Closed
Bug 1284020
Opened 8 years ago
Closed 8 years ago
Sending cross-origin request from content script with jQuery's AJAX throws warning about CORS headers, while vanilla XMLHttpRequest works fine
Categories
(WebExtensions :: Untriaged, defect, P2)
Tracking
(firefox50 fixed)
Tracking | Status | |
---|---|---|
firefox50 | --- | fixed |
People
(Reporter: nucleaar, Assigned: kmag)
Details
(Whiteboard: triaged)
Attachments
(2 files)
User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.106 Safari/537.36
Steps to reproduce:
1. Create a cross-origin request from content script with jQuery $.ajax method to a site that I have permissions for in manifest.json
2. Create a cross-origin request from content script with vanilla XMLHttpRequest to the same site
Actual results:
The $.ajax variant fails by throwing a CORS header warning 'CORS header ‘Access-Control-Allow-Origin’ missing'. This variations HTTP request also includes Origin and Referer request headers.
The XMLHttpRequest variation works fine. It does not however send Origin and Referer request headers.
Expected results:
The $.ajax() variation should have succeeded. Not sure what exactly in jQuery triggers this bug.
Version: 50.0a1 (2016-07-02)
Tested on two desktops (Windows 10 and Debian).
Test extension provided in file attachment.
Assignee | ||
Updated•8 years ago
|
Assignee: nobody → kmaglione+bmo
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
Priority: -- → P2
Updated•8 years ago
|
Whiteboard: triaged
Assignee | ||
Updated•8 years ago
|
Iteration: --- → 50.3 - Jul 18
Assignee | ||
Comment 1•8 years ago
|
||
Review commit: https://reviewboard.mozilla.org/r/63796/diff/#index_header
See other reviews: https://reviewboard.mozilla.org/r/63796/
Attachment #8770327 -
Flags: review?(aswan)
Comment 2•8 years ago
|
||
Comment on attachment 8770327 [details]
Bug 1284020: Treat window.fetch/window.XMLHttpRequest the same as the global variants in content scripts.
https://reviewboard.mozilla.org/r/63796/#review60868
Looks good to me, I'm still wrapping my head around the finer points of sandboxes and cross-compartment wrappers but this seems obviously liek the right thing to do.
Attachment #8770327 -
Flags: review?(aswan) → review+
Assignee | ||
Comment 3•8 years ago
|
||
https://hg.mozilla.org/integration/fx-team/rev/56d636b5d961f3accab65064e7f81be1f78ad81e
Bug 1284020: Treat window.fetch/window.XMLHttpRequest the same as the global variants in content scripts. r=aswan
Comment 4•8 years ago
|
||
Backed out for failures in browser_dbg_sources-webext-contentscript.js:
https://hg.mozilla.org/integration/fx-team/rev/7054f1c4d2b11ed3511731565a264e4521cba9b4
Push with failures: https://treeherder.mozilla.org/#/jobs?repo=fx-team&revision=56d636b5d961f3accab65064e7f81be1f78ad81e
Failure log: https://treeherder.mozilla.org/logviewer.html#?job_id=10486558&repo=fx-team
17:39:46 INFO - 368 INFO TEST-START | devtools/client/debugger/test/mochitest/browser_dbg_sources-webext-contentscript.js
17:39:46 INFO - Frame script loaded.
17:39:51 INFO - TEST-INFO | started process screentopng
17:39:52 INFO - TEST-INFO | screentopng: exit 0
17:39:52 INFO - 369 INFO checking window state
17:39:52 INFO - 370 INFO Installing addon: /builds/slave/test/build/tests/mochitest/browser/devtools/client/debugger/test/mochitest/addon-webext-contentscript.xpi
17:39:52 INFO - 371 INFO Initializing a debugger panel.
17:39:52 INFO - 372 INFO Adding tab: about:blank
17:39:52 INFO - 373 INFO Loading frame script with url chrome://mochitests/content/browser/devtools/client/debugger/test/mochitest/code_frame-script.js.
17:39:52 INFO - 374 INFO Tab added and finished loading: about:blank
17:39:52 INFO - 375 INFO Debugee tab added successfully: http://example.com/browser/devtools/client/debugger/test/mochitest/doc_script_webext_contentscript.html
17:39:52 INFO - 400 INFO Debugger panel shown successfully.
17:39:52 INFO - 401 INFO Waiting for editor event: 'cursorActivity' to fire: 1 time(s).
