Closed Bug 1341594 Opened 8 years ago Closed 8 years ago

WebRequest listeners are not triggered for CSP report requests

Categories

(WebExtensions :: Request Handling, defect)

Product:
WebExtensions
Component:
Request Handling
Version:
52 Branch
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED WORKSFORME

People

(Reporter: memmie, Unassigned)

References

(
URL
)

Details

Attachments

(1 file)

webRequest CSP report test.zip
2.29 KB, application/zip
Details
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101 Firefox/52.0 Build ID: 20170220070057 Steps to reproduce: You want to catch the data of csp_report request using webRequest.onBeforeRequest listener (with extraInfoSpec = ["requestBody"]): 1. download the demo zip and uncompress it 2. use the unpacked addon in Firefox (about:debugging#addons, select `manifest.json`) 3. start addon debugger 3. start a simple HTTP server with: nc -kl 8000 < raw_http_response.txt 4. open a new tab to http://localhost:8000 5. click on `Report CSP violation (unsafe-inline script)` link Actual results: In the addon debugger logs: no options Object {...} blocking Object {...} But no: requestBody Object {...} ---- No event is dispatched to the extraInfoSpec. Any other extraInfoSpec value works: - empty extraInfoSpec - extraInfoSpec = ["blocking"] Expected results: Addon debugger logs: no options Object {...} requestBody Object {...} blocking Object {...} ---- We should catch the event for all extraInfoSpec available for that event
Summary: webRequest.onBeforeRequest don't expose csp_report requests when "requestBody" is specified → WebRequest listeners are not triggered for CSP report requests
URL: https://bugzilla.mozilla.org/show_bug...
Status: UNCONFIRMED → NEW
Ever confirmed: true
In fact CSP report trigger events. But if you add a listener with extraInfoSpec that contains "requestBody", this listener won't be called. That means you can know when a csp_report URI is requested, if you omit the extraInfoSpec "requestBody", but it's impossible to get the report content. See https://developer.mozilla.org/en-US/Add-ons/WebExtensions/API/webRequest/onBeforeRequest#details "requestBody"
Ah. I see. Actually, this works fine for me with or without requestBody. What Firefox version are you testing with? requestBody is not supported in release branches prior to Firefox 53.
I'm using Firefox 52.0b8. If I use an other keyword in extraInfoSpec (than available in docs), it will raise an error (Some thing like "invalid keyword"). I didn't tried for any other request than CSP report.
(In reply to Memmie Lenglet from comment #3) > If I use an other keyword in extraInfoSpec (than available in docs), it will > raise an error (Some thing like "invalid keyword"). That's because of bug 1333141, unfortunately.
URL: https://bugzilla.mozilla.org/show_bug...https://bugzilla.mozilla.org/show_bug...
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → WORKSFORME
Product: Toolkit → WebExtensions
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: