"Edit and Resend" fails when the original response was JSON

NEW
Unassigned

Status

defect
P2
normal
Last year
9 months ago

People

(Reporter: isaacschemm, Unassigned)

Tracking

({regression})

61 Branch
Dependency tree / graph

Firefox Tracking Flags

(firefox-esr52 unaffected, firefox-esr60 unaffected, firefox60 unaffected, firefox61 wontfix, firefox62 fix-optional)

Details

Reporter

Description

Last year
User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:61.0) Gecko/20100101 Firefox/61.0
Build ID: 20180604143143

Steps to reproduce:

1. Use Firefox 61.0b11
2. Open the Network pane of Developer Tools
3. Visit http://json-schema.org/example/geo.json
4. Right-click the request and choose Edit and Resend
5. Click Send


Actual results:

An error in the Browser Console:

TypeError: response.eventActor is undefined: sendCustomRequest/</<@resource://devtools/shared/base-loader.js -> resource://devtools/client/netmonitor/src/actions/requests.js:73:9
safeOnResponse@resource://devtools/shared/base-loader.js -> resource://devtools/shared/client/debugger-client.js:611:14
listenerJson@resource://devtools/shared/base-loader.js -> resource://devtools/shared/client/debugger-client.js:632:25
emit@resource://devtools/shared/base-loader.js -> resource://devtools/shared/event-emitter.js:178:37
emit@resource://devtools/shared/base-loader.js -> resource://devtools/shared/event-emitter.js:255:29
emitReply@resource://devtools/shared/base-loader.js -> resource://devtools/shared/client/debugger-client.js:915:29
callFunctionWithAsyncStack@resource://devtools/shared/base-loader.js -> resource://devtools/shared/platform/stack.js:61:10
onPacket@resource://devtools/shared/base-loader.js -> resource://devtools/shared/client/debugger-client.js:917:9
send/<@resource://devtools/shared/base-loader.js -> resource://devtools/shared/transport/transport.js:553:13
exports.makeInfallible/<@resource://devtools/shared/base-loader.js -> resource://devtools/shared/ThreadSafeDevToolsUtils.js:109:14
exports.makeInfallible/<@resource://devtools/shared/base-loader.js -> resource://devtools/shared/ThreadSafeDevToolsUtils.js:109:14


Expected results:

The request should have been resent.

Comment 1

Last year
Hi Isaac,

Thank you for reporting this issue!

I managed to reproduce it on the last Nightly so I made a mozregression. The pushlog URL is: https://hg.mozilla.org/integration/mozilla-inbound/pushloghtml?fromchange=a760e111f2f157fbb18e66117f026ca298d4343e&tochange=38f15c3991f94aa9b3cd37a7e50654f5c2dd0185
The issue started to reproduce between build 2018-03-20 and 2018-03-21 of Nightly 61.

Marking the issue as New, on Request Handling component.
Status: UNCONFIRMED → NEW
Component: Untriaged → WebExtensions: Request Handling
Ever confirmed: true
Product: Firefox → Toolkit
Component: WebExtensions: Request Handling → Developer Tools: Netmonitor
Product: Toolkit → Firefox

Updated

Last year
Product: Firefox → DevTools
Comment hidden (obsolete)
(In reply to Ryan VanderMeulen [:RyanVM] from comment #2)
> Regressed by bug 1447012 maybe?

Nevermind, that was a test-only change. Bug 1420291 looks more likely.
Blocks: 1420291
Flags: needinfo?(oriol-bugzilla) → needinfo?(glowka.tom)

Comment 4

Last year
Hey Ryan,

I wanted to give this STR a try by comparing the behavior on newest versions and the changes I submitted, but I have some problems with reproducing it on newest. 

When following the STR, after clicking send, I get "Content Security Policy: The page’s settings blocked the loading of a resource at http://json-schema.org/example/geo.json (“default-src”).", I wasn't able to locate the source of the policy, so I guess it's side effect of the enhanced view of JSON supplied by firefox. Nevertheless, either I should somehow silence the CSP or I am getting to point after the expected error.

I also managed to work around it by visiting view-source:http://json-schema.org/example/geo.json, then CSP is not violated but I am not sure if does not break the STR.

Tried on 61.0b5 and 62.0a1 (11-06-2018), Linux x86_64.

Can you help me reproduce it or maybe have some other thoughts on that?
Flags: needinfo?(glowka.tom) → needinfo?(ryanvm)
Sounds like a question better asked to the reporter or QA person who bisected the failure.
Flags: needinfo?(isaacschemm)
Flags: needinfo?(david.olah)
Flags: needinfo?(ryanvm)
Reporter

Comment 6

Last year
I am also getting a Content Security Policy error on the newest version (Firefox Developer Edition), in addition to the Browser Console error shown in the STR.