17:39:52 INFO - 402 INFO Waiting for debugger event: 'Debugger:EditorSourceShown' to fire: 1 time(s).
17:39:52 INFO - 403 INFO Editor event 'cursorActivity' fired: 1 time(s).
17:39:52 INFO - 404 INFO TEST-PASS | devtools/client/debugger/test/mochitest/browser_dbg_sources-webext-contentscript.js | Enough 'cursorActivity' editor events have been fired. -
17:39:52 INFO - 405 INFO Caret updated: 1, 1
17:39:52 INFO - 406 INFO Current editor caret position: 1, 1
17:39:52 INFO - 407 INFO TEST-PASS | devtools/client/debugger/test/mochitest/browser_dbg_sources-webext-contentscript.js | The correct caret position has been set. -
17:39:52 INFO - 408 INFO Debugger event 'Debugger:EditorSourceShown' fired: 1 time(s).
17:39:52 INFO - 409 INFO TEST-PASS | devtools/client/debugger/test/mochitest/browser_dbg_sources-webext-contentscript.js | Enough 'Debugger:EditorSourceShown' panel events have been fired. -
17:39:52 INFO - 410 INFO The correct source has been loaded.
17:39:52 INFO - 411 INFO Waiting for debugger event: 'Debugger:EditorSourceShown' to fire: 1 time(s).
17:39:52 INFO - 412 INFO Waiting for editor event: 'cursorActivity' to fire: 1 time(s).
17:39:52 INFO - 413 INFO Editor event 'cursorActivity' fired: 1 time(s).
17:39:52 INFO - 414 INFO TEST-PASS | devtools/client/debugger/test/mochitest/browser_dbg_sources-webext-contentscript.js | Enough 'cursorActivity' editor events have been fired. -
17:39:52 INFO - 415 INFO Caret updated: 1, 1
17:39:52 INFO - 416 INFO Current editor caret position: 1, 1
17:39:52 INFO - 417 INFO TEST-PASS | devtools/client/debugger/test/mochitest/browser_dbg_sources-webext-contentscript.js | The correct caret position has been set. -
17:39:52 INFO - 418 INFO Debugger event 'Debugger:EditorSourceShown' fired: 1 time(s).
17:39:52 INFO - 419 INFO TEST-PASS | devtools/client/debugger/test/mochitest/browser_dbg_sources-webext-contentscript.js | Enough 'Debugger:EditorSourceShown' panel events have been fired. -
17:39:52 INFO - 420 INFO Source shown: moz-extension://2dc2b347-0221-4575-9def-aa4bff7a3b1f/webext-content-script.js
17:39:52 INFO - 421 INFO TEST-PASS | devtools/client/debugger/test/mochitest/browser_dbg_sources-webext-contentscript.js | The correct source has been shown. -
17:39:52 INFO - 422 INFO TEST-UNEXPECTED-FAIL | devtools/client/debugger/test/mochitest/browser_dbg_sources-webext-contentscript.js | Should have 1 source - Got 2, expected 1
17:39:52 INFO - Stack trace:
17:39:52 INFO - chrome://mochikit/content/browser-test.js:test_is:967
17:39:52 INFO - chrome://mochitests/content/browser/devtools/client/debugger/test/mochitest/browser_dbg_sources-webext-contentscript.js:test/<:45
17:39:52 INFO - resource://gre/modules/commonjs/toolkit/loader.js -> resource://devtools/shared/task.js:TaskImpl.prototype._run:311
17:39:52 INFO - resource://gre/modules/Promise.jsm -> resource://gre/modules/Promise-backend.js:Handler.prototype.process:937
17:39:52 INFO - resource://gre/modules/Promise.jsm -> resource://gre/modules/Promise-backend.js:this.PromiseWalker.walkerLoop:816
Flags: needinfo?(kmaglione+bmo)
Assignee | ||
Comment 5•8 years ago
|
||
https://hg.mozilla.org/integration/fx-team/rev/3e3b1eb03a908d02dac0bcb25c93eb8b734b5124
Bug 1284020: Treat window.fetch/window.XMLHttpRequest the same as the global variants in content scripts. r=aswan
Assignee | ||
Updated•8 years ago
|
Flags: needinfo?(kmaglione+bmo)
Comment 6•8 years ago
|
||
bugherder |
Status: ASSIGNED → RESOLVED
Closed: 8 years ago
status-firefox50:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla50
Updated•6 years ago
|
Product: Toolkit → WebExtensions
You need to log in
before you can comment on or make changes to this bug.
Description
•