Closed
Bug 1436517
Opened 6 years ago
Closed 6 years ago
Restrict server-timing support to HTTPS
Categories
(Core :: Networking: HTTP, defect, P1)
Core
Networking: HTTP
Tracking
()
RESOLVED
FIXED
mozilla60
People
(Reporter: u408661, Assigned: u408661)
References
Details
(Whiteboard: [necko-triaged])
Attachments
(2 files)
59 bytes,
text/x-review-board-request
|
mcmanus
:
review+
lizzard
:
approval-mozilla-beta+
|
Details |
7.49 KB,
patch
|
u408661
:
review+
ritu
:
approval-mozilla-beta+
|
Details | Diff | Splinter Review |
When we added support for server-timing trailers in bug 1413999, there was no limiting of that support to HTTPS. We need to have that limited to HTTPS-only.
status-firefox59:
--- → affected
status-firefox60:
--- → affected
Comment 1•6 years ago
|
||
whole feature really - not just trailers.
Right :)
Summary: Restrict server-timing trailer support to HTTPS → Restrict server-timing support to HTTPS
Comment hidden (mozreview-request) |
Comment 4•6 years ago
|
||
mozreview-review |
Comment on attachment 8949243 [details] Bug 1436517 - Limit access to the server-timing header to HTTPS contexts. https://reviewboard.mozilla.org/r/218610/#review224428
Attachment #8949243 -
Flags: review?(mcmanus) → review+
Pushed by hurley@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/583dac82f2b5 Limit access to the server-timing header to HTTPS contexts. r=mcmanus
Comment 6•6 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/583dac82f2b5
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla60
Comment on attachment 8949243 [details] Bug 1436517 - Limit access to the server-timing header to HTTPS contexts. Approval Request Comment [Feature/Bug causing the regression]: bug 1413999 [User impact if declined]: Firefox 59 will allow server timing over HTTP, and then when 60 is released, it will be limited to HTTPS-only. Kind of surprising if you're not expecting it. [Is this code covered by automated tests?]: No - we had to whitelist the tests for HTTP contexts until we can get an HTTP/2 implementation locked in (in progress, bug 1429973) [Has the fix been verified in Nightly?]: Sort of - running the tests without the pref whitelist causes them to fail, so that's good :) [Needs manual test from QE? If yes, steps to reproduce]: [List of other uplifts needed for the feature/fix]: None [Is the change risky?]: Not particularly [Why is the change risky/not risky?]: Just a check for an https scheme on the code that makes headers available outside necko. Everything else is as it was. [String changes made/needed]: None
Attachment #8949243 -
Flags: approval-mozilla-beta?
Comment 8•6 years ago
|
||
Comment on attachment 8949243 [details] Bug 1436517 - Limit access to the server-timing header to HTTPS contexts. Sounds like we need this in 59. This should land for beta 10. I'll follow up in the related bug about whitelisted tests.
Attachment #8949243 -
Flags: approval-mozilla-beta? → approval-mozilla-beta+
Comment 9•6 years ago
|
||
bugherder uplift |
https://hg.mozilla.org/releases/mozilla-beta/rev/8507a552a358
Comment 10•6 years ago
|
||
Backed out for failing modified xpcshell test netwerk/test/unit/test_header_Server_Timing.js: https://hg.mozilla.org/releases/mozilla-beta/rev/7590a5f25ea3eab7a8bf1ed118f394f6a01ea335 Push with failures: https://treeherder.mozilla.org/#/jobs?repo=mozilla-beta&revision=30d165841f3da737624edb48dbfe87442c916f96&filter-resultStatus=testfailed&filter-resultStatus=busted&filter-resultStatus=exception&filter-resultStatus=retry&filter-resultStatus=usercancel&filter-resultStatus=runnable Failure log: https://treeherder.mozilla.org/logviewer.html#?job_id=161956218&repo=mozilla-beta [task 2018-02-13T14:50:31.436Z] 14:50:31 INFO - TEST-START | netwerk/test/unit/test_header_Server_Timing.js [task 2018-02-13T14:50:31.744Z] 14:50:31 WARNING - TEST-UNEXPECTED-FAIL | netwerk/test/unit/test_header_Server_Timing.js | xpcshell return code: 0 [task 2018-02-13T14:50:31.745Z] 14:50:31 INFO - TEST-INFO took 307ms [task 2018-02-13T14:50:31.745Z] 14:50:31 INFO - >>>>>>> [task 2018-02-13T14:50:31.745Z] 14:50:31 INFO - PID 12521 | [12521, Main Thread] WARNING: Couldn't get the user appdata directory. Crash events may not be produced.: file /builds/worker/workspace/build/src/toolkit/crashreporter/nsExceptionHandler.cpp, line 2734 [task 2018-02-13T14:50:31.747Z] 14:50:31 INFO - PID 12521 | Couldn't convert chrome URL: chrome://branding/locale/brand.properties [task 2018-02-13T14:50:31.748Z] 14:50:31 INFO - (xpcshell/head.js) | test MAIN run_test pending (1) [task 2018-02-13T14:50:31.750Z] 14:50:31 INFO - ReferenceError: Services is not defined at /builds/worker/workspace/build/tests/xpcshell/tests/netwerk/test/unit/test_header_Server_Timing.js:57 [task 2018-02-13T14:50:31.752Z] 14:50:31 INFO - run_test@/builds/worker/workspace/build/tests/xpcshell/tests/netwerk/test/unit/test_header_Server_Timing.js:57:3 [task 2018-02-13T14:50:31.753Z] 14:50:31 INFO - _execute_test@/builds/worker/workspace/build/tests/xpcshell/head.js:540
Flags: needinfo?(hurley)
Assignee | ||
Comment 11•6 years ago
|
||
Ah, lovely. Guess central has |Services| already available, but beta doesn't. I'll fix up the patch, make sure I'm right by testing locally, and upload a new version for landing on beta.
Flags: needinfo?(hurley)
Assignee | ||
Comment 12•6 years ago
|
||
Approval Request Comment: See previous approval request comment. This version is purely to fix a test issue that is unique to beta (where Services.jsm is not automatically available, as it apparently is on central).
Attachment #8950681 -
Flags: review+
Attachment #8950681 -
Flags: approval-mozilla-beta?
Attachment #8950681 -
Flags: approval-mozilla-beta? → approval-mozilla-beta+
Hi Aryx, this is a follow up beta59 patch that needs to be landed. Thanks!
Flags: needinfo?(aryx.bugmail)
Comment 14•6 years ago
|
||
bugherder uplift |
https://hg.mozilla.org/releases/mozilla-beta/rev/4e1f1641976c
Updated•6 years ago
|
Flags: needinfo?(aryx.bugmail)
You need to log in
before you can comment on or make changes to this bug.
Description
•