WebRequest listeners are not triggered for CSP report requests

RESOLVED WORKSFORME

Status

()

Toolkit
WebExtensions: Request Handling
RESOLVED WORKSFORME
a year ago
a year ago

People

(Reporter: Memmie Lenglet, Unassigned)

Tracking

52 Branch
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(URL)

Attachments

(1 attachment)

(Reporter)

Description

a year ago
Created attachment 8839894 [details]
webRequest CSP report test.zip

User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101 Firefox/52.0
Build ID: 20170220070057

Steps to reproduce:

You want to catch the data of csp_report request using webRequest.onBeforeRequest listener (with extraInfoSpec = ["requestBody"]):

1. download the demo zip and uncompress it
2. use the unpacked addon in Firefox (about:debugging#addons, select `manifest.json`)
3. start addon debugger
3. start a simple HTTP server with: nc -kl 8000 < raw_http_response.txt
4. open a new tab to http://localhost:8000
5. click on `Report CSP violation (unsafe-inline script)` link


Actual results:

In the addon debugger logs:

no options Object {...}
blocking Object {...}

But no:

requestBody Object {...}

----

No event is dispatched to the extraInfoSpec. Any other extraInfoSpec value works:
- empty extraInfoSpec
- extraInfoSpec = ["blocking"]


Expected results:

Addon debugger logs:

no options Object {...}
requestBody Object {...}
blocking Object {...}

----

We should catch the event for all extraInfoSpec available for that event
Summary: webRequest.onBeforeRequest don't expose csp_report requests when "requestBody" is specified → WebRequest listeners are not triggered for CSP report requests
(Reporter)

Comment 1

a year ago
In fact CSP report trigger events. But if you add a listener with extraInfoSpec that contains "requestBody", this listener won't be called.

That means you can know when a csp_report URI is requested, if you omit the extraInfoSpec "requestBody", but it's impossible to get the report content.

See https://developer.mozilla.org/en-US/Add-ons/WebExtensions/API/webRequest/onBeforeRequest#details "requestBody"
Ah. I see. Actually, this works fine for me with or without requestBody. What Firefox version are you testing with? requestBody is not supported in release branches prior to Firefox 53.
(Reporter)

Comment 3

a year ago
I'm using Firefox 52.0b8.

If I use an other keyword in extraInfoSpec (than available in docs), it will raise an error (Some thing like "invalid keyword").

I didn't tried for any other request than CSP report.
(In reply to Memmie Lenglet from comment #3)
> If I use an other keyword in extraInfoSpec (than available in docs), it will
> raise an error (Some thing like "invalid keyword").

That's because of bug 1333141, unfortunately.
Status: NEW → RESOLVED
Last Resolved: a year ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.