Closed Bug 1257781 Opened 8 years ago Closed 8 years ago

Redirecting to moz-extension:// with webRequest.onBeforeSendHeaders fails with Security Error

Categories

(WebExtensions :: Untriaged, defect)

Product:
WebExtensions
Component:
Untriaged
Version:
48 Branch
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 1256122

People

(Reporter: cperivol, Unassigned)

References

(Blocks 1 open bug)

Details

User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:45.0) Gecko/20100101 Firefox/45.0
Build ID: 20160303134406

Steps to reproduce:



For development purposes I am trying to build an extension that redirects all requests matching a regex to a specific page and I want to use webRequest because the same extension should also work on chrome. The problem is that while webRequest.onBeforeSendHeaders can redirect to other http:// domains, it can't redirect to a local resource. Here is a simplified version of the extension:

manifest.js

{
    "applications": {
      "gecko": {
        "id": "addon@example.com",
          "strict_min_version": "42.0",
          "strict_max_version": "50.*",
          "update_url": "https://example.com/updates.json"
      }
    },

    "name": "Developer",
    "version": "0.1.26",
    "manifest_version": 2,
    "description": "A script useful for development.",
    "icons": {"16": "logo16.png",
              "48": "logo48.png",
              "128": "logo128.png"},
    "background": {
    "scripts": ["background.js"]
    },
    "web_accessible_resources": ["hello.html"],
    "permissions": [
        "activeTab",
        "webRequest",
        "webRequestBlocking"
    ]
}

background.js

chrome.webRequest.onBeforeSendHeaders.addListener(
  function(details) {
    var redirect;
    if (details.url.match(/example\.com/)) {
      redirect = chrome.extension.getURL("hello.html");
      console.log("Redirecting:", details.url, "->", redirect);
      return {redirectUrl: redirect};
      }
    console.log("Requesting:",details.url);
  }, {urls: [
    "<all_urls>"
  ]}, ["blocking"]);

hello.html

<html>
    <head>It works</head>
    <body>And it's not apache!</body>
</html>

In short it redirects anything fetched from example.com to an extension resource hello.html.

So I go to about:config and set security.fileuri.strict_origin_policy to false. Then I go to about:debugging and load the extension. Then I open the browser console Tools -> Web Developer -> Browser Console. Finally I go to example.com. I should be getting the contents of hello.html but instead I get nothing (white screen) and in the browser console I get:

Redirecting: "http://example.com/" -> "moz-extension://ce33a9b5-2c20-ed41-b8aa-f52143783c38/hello.html"
Security Error: Content at http://example.com/ may not load or link to file:///path/to/extension/hello.html.

Also note that navigating to moz-extension://ce33a9b5-2c20-ed41-b8aa-f52143783c38/hello.html actually worked.

If i change the redirect url to something on the web everything works:

chrome.webRequest.onBeforeSendHeaders.addListener(
  function(details) {
    var redirect;
    if (details.url.match(/example\.com/)) {
      redirect = "https://www.google.com"; // chrome.extension.getURL("hello.html");
      console.log("Redirecting:", details.url, "->", redirect);
      return {redirectUrl: redirect};
      }
    console.log("Requesting:",details.url);
  }, {urls: [
    "<all_urls>"
  ]}, ["blocking"]);
Blocks: webextensions-chrome-gaps
Component: Untriaged → WebExtensions
Product: Firefox → Toolkit
Status: UNCONFIRMED → RESOLVED
Closed: 8 years ago
Resolution: --- → DUPLICATE
Product: Toolkit → WebExtensions
You need to log in before you can comment on or make changes to this bug.