Closed
Bug 1341594
Opened 7 years ago
Closed 7 years ago
WebRequest listeners are not triggered for CSP report requests
Categories
(WebExtensions :: Request Handling, defect)
Tracking
(Not tracked)
RESOLVED
WORKSFORME
People
(Reporter: memmie, Unassigned)
References
()
Details
Attachments
(1 file)
2.29 KB,
application/zip
|
Details |
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101 Firefox/52.0 Build ID: 20170220070057 Steps to reproduce: You want to catch the data of csp_report request using webRequest.onBeforeRequest listener (with extraInfoSpec = ["requestBody"]): 1. download the demo zip and uncompress it 2. use the unpacked addon in Firefox (about:debugging#addons, select `manifest.json`) 3. start addon debugger 3. start a simple HTTP server with: nc -kl 8000 < raw_http_response.txt 4. open a new tab to http://localhost:8000 5. click on `Report CSP violation (unsafe-inline script)` link Actual results: In the addon debugger logs: no options Object {...} blocking Object {...} But no: requestBody Object {...} ---- No event is dispatched to the extraInfoSpec. Any other extraInfoSpec value works: - empty extraInfoSpec - extraInfoSpec = ["blocking"] Expected results: Addon debugger logs: no options Object {...} requestBody Object {...} blocking Object {...} ---- We should catch the event for all extraInfoSpec available for that event
Updated•7 years ago
|
Summary: webRequest.onBeforeRequest don't expose csp_report requests when "requestBody" is specified → WebRequest listeners are not triggered for CSP report requests
Updated•7 years ago
|
Reporter | ||
Comment 1•7 years ago
|
||
In fact CSP report trigger events. But if you add a listener with extraInfoSpec that contains "requestBody", this listener won't be called. That means you can know when a csp_report URI is requested, if you omit the extraInfoSpec "requestBody", but it's impossible to get the report content. See https://developer.mozilla.org/en-US/Add-ons/WebExtensions/API/webRequest/onBeforeRequest#details "requestBody"
Comment 2•7 years ago
|
||
Ah. I see. Actually, this works fine for me with or without requestBody. What Firefox version are you testing with? requestBody is not supported in release branches prior to Firefox 53.
Reporter | ||
Comment 3•7 years ago
|
||
I'm using Firefox 52.0b8. If I use an other keyword in extraInfoSpec (than available in docs), it will raise an error (Some thing like "invalid keyword"). I didn't tried for any other request than CSP report.
Comment 4•7 years ago
|
||
(In reply to Memmie Lenglet from comment #3) > If I use an other keyword in extraInfoSpec (than available in docs), it will > raise an error (Some thing like "invalid keyword"). That's because of bug 1333141, unfortunately.
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → WORKSFORME
Updated•6 years ago
|
Product: Toolkit → WebExtensions
You need to log in
before you can comment on or make changes to this bug.
Description
•