Attribute 'origin' is should be uppercase 'Origin' in firefox request header

RESOLVED WORKSFORME
(Needinfo from 2 people)

Status

()

P3
normal
RESOLVED WORKSFORME
3 years ago
2 months ago

People

(Reporter: yanfzhen, Assigned: junior, NeedInfo)

Tracking

48 Branch
mozilla65
Points:
---

Firefox Tracking Flags

(firefox65 fixed)

Details

(Whiteboard: [necko-next])

Attachments

(3 attachments)

(Reporter)

Description

3 years ago
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2754.0 Safari/537.36

Steps to reproduce:

1. When client send a http request to server
2. then this issue happen, pls check the attachment


Actual results:

Attribute 'Origin' is lower case


Expected results:

1. Attribute 'origin' is should be uppercase 'Origin' in firefox request header
2. Pls check https://www.w3.org/TR/cors/#access-control-allow-origin-response-header
(Reporter)

Updated

3 years ago
OS: Unspecified → Mac OS X
Hardware: Unspecified → All

Comment 1

3 years ago
Reproducible.

User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:46.0) Gecko/20100101 Firefox/46.0
Build ID: 20160511223818

Updated

3 years ago
Component: Untriaged → Developer Tools: Netmonitor

Updated

3 years ago
Status: UNCONFIRMED → NEW
Ever confirmed: true
OS: Mac OS X → All
I can't reproduce the problem on my machine. I am seeing capital 'O' for the Origin header.
Can you please provide a test case I could try out on my machine?

I've been testing with Nightly as well as with Fx47

Honza
Priority: -- → P3
(Reporter)

Comment 3

3 years ago
I use 48.0a2 dev version of firefox on MAC

Comment 4

3 years ago
I can reproduce this issue on Ubuntu Firefox 48.

Comment 5

3 years ago
Same issue! please fix it

Application Basics
------------------

Name: Firefox
Version: 48.0
Build ID: 20160728203720
User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:48.0) Gecko/20100101 Firefox/48.0
OS: Linux 4.4.0-34-generic x86-64
Multiprocess Windows: 0/1 (Disabled)
Safe Mode: false

Important Modified Preferences
------------------------------

browser.cache.disk.capacity: 358400
browser.cache.disk.filesystem_reported: 1
browser.cache.disk.smart_size.first_run: false
browser.cache.disk.smart_size.use_old_max: false
browser.cache.frecency_experiment: 1
browser.download.importedFromSqlite: true
browser.places.smartBookmarksVersion: 8
browser.sessionstore.upgradeBackup.latestBuildID: 20160728203720
browser.startup.homepage_override.buildID: 20160728203720
browser.startup.homepage_override.mstone: 48.0
browser.urlbar.daysBeforeHidingSuggestionsPrompt: 3
browser.urlbar.lastSuggestionsPromptDate: 20160816
dom.apps.reset-permissions: true
extensions.lastAppVersion: 48.0
media.gmp-gmpopenh264.abi: x86_64-gcc3
media.gmp-gmpopenh264.lastUpdate: 1471351125
media.gmp-gmpopenh264.version: 1.5.3
media.gmp-manager.buildID: 20160728203720
media.gmp-manager.lastCheck: 1471438648
media.gmp.storage.version.observed: 1
network.cookie.prefsMigrated: true
network.predictor.cleaned-up: true
places.database.lastMaintenance: 1471354530
places.history.expiration.transient_current_max_pages: 104858
plugin.disable_full_page_plugin_for_types: application/pdf
plugin.importedState: true
privacy.cpd.offlineApps: true
privacy.cpd.siteSettings: true
privacy.sanitize.timeSpan: 2
security.OCSP.enabled: 0
storage.vacuum.last.index: 0
storage.vacuum.last.places.sqlite: 1471354530

Important Locked Preferences
----------------------------

JavaScript
----------

Incremental GC: true

Accessibility
-------------

Activated: false
Prevent Accessibility: 0

Library Versions
----------------

NSPR
Expected minimum version: 4.12
Version in use: 4.12

NSS
Expected minimum version: 3.24 Basic ECC
Version in use: 3.24 Basic ECC

NSSSMIME
Expected minimum version: 3.24 Basic ECC
Version in use: 3.24 Basic ECC

NSSSSL
Expected minimum version: 3.24 Basic ECC
Version in use: 3.24 Basic ECC

NSSUTIL
Expected minimum version: 3.24
Version in use: 3.24

Experimental Features
---------------------

Sandbox
-------

Seccomp-BPF (System Call Filtering): true
Seccomp Thread Synchronization: true
User Namespaces: true
Media Plugin Sandboxing: true
Moving to a hopefully more correct product/component.

