 [details]
MozReview Request: Bug 1233780 - Avoid CPOWs in GCLI security csp. r=jwalker

recent regression, e10s specific, Aurora47+
Attachment #8733952 - Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
Product: Firefox → DevTools
Product: DevTools → DevTools Graveyard
You need to log in before you can comment on or make changes to this bug.