Closed
Bug 1439390
Opened 6 years ago
Closed 5 years ago
"Edit and Resend" DevTools function broken by CSP enforcement
Categories
(DevTools :: Netmonitor, defect, P3)
Tracking
(firefox71 fixed)
RESOLVED
FIXED
Firefox 71
Tracking | Status | |
---|---|---|
firefox71 | --- | fixed |
People
(Reporter: alvise.rabitti, Assigned: ckerschb)
References
(Blocks 2 open bugs)
Details
Attachments
(2 files)
47 bytes,
text/x-phabricator-request
|
Details | Review | |
2.69 KB,
patch
|
Details | Diff | Splinter Review |
User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:59.0) Gecko/20100101 Firefox/59.0 Build ID: 20180126021812 Steps to reproduce: . visit a website enforcing a CSP policy . open DevTools > Network panel . use the "Edit and Resend" functionality to reload a subresource Actual results: Irrespective of the type of the subresource, the resent request will be subject to the default-src directive of the CSP policy. This might unexpectedly prevent the resending. If the resending is prevented, the DevTools break and, if they are closed, it's not possible to access them anymore from the same browser tab. All the "Edit and Resend" which used to work will not work anymore. Visiting another website in the same tab does not fix the problem. please visit the test page available at: http://www.dsi.unive.it/~rabitti/firefox/ for full details Expected results: The resent request should match the most specific CSP directive available for its content type, e.g., script-src (or no CSP enforcement should happen when requests are resent using the DevTools).
Updated•6 years ago
|
Component: Untriaged → Developer Tools
Looks like the resend function currently makes up the loading info: https://searchfox.org/mozilla-central/rev/3abf6fa7e2a6d9a7bfb88796141b0f012e68c2db/devtools/server/actors/webconsole.js#1720-1725 It always sets the document as the loading node and type as `OTHER`. We could either track the correct data and use it when resending so we get the same behavior as the original request, or we could run it as system principal and avoid CSP for resent requests.
Updated•6 years ago
|
Component: Developer Tools → Developer Tools: Netmonitor
Updated•6 years ago
|
Product: Firefox → DevTools
Updated•6 years ago
|
Blocks: netmonitor-edit-and-resend
Comment 2•6 years ago
|
||
Thanks for the report! I am able to reproduce the issue on my machine (win10). Here are detailed STR: 0) Open DevTools toolbox, select the Network panel 1) Load http://www.dsi.unive.it/~rabitti/firefox/ 2) Right click on jquery.min.js and pick "Edit and Resend" 3) The "Edit and Resend" form should open in a sidebar 4) Click the Send button, the request is not resent -> BUG The side bar stays open and there is an exception in the Browser console: sendHTTPRequest: [Exception... "Failed to open input source 'https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js'" nsresult: "0x805e0006 (<unknown>)" location: "JS frame :: resource://devtools/shared/base-loader.js -> resource://devtools/server/actors/webconsole.js :: sendHTTPRequest :: line 1793" data: yes] Stack: sendHTTPRequest@resource://devtools/shared/base-loader.js -> resource://devtools/server/actors/webconsole.js:1793:5 onPacket@resource://devtools/shared/base-loader.js -> resource://devtools/server/main.js:1709:15 receiveMessage@resource://devtools/shared/base-loader.js -> resource://devtools/shared/transport/transport.js:735:7 MessageListener.receiveMessage*_addListener@resource://devtools/shared/base-loader.js -> resource://devtools/shared/transport/transport.js:709:7 ready@resource://devtools/shared/base-loader.js -> resource://devtools/shared/transport/transport.js:726:7 _onConnection@resource://devtools/shared/base-loader. Honza
Status: UNCONFIRMED → NEW
Ever confirmed: true
Priority: -- → P3
Blocks: devtools-csp
Assignee | ||
Updated•5 years ago
|
Assignee: nobody → ckerschb
Status: NEW → ASSIGNED
Assignee | ||
Comment 3•5 years ago
|
||
Comment 4•5 years ago
|
||
An example of how to get data from the content page (within a mochitest)
Honza
Assignee | ||
Updated•5 years ago
|
Keywords: checkin-needed
Comment 5•5 years ago
|
||
Pushed by nbeleuzu@mozilla.com
https://hg.mozilla.org/integration/autoland/rev/fce687c20a84c21be7c1e5214262de4822911c7b
Add test to ensure 'edit and resend' requests are not blocked by the CSP of the page. r=Honza
Keywords: checkin-needed
Comment 6•5 years ago
|
||
bugherder |
Status: ASSIGNED → RESOLVED
Closed: 5 years ago
status-firefox71:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → Firefox 71
You need to log in
before you can comment on or make changes to this bug.
Description
•