JS: EventSource in iframe at foreign domain is considered as XHR

RESOLVED WORKSFORME

Status

()

Core
DOM: Security
RESOLVED WORKSFORME
3 years ago
2 years ago

People

(Reporter: ondra-novak, Unassigned)

Tracking

43 Branch
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

3 years ago
User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0
Build ID: 20160105164030

Steps to reproduce:

1. page at domain1 contains iframe with src="domain2". there is no relation between the domains.
2. page in the iframe creates EventSource object to an URL in domain2 (same domain as the web page loaded to the iframe)



Actual results:

1. EventSource object reports error: Firefox is unable to connect server "domain2"
2. Console shows url of the request as XHR

XMLHttpRequest works in this situation and can be used as workaround. This example will work well also in Chrome.


Expected results:

1. EventSource object should not report error because it is no XHR request

Updated

3 years ago
Component: Untriaged → Untriaged
Product: Firefox → Core

Updated

3 years ago
Component: Untriaged → DOM: Security

Comment 1

2 years ago
Dan, can you take a look at this bug?
Flags: needinfo?(dveditz)
Works for me: I took a page on a test domain and added an iframe to 
http://www.w3schools.com/html/tryit.asp?filename=tryhtml5_sse

... and the EventSource example in that page continued to work.

I tested in both Nightly (49) and ESR-38.8

Without a testcase showing the problem there's not much we can do here.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 2 years ago
Flags: needinfo?(dveditz)
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.