Closed
Bug 1403998
Opened 7 years ago
Closed 7 years ago
view-source gets wrong result principal URI on redirects
Categories
(Core :: Networking, defect)
Tracking
()
RESOLVED
FIXED
mozilla58
People
(Reporter: bzbarsky, Assigned: mayhemer)
References
Details
Attachments
(1 file, 1 obsolete file)
6.50 KB,
patch
|
mayhemer
:
review+
ritu
:
approval-mozilla-beta+
|
Details | Diff | Splinter Review |
[Tracking Requested - why for this release]: can lead to people accidentally loading dangerous code (e.g. it just happened to me on a crash testcase in bugzilla). Probability is low, though. STEPS TO REPRODUCE: 1) Open a new tab. 2) Paste view-source:https://bugzilla.mozilla.org/attachment.cgi?id=8444969 in the URL bar. 3) Hit enter. 4) Close tab. 5) Undo close tab. EXPECTED RESULTS: * After step 3, URL in URL bar is view-source:https://bug1027978.bmoattachments.org/attachment.cgi?id=8444969 * After step 5, URL in URL bar is same as after step 3 and source is shown. ACTUAL RESULTS: * After step 3, URL in URL bar is "https://bug1027978.bmoattachments.org/attachment.cgi?id=8444969" * After step 5, the web page is rendered instead of the source being shown. I expect this is fallout from bug 1319111. Honza, can you take a look, please?
Flags: needinfo?(honzab.moz)
Assignee | ||
Comment 1•7 years ago
|
||
This is bizarre! Just today after a very long time I remembered the bug 1319111 and that it's been sticking with no problems! :)) Will look at this.
Assignee: nobody → honzab.moz
Assignee | ||
Comment 2•7 years ago
|
||
This IMO used to work (before 1319111) a bit "by accident". Before 1319111: If there was no redirect of the http channel, there was no LOAD_REPLACE flag set and we used originalURI of the view source channel as the result principal URI (final channel URI), which was (and still is) the view-source:http:// url. When there was a redirect, GetLoadFlags of the view source channel, forwarded to the target http channel (updated in v-s channel's OnStartRequest), returned LOAD_REPLACE. That led to using GetURI on the v-s channel which rebuilds the view-source URI from the http channel's *URI*. After 1319111: If there is no redirect of the http channel, there also is no rpURI on the load info set (http doesn't set it for non-redirected channels). Hence, we use v-s channel's originalURI as result URI. If there is a redirect, the loadinfo of the redirected channel is set to the original URL of the redirected channel. v-s channel's GetLoadInfo simply redirects to the http channel, now being the redirected one. Hence, what we have to do is to update the rpURI (break some rules, actually*) on the redirected channel's load info (or clone its loadinfo to the v-s channel) to be view-source:http:// again. I believe we can do this in nsViewSourceChannel::OnStartRequest, since all the redirect veto logic will see the original http channel and the target http channel. Updating the loadinfo in AsyncOnChannelRedirect would break it. So, I'm personally for cloning the load info into the v-s channel and modify it accordingly. I think we may need to do it even when the redirect is not happening to be consistent in case when the handler sets rpURI even for the very first channel (some different schema, maybe).
Status: NEW → ASSIGNED
Flags: needinfo?(honzab.moz)
Reporter | ||
Comment 3•7 years ago
|
||
That sounds plausible, yes. Thank you for looking into this!
Assignee | ||
Comment 4•7 years ago
|
||
- the patch finally does NOT clone the loadinfo - we replace the underlying channel's loadinfo with the one given to NS_NewChannel*, so we can modify that directly in the view-source protocol handler during v-s channel creation - the redirected channel uses clone of that loadinfo, hence an update from inside v-s channel's OnStartRequest is IMO OK to do (it's a clone of "our" loadinfo) - code comments should explain the rest https://treeherder.mozilla.org/#/jobs?repo=try&revision=548216ff5be05247fd4f900d7f9b07df093f4344
Attachment #8913771 -
Flags: review?(bzbarsky)
Comment 5•7 years ago
|
||
Tracking for 56, sounds worrisome but maybe a bit complicated to test and fix on the release channel. We can try landing this, verifying the fix, and hopefully, uplift at least as far as 57.
Reporter | ||
Comment 6•7 years ago
|
||
Comment on attachment 8913771 [details] [diff] [review] v1 >+ /* XXX Gross hack -- NS_NewURI goes into an infinite loop on >+ non-flat specs. See bug 136980 */ That bug is long-since fixed. Maybe a followup to remove this comment and the hack? >+++ b/netwerk/protocol/viewsource/nsViewSourceHandler.cpp Why are the changes here needed? That is, why is the OnStartRequest change enough? r=me with that last bit explained or removed.
Attachment #8913771 -
Flags: review?(bzbarsky) → review+
Assignee | ||
Comment 7•7 years ago
|
||
(In reply to Boris Zbarsky [:bz] (still digging out from vacation mail) from comment #6) > Comment on attachment 8913771 [details] [diff] [review] > v1 > > >+ /* XXX Gross hack -- NS_NewURI goes into an infinite loop on > >+ non-flat specs. See bug 136980 */ > > That bug is long-since fixed. Maybe a followup to remove this comment and > the hack? bug 1405022 > > >+++ b/netwerk/protocol/viewsource/nsViewSourceHandler.cpp > > Why are the changes here needed? That is, why is the OnStartRequest change > enough? Hmm... you are right. We actually replace the loadinfo, so anything that the underlying protocol may have set will be erased. No need to update (ensure) to view-source URI then. Will remove. > > r=me with that last bit explained or removed.
Assignee | ||
Comment 8•7 years ago
|
||
Update according comment 6. I don't believe we need another try push.
Attachment #8913771 -
Attachment is obsolete: true
Attachment #8914396 -
Flags: review+
Assignee | ||
Updated•7 years ago
|
Keywords: checkin-needed
Pushed by ryanvm@gmail.com: https://hg.mozilla.org/integration/autoland/rev/f693bf1345f9 Make view-source channels return correct resultPrincipalURI via LoadInfo after redirect. r=bz
Keywords: checkin-needed
Comment 10•7 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/f693bf1345f9
Status: ASSIGNED → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla58
Comment 11•7 years ago
|
||
Please request Beta approval on this when you get a chance.
Flags: needinfo?(honzab.moz)
Assignee | ||
Comment 12•7 years ago
|
||
Comment on attachment 8914396 [details] [diff] [review] v1.1 Approval Request Comment [Feature/Bug causing the regression]: bug 1319111 [User impact if declined]: when view-source inner URI redirects: partially broken view-source functionality (on tab restore), potential security considerations since the URL we do security checks against has different (probably higher) privileges than the inner (http) url [Is this code covered by automated tests?]: no [Has the fix been verified in Nightly?]: yes, manually by me [Needs manual test from QE? If yes, steps to reproduce]: probably, but not necessarily, just in case - comment 0 has a very good steps to reproduce [List of other uplifts needed for the feature/fix]: none [Is the change risky?]: I tend to say no [Why is the change risky/not risky?]: we reuse the same functionality that has been in the code for nsViewSourceChannel::GetURI for updating the result principal URI ; the change is well understood and straightforward [String changes made/needed]: none
Flags: needinfo?(honzab.moz)
Attachment #8914396 -
Flags: approval-mozilla-beta?
Comment on attachment 8914396 [details] [diff] [review] v1.1 Recent regression, Beta57+
Attachment #8914396 -
Flags: approval-mozilla-beta? → approval-mozilla-beta+
Comment 14•7 years ago
|
||
bugherder uplift |
https://hg.mozilla.org/releases/mozilla-beta/rev/f22fa49006ca
Comment 15•7 years ago
|
||
Too late for 56.
Updated•7 years ago
|
QA Whiteboard: [good first verify]
Comment 16•7 years ago
|
||
I have reproduced this bug with Nightly 58.0a1 (2017-09-28) on WIndows 8.1, 64 Bit! This Bug's fix is verified with latest Beta and latest Nightly! Build ID : 20171016185129 User Agent : Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0 Build ID : 20171023220222 User Agent : Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:58.0) Gecko/20100101 Firefox/58.0
QA Whiteboard: [good first verify] → [good first verify] [bugday-20171018]
Comment 17•6 years ago
|
||
I have reproduced this bug with Nightly 59.0a1 (2017-12-26) Windows 7(32-bit) This Bug's fix is verified with latest Nightly! Build ID : 20171226100306 User Agent : Mozilla/5.0 (Windows NT 6.1; rv:59.0) Gecko/20100101 Firefox/59.0
Updated•6 years ago
|
status-firefox59:
--- → fixed
Updated•6 years ago
|
You need to log in
before you can comment on or make changes to this bug.
Description
•