Closed
Bug 1333929
Opened 7 years ago
Closed 7 years ago
Reftest analyzer fails to load with new Content Security Policy header
Categories
(Developer Services :: Mercurial: hg.mozilla.org, defect)
Developer Services
Mercurial: hg.mozilla.org
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: neerja, Assigned: gps)
References
Details
Attachments
(1 file)
Treeherder link: https://treeherder.mozilla.org/#/jobs?repo=try&revision=3bdc7fb45628307448cda428bf984105baa60c12&selectedJob=71363018 Output from Chrome's developer console: Failed to load resource: the server responded with a status of 404 (Not Found) Refused to connect to 'https://public-artifacts.taskcluster.net/KQYN-Sa9TBmXR3m8GaXXwg/0/public/logs/live_backing.log' because it violates the following Content Security Policy directive: "connect-src 'self' https://bugzilla.mozilla.org/ https://archive.mozilla.org/ https://queue.taskcluster.net/".
Reporter | ||
Comment 1•7 years ago
|
||
Here is the direct link to reftest analyzer that used to work but is now failing: https://hg.mozilla.org/mozilla-central/raw-file/tip/layout/tools/reftest/reftest-analyzer.xhtml#logurl=https://queue.taskcluster.net/v1/task/KQYN-Sa9TBmXR3m8GaXXwg/runs/0/artifacts/public/logs/live_backing.log&only_show_unexpected=1 Steps to reproduce is just to click this link above. edmorley seem to be referencing the same issue here: https://bugzilla.mozilla.org/show_bug.cgi?id=1319172#c38
Pushed by gszorc@mozilla.com: https://hg.mozilla.org/hgcustom/version-control-tools/rev/47639c94de37 ansible/hg-web: add public-artifacts.taskcluster.net to CSP connect-src
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Assignee | ||
Comment 3•7 years ago
|
||
This will be deployed in ~20 minutes.
Assignee | ||
Comment 4•7 years ago
|
||
This is deployed but the reftest analyzer is still failing. This time it complains about image-src and data:. I could chase this rabbit hole all day. Or I could just wait for bug 1200501, which I'm inclined to do.
Comment 5•7 years ago
|
||
Ah the new errors only appear after clicking the filename on the left. Content Security Policy: The page's settings blocked the loading of a resource at data:image/png;base64,iVBORw0KGgoAAAANSU... ("img-src https://hg.mozilla.org"). Bug 1200501 is not going to be fixed overly soon, since we'll need security review (or adding a CSP header) before adding this to Treeherder, due to the risk of XSS revealing Treeherder credentials (or worse, the taskcluster tokens stored in localstorage).
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Summary: Reftest analyzer fails to load logs due to Content Security Policy directive: "connect-src 'self' → Reftest analyzer fails to load with new Content Security Policy header
Comment hidden (mozreview-request) |
Comment 7•7 years ago
|
||
mozreview-review |
Comment on attachment 8830586 [details] ansible/hg-web: define liberal CSP policy for reftest analyzer (bug 1333929); https://reviewboard.mozilla.org/r/107334/#review108754 I started to suggest using an <if ... && ... > block and then realized you were moving away from that. I feel like there's a better way to do this, but it looks like it will DTRT and I'm happy to let it go for expediency.
Attachment #8830586 -
Flags: review?(klibby) → review+
Assignee | ||
Updated•7 years ago
|
Assignee: nobody → gps
Status: REOPENED → ASSIGNED
Assignee | ||
Comment 8•7 years ago
|
||
mozreview-review-reply |
Comment on attachment 8830586 [details] ansible/hg-web: define liberal CSP policy for reftest analyzer (bug 1333929); https://reviewboard.mozilla.org/r/107334/#review108754 I could have done it with an `<if X && Y>` block where `X` is the user-agent/query string detection and `Y` is the URL. However, the expression would have been long and redundant. I felt this was uglier. I would love to find a cleaner way to write this. But every iteration I tried failed :/
Pushed by gszorc@mozilla.com: https://hg.mozilla.org/hgcustom/version-control-tools/rev/a32e19f15756 ansible/hg-web: define liberal CSP policy for reftest analyzer ; r=fubar
Status: ASSIGNED → RESOLVED
Closed: 7 years ago → 7 years ago
Resolution: --- → FIXED
Assignee | ||
Comment 10•7 years ago
|
||
This is deployed. reftest analyzer appears to be working.
You need to log in
before you can comment on or make changes to this bug.
Description
•