I'm not sure whether the Content Security Policy error didn't show up on the version I was using when I submitted this report, or whether I just failed to notice it.

Using view-source: does work as a workaround, but because JSON from a server is not typically pretty-printed, it's not very useful.
Flags: needinfo?(isaacschemm)
I believe that the culprit is this change:
https://hg.mozilla.org/integration/mozilla-inbound/rev/38f15c3991f9

And yes it's related to CSP.

@Gijs: here is how a HTTP request is being resend:
https://searchfox.org/mozilla-central/rev/d0a41d2e7770fc00df7844d5f840067cc35ba26f/devtools/server/actors/webconsole.js#1694

Do you see any connection to the aforementioned commit that would break the 'Edit and Resend' feature?

Honza
Flags: needinfo?(gijskruitbosch+bugs)

Comment 8

Last year
(In reply to Jan Honza Odvarko [:Honza] from comment #7)
> I believe that the culprit is this change:
> https://hg.mozilla.org/integration/mozilla-inbound/rev/38f15c3991f9
> 
> And yes it's related to CSP.
> 
> @Gijs: here is how a HTTP request is being resend:
> https://searchfox.org/mozilla-central/rev/
> d0a41d2e7770fc00df7844d5f840067cc35ba26f/devtools/server/actors/webconsole.
> js#1694
> 
> Do you see any connection to the aforementioned commit that would break the
> 'Edit and Resend' feature?
> 
> Honza

Sure, the document gets a CSP in that commit, and you're creating the request in the context of the document (passing `loadingNode: doc` to the channel creation code), and so the document's CSP applies to the request, which causes it to fail because the CSP has `default-src: none` because we don't expect the JSON viewer itself to ever load anything.

It may be possible to modify the code in the commit you referenced to add `self` to the <something>-src that applies to this request (I'm not sure, maybe connect-src? You'd have to experiment and/or debug Firefox by setting a breakpoint on the CSP reporting code to find out what it goes through) to "fix" this particular issue. Though you'd want to check if that would still work if you modified the path or query components of the request.

Alternatively, it may be possible to create a duplicate principal for the original origin of the page with its origin attributes, and use that as the `loadingPrincipal` instead of using a loadingNode - but I don't know if that has other security implications, you'd want to check that carefully. You're essentially hole-punching through some of our security restrictions so making that hole as small as possible is obviously a good goal to keep in mind. :-)

As yet another alternative, we could try to get the triggering or loading principal of the original channel for the document that's loaded and reuse that principal instead (perhaps only if we're resending the *document* request rather than a subresource request like a script/xhr/img/whatever). But again, I don't know why the edit+resend feature is written the way it is and what would be the risks of making such a change.
Flags: needinfo?(gijskruitbosch+bugs)

Comment 9

Last year
This is the response that I get in Browser console on Nightly 63.0a1 (2018-07-01), Win 10:

