Closed Bug 1284020 Opened 8 years ago Closed 8 years ago

Sending cross-origin request from content script with jQuery's AJAX throws warning about CORS headers, while vanilla XMLHttpRequest works fine

Categories

(WebExtensions :: Untriaged, defect, P2)

Product:
WebExtensions
Component:
Untriaged
Version:
50 Branch
Type:
defect

Tracking

(firefox50 fixed)

Status:
RESOLVED FIXED
Milestone:
mozilla50
Iteration:
50.3 - Jul 18
Tracking Flags:
Tracking Status
firefox50 --- fixed

People

(Reporter: nucleaar, Assigned: kmag)

Details

(Whiteboard: triaged)

Attachments

(2 files)

TestExtensionCORS.zip
74.03 KB, application/x-zip-compressed
Details
Bug 1284020: Treat window.fetch/window.XMLHttpRequest the same as the global variants in content scripts.
58 bytes, text/x-review-board-request
aswan
: review+
Details
Attached file TestExtensionCORS.zip
User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.106 Safari/537.36 Steps to reproduce: 1. Create a cross-origin request from content script with jQuery $.ajax method to a site that I have permissions for in manifest.json 2. Create a cross-origin request from content script with vanilla XMLHttpRequest to the same site Actual results: The $.ajax variant fails by throwing a CORS header warning 'CORS header ‘Access-Control-Allow-Origin’ missing'. This variations HTTP request also includes Origin and Referer request headers. The XMLHttpRequest variation works fine. It does not however send Origin and Referer request headers. Expected results: The $.ajax() variation should have succeeded. Not sure what exactly in jQuery triggers this bug. Version: 50.0a1 (2016-07-02) Tested on two desktops (Windows 10 and Debian). Test extension provided in file attachment.
Assignee: nobody → kmaglione+bmo
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
Priority: -- → P2
Whiteboard: triaged
Iteration: --- → 50.3 - Jul 18
Comment on attachment 8770327 [details] Bug 1284020: Treat window.fetch/window.XMLHttpRequest the same as the global variants in content scripts. https://reviewboard.mozilla.org/r/63796/#review60868 Looks good to me, I'm still wrapping my head around the finer points of sandboxes and cross-compartment wrappers but this seems obviously liek the right thing to do.
Attachment #8770327 - Flags: review?(aswan) → review+
https://hg.mozilla.org/integration/fx-team/rev/56d636b5d961f3accab65064e7f81be1f78ad81e Bug 1284020: Treat window.fetch/window.XMLHttpRequest the same as the global variants in content scripts. r=aswan
Backed out for failures in browser_dbg_sources-webext-contentscript.js: https://hg.mozilla.org/integration/fx-team/rev/7054f1c4d2b11ed3511731565a264e4521cba9b4 Push with failures: https://treeherder.mozilla.org/#/jobs?repo=fx-team&revision=56d636b5d961f3accab65064e7f81be1f78ad81e Failure log: https://treeherder.mozilla.org/logviewer.html#?job_id=10486558&repo=fx-team 17:39:46 INFO - 368 INFO TEST-START | devtools/client/debugger/test/mochitest/browser_dbg_sources-webext-contentscript.js 17:39:46 INFO - Frame script loaded. 17:39:51 INFO - TEST-INFO | started process screentopng 17:39:52 INFO - TEST-INFO | screentopng: exit 0 17:39:52 INFO - 369 INFO checking window state 17:39:52 INFO - 370 INFO Installing addon: /builds/slave/test/build/tests/mochitest/browser/devtools/client/debugger/test/mochitest/addon-webext-contentscript.xpi 17:39:52 INFO - 371 INFO Initializing a debugger panel. 17:39:52 INFO - 372 INFO Adding tab: about:blank 17:39:52 INFO - 373 INFO Loading frame script with url chrome://mochitests/content/browser/devtools/client/debugger/test/mochitest/code_frame-script.js. 17:39:52 INFO - 374 INFO Tab added and finished loading: about:blank 17:39:52 INFO - 375 INFO Debugee tab added successfully: http://example.com/browser/devtools/client/debugger/test/mochitest/doc_script_webext_contentscript.html 17:39:52 INFO - 400 INFO Debugger panel shown successfully. 17:39:52 INFO - 401 INFO Waiting for editor event: 'cursorActivity' to fire: 1 time(s). 17:39:52 INFO - 402 INFO Waiting for debugger event: 'Debugger:EditorSourceShown' to fire: 1 time(s). 17:39:52 INFO - 403 INFO Editor event 'cursorActivity' fired: 1 time(s). 17:39:52 INFO - 404 INFO TEST-PASS | devtools/client/debugger/test/mochitest/browser_dbg_sources-webext-contentscript.js | Enough 'cursorActivity' editor events have been fired. - 17:39:52 INFO - 405 INFO Caret updated: 1, 1 17:39:52 INFO - 406 INFO Current editor caret position: 1, 1 17:39:52 INFO - 407 INFO TEST-PASS | devtools/client/debugger/test/mochitest/browser_dbg_sources-webext-contentscript.js | The correct caret position has been set. - 17:39:52 INFO - 408 INFO Debugger event 'Debugger:EditorSourceShown' fired: 1 time(s). 17:39:52 INFO - 409 INFO TEST-PASS | devtools/client/debugger/test/mochitest/browser_dbg_sources-webext-contentscript.js | Enough 'Debugger:EditorSourceShown' panel events have been fired. - 17:39:52 INFO - 410 INFO The correct source has been loaded. 17:39:52 INFO - 411 INFO Waiting for debugger event: 'Debugger:EditorSourceShown' to fire: 1 time(s). 17:39:52 INFO - 412 INFO Waiting for editor event: 'cursorActivity' to fire: 1 time(s). 17:39:52 INFO - 413 INFO Editor event 'cursorActivity' fired: 1 time(s). 17:39:52 INFO - 414 INFO TEST-PASS | devtools/client/debugger/test/mochitest/browser_dbg_sources-webext-contentscript.js | Enough 'cursorActivity' editor events have been fired. - 17:39:52 INFO - 415 INFO Caret updated: 1, 1 17:39:52 INFO - 416 INFO Current editor caret position: 1, 1 17:39:52 INFO - 417 INFO TEST-PASS | devtools/client/debugger/test/mochitest/browser_dbg_sources-webext-contentscript.js | The correct caret position has been set. - 17:39:52 INFO - 418 INFO Debugger event 'Debugger:EditorSourceShown' fired: 1 time(s). 17:39:52 INFO - 419 INFO TEST-PASS | devtools/client/debugger/test/mochitest/browser_dbg_sources-webext-contentscript.js | Enough 'Debugger:EditorSourceShown' panel events have been fired. - 17:39:52 INFO - 420 INFO Source shown: moz-extension://2dc2b347-0221-4575-9def-aa4bff7a3b1f/webext-content-script.js 17:39:52 INFO - 421 INFO TEST-PASS | devtools/client/debugger/test/mochitest/browser_dbg_sources-webext-contentscript.js | The correct source has been shown. - 17:39:52 INFO - 422 INFO TEST-UNEXPECTED-FAIL | devtools/client/debugger/test/mochitest/browser_dbg_sources-webext-contentscript.js | Should have 1 source - Got 2, expected 1 17:39:52 INFO - Stack trace: 17:39:52 INFO - chrome://mochikit/content/browser-test.js:test_is:967 17:39:52 INFO - chrome://mochitests/content/browser/devtools/client/debugger/test/mochitest/browser_dbg_sources-webext-contentscript.js:test/<:45 17:39:52 INFO - resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/shared/task.js:TaskImpl.prototype._run:311 17:39:52 INFO - resource://gre/modules/Promise.jsm -> resource://gre/modules/Promise-backend.js:Handler.prototype.process:937 17:39:52 INFO - resource://gre/modules/Promise.jsm -> resource://gre/modules/Promise-backend.js:this.PromiseWalker.walkerLoop:816
Flags: needinfo?(kmaglione+bmo)
https://hg.mozilla.org/integration/fx-team/rev/3e3b1eb03a908d02dac0bcb25c93eb8b734b5124 Bug 1284020: Treat window.fetch/window.XMLHttpRequest the same as the global variants in content scripts. r=aswan
Flags: needinfo?(kmaglione+bmo)
https://hg.mozilla.org/mozilla-central/rev/3e3b1eb03a90
Status: ASSIGNED → RESOLVED
Closed: 8 years ago
status-firefox50: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla50
Product: Toolkit → WebExtensions
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: