User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:59.0) Gecko/20100101 Firefox/59.0 Build ID: 20180126021812 Steps to reproduce: . visit a website enforcing a CSP policy . open DevTools > Network panel . use the "Edit and Resend" functionality to reload a subresource Actual results: Irrespective of the type of the subresource, the resent request will be subject to the default-src directive of the CSP policy. This might unexpectedly prevent the resending. If the resending is prevented, the DevTools break and, if they are closed, it's not possible to access them anymore from the same browser tab. All the "Edit and Resend" which used to work will not work anymore. Visiting another website in the same tab does not fix the problem. please visit the test page available at: http://www.dsi.unive.it/~rabitti/firefox/ for full details Expected results: The resent request should match the most specific CSP directive available for its content type, e.g., script-src (or no CSP enforcement should happen when requests are resent using the DevTools).
Looks like the resend function currently makes up the loading info: https://searchfox.org/mozilla-central/rev/3abf6fa7e2a6d9a7bfb88796141b0f012e68c2db/devtools/server/actors/webconsole.js#1720-1725 It always sets the document as the loading node and type as `OTHER`. We could either track the correct data and use it when resending so we get the same behavior as the original request, or we could run it as system principal and avoid CSP for resent requests.
Component: Developer Tools → Developer Tools: Netmonitor
Thanks for the report! I am able to reproduce the issue on my machine (win10). Here are detailed STR: 0) Open DevTools toolbox, select the Network panel 1) Load http://www.dsi.unive.it/~rabitti/firefox/ 2) Right click on jquery.min.js and pick "Edit and Resend" 3) The "Edit and Resend" form should open in a sidebar 4) Click the Send button, the request is not resent -> BUG The side bar stays open and there is an exception in the Browser console: sendHTTPRequest: [Exception... "Failed to open input source 'https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js'" nsresult: "0x805e0006 (<unknown>)" location: "JS frame :: resource://devtools/shared/base-loader.js -> resource://devtools/server/actors/webconsole.js :: sendHTTPRequest :: line 1793" data: yes] Stack: sendHTTPRequest@resource://devtools/shared/base-loader.js -> resource://devtools/server/actors/webconsole.js:1793:5 onPacket@resource://devtools/shared/base-loader.js -> resource://devtools/server/main.js:1709:15 receiveMessage@resource://devtools/shared/base-loader.js -> resource://devtools/shared/transport/transport.js:735:7 MessageListener.receiveMessage*_addListener@resource://devtools/shared/base-loader.js -> resource://devtools/shared/transport/transport.js:709:7 ready@resource://devtools/shared/base-loader.js -> resource://devtools/shared/transport/transport.js:726:7 _onConnection@resource://devtools/shared/base-loader. Honza
Status: UNCONFIRMED → NEW
Ever confirmed: true
Priority: -- → P3
You need to log in before you can comment on or make changes to this bug.