It would appear that Firefox isn't always sending lowercase "origin" based on comment 2, it would therefore be helpful if people could investigate more, and state if they are seeing this all the time, or what circumstances this is happening in.
Component: Developer Tools: Netmonitor → Networking
Product: Firefox → Core
Note moved to Core/Networking, as this seems to be affecting some servers that look for "Origin" rather than case-insensitive, i.e. not just a devtools display issue.
Priority: P3 → --
1] this probably doesn't come from core/networking - origin headers are generally passed into the channel from some higher level code. happy to help as far as I can though.

2] please do evangelism also with the servers. request headers are not case sensitive items, and indeed in h2 they are always all in lowercase. So a server that is making a distinction there flat out has a bug.

3] if one of the folks that can reproduce it can attach an http log (https://developer.mozilla.org/en-US/docs/Mozilla/Debugging/HTTP_logging) that might help us figure out where it is coming from (but see #1 - the scope of the log may not be enough.. but maybe.) ni for that reason.
Flags: needinfo?(ricoterox)
I've just been talking with a couple of users on irc. We had a look at various things and they didn't have anything unusual in their profiles (no add-ons etc). At least one of them was running with e10s on FF 49.

It appears that restarting Firefox (possibly via safe mode), seemed to revert it to using the uppercase "Origin" somehow.

So this could be a timing issue or something else strange going on up the stack somewhere.
Whiteboard: [necko-next]
I've a similar problem, but it happens just in Ubuntu's Firefox.
The following headers are sent for the same request:

-Ubuntu: 
Host: www.dentalcremer.com.br
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:49.0) Gecko/20100101 Firefox/49.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Access-Control-Request-Method: GET
Access-Control-Request-Headers: cache-control,pragma,user-agent
origin: http://busca.dentalcremer.com.br
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

-------
-Windows:
Host: www.dentalcremer.com.br
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:48.0) Gecko/20100101 Firefox/48.0
Accept: text/html,*/*;q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referrer: http://busca.dentalcremer.com.br
Origin: http://busca.dentalcremer.com.br
Connection: keep-alive

Comment 12

3 years ago
I attached some debug info regarding this case from 49.0.1/Windows. Hopefully I selected all the necessary lines from the log. At least in this log the origin header appears in both forms.

Updated

2 years ago
Duplicate of this bug: 1384252
Set to P3 based on comment #8.
Priority: P2 → P3
(Assignee)

Comment 17

5 months ago
The log shows it's in preflight.
The culprit might be 
https://searchfox.org/mozilla-central/rev/50ba1dd30cf013bddce1ae756f1b3c95b26f0628/dom/fetch/FetchDriver.cpp#1484

We should change those literal string to nsHttp::Origin, though.
(Assignee)

Updated

5 months ago
Keywords: checkin-needed

Comment 20

5 months ago
Pushed by nbeleuzu@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/1b9757b74504
use nsHttp::Origin instead of literal cstring r=francois
Keywords: checkin-needed

Comment 21

5 months ago
bugherder
https://hg.mozilla.org/mozilla-central/rev/1b9757b74504
Status: NEW → RESOLVED
Last Resolved: 5 months ago
status-firefox65: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla65
Assignee: nobody → juhsu
Flags: qe-verify+

Hello,

Unfortunately, I can't reproduce this issue using the Fx Nightly BuildID: 20160602030220 on Windows 10 x64, Ubuntu 18.04 x64 and macOS X 10.14.

Maybe I am missing something?

On the FX Nightly BuildID: 20160602030220 and the current Fx Beta 65.0b11 the response header always shows Origin with uppercase.

Flags: needinfo?(juhsu)
(Assignee)

Comment 23

2 months ago

Sorry, I can't reproduce now.

Flags: needinfo?(juhsu)

Hello,

Yanfzhen can you please help us with reproducing this issue and seeing if its fixed on Fx Beta 65.0b12? Any help would be much appreciated.

Flags: qe-verify+ → needinfo?(yanfzhen)

Comment 25

2 months ago

Could not reproduce.

Version: 65.0b12
Build ID: 20190117232427
User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:65.0) Gecko/20100101 Firefox/65.0

Seeing as this issue can no longer be reproduced either on the original build Fx Nightly BuildID: 20160602030220 or the current Fx Beta 65.0b12 I think its best to mark this issue as verified fix.

Resolution: FIXED → WORKSFORME
You need to log in before you can comment on or make changes to this bug.