TypeError: response.eventActor is undefined: sendCustomRequest/</<@resource://devtools/shared/base-loader.js -> resource://devtools/client/netmonitor/src/actions/requests.js:73:9
safeOnResponse@resource://devtools/shared/base-loader.js -> resource://devtools/shared/client/debugger-client.js:537:14
listenerJson@resource://devtools/shared/base-loader.js -> resource://devtools/shared/client/debugger-client.js:558:25
emit@resource://devtools/shared/base-loader.js -> resource://devtools/shared/event-emitter.js:178:37
emit@resource://devtools/shared/base-loader.js -> resource://devtools/shared/event-emitter.js:255:29
emitReply@resource://devtools/shared/base-loader.js -> resource://devtools/shared/client/debugger-client.js:841:31
DevTools RDP*request@resource://devtools/shared/base-loader.js -> resource://devtools/shared/client/debugger-client.js:550:21
sendHTTPRequest@resource://devtools/shared/base-loader.js -> resource://devtools/shared/webconsole/client.js:640:12
sendHTTPRequest@resource://devtools/shared/base-loader.js -> resource://devtools/client/netmonitor/src/connector/firefox-connector.js:281:5
sendHTTPRequest@resource://devtools/shared/base-loader.js -> resource://devtools/client/netmonitor/src/connector/index.js:96:43
sendCustomRequest/<@resource://devtools/shared/base-loader.js -> resource://devtools/client/netmonitor/src/actions/requests.js:70:5
thunk/</<@resource://devtools/shared/base-loader.js -> resource://devtools/client/netmonitor/src/middleware/thunk.js:15:9
sendCustomRequest@resource://devtools/shared/base-loader.js -> resource://devtools/client/netmonitor/src/components/CustomRequestPanel.js:287:30
invokeGuardedCallback@resource://devtools/shared/base-loader.js -> resource://devtools/client/shared/vendor/react-dom.js:497:5
invokeGuardedCallback@resource://devtools/shared/base-loader.js -> resource://devtools/client/shared/vendor/react-dom.js:444:5
invokeGuardedCallbackAndCatchFirstError@resource://devtools/shared/base-loader.js -> resource://devtools/client/shared/vendor/react-dom.js:458:5
executeDispatch@resource://devtools/shared/base-loader.js -> resource://devtools/client/shared/vendor/react-dom.js:753:3
executeDispatchesInOrder@resource://devtools/shared/base-loader.js -> resource://devtools/client/shared/vendor/react-dom.js:772:5
executeDispatchesAndRelease@resource://devtools/shared/base-loader.js -> resource://devtools/client/shared/vendor/react-dom.js:870:5
executeDispatchesAndReleaseTopLevel@resource://devtools/shared/base-loader.js -> resource://devtools/client/shared/vendor/react-dom.js:881:10
forEachAccumulated@resource://devtools/shared/base-loader.js -> resource://devtools/client/shared/vendor/react-dom.js:849:5
processEventQueue@resource://devtools/shared/base-loader.js -> resource://devtools/client/shared/vendor/react-dom.js:1026:5
runEventQueueInBatch@resource://devtools/shared/base-loader.js -> resource://devtools/client/shared/vendor/react-dom.js:3539:3
handleTopLevel@resource://devtools/shared/base-loader.js -> resource://devtools/client/shared/vendor/react-dom.js:3548:3
handleTopLevelImpl@resource://devtools/shared/base-loader.js -> resource://devtools/client/shared/vendor/react-dom.js:3279:5
batchedUpdates@resource://devtools/shared/base-loader.js -> resource://devtools/client/shared/vendor/react-dom.js:10533:14
batchedUpdates@resource://devtools/shared/base-loader.js -> resource://devtools/client/shared/vendor/react-dom.js:2203:12
dispatchEvent@resource://devtools/shared/base-loader.js -> resource://devtools/client/shared/vendor/react-dom.js:3353:5
EventListener.handleEvent*listen@resource://devtools/shared/base-loader.js -> resource://devtools/client/shared/vendor/react-dom.js:3163:7
trapBubbledEvent@resource://devtools/shared/base-loader.js -> resource://devtools/client/shared/vendor/react-dom.js:3313:10
listenTo@resource://devtools/shared/base-loader.js -> resource://devtools/client/shared/vendor/react-dom.js:3676:9
ensureListeningTo@resource://devtools/shared/base-loader.js -> resource://devtools/client/shared/vendor/react-dom.js:11899:3
setInitialDOMProperties@resource://devtools/shared/base-loader.js -> resource://devtools/client/shared/vendor/react-dom.js:11980:9
setInitialProperties$1@resource://devtools/shared/base-loader.js -> resource://devtools/client/shared/vendor/react-dom.js:12130:3
finalizeInitialChildren@resource://devtools/shared/base-loader.js -> resource://devtools/client/shared/vendor/react-dom.js:12637:5
completeWork@resource://devtools/shared/base-loader.js -> resource://devtools/client/shared/vendor/react-dom.js:8306:19
completeUnitOfWork@resource://devtools/shared/base-loader.js -> resource://devtools/client/shared/vendor/react-dom.js:9631:18
performUnitOfWork@resource://devtools/shared/base-loader.js -> resource://devtools/client/shared/vendor/react-dom.js:9709:14
workLoop@resource://devtools/shared/base-loader.js -> resource://devtools/client/shared/vendor/react-dom.js:9753:26
renderRoot@resource://devtools/shared/base-loader.js -> resource://devtools/client/shared/vendor/react-dom.js:9832:9
performWorkOnRoot@resource://devtools/shared/base-loader.js -> resource://devtools/client/shared/vendor/react-dom.js:10465:24
performWork@resource://devtools/shared/base-loader.js -> resource://devtools/client/shared/vendor/react-dom.js:10418:7
requestWork@resource://devtools/shared/base-loader.js -> resource://devtools/client/shared/vendor/react-dom.js:10329:7
scheduleWorkImpl@resource://devtools/shared/base-loader.js -> resource://devtools/client/shared/vendor/react-dom.js:10188:11
scheduleWork@resource://devtools/shared/base-loader.js -> resource://devtools/client/shared/vendor/react-dom.js:10152:12
scheduleTopLevelUpdate@resource://devtools/shared/base-loader.js -> resource://devtools/client/shared/vendor/react-dom.js:10629:5
updateContainer@resource://devtools/shared/base-loader.js -> resource://devtools/client/shared/vendor/react-dom.js:10655:7
renderSubtreeIntoContainer/<@resource://devtools/shared/base-loader.js -> resource://devtools/client/shared/vendor/react-dom.js:12805:7
unbatchedUpdates@resource://devtools/shared/base-loader.js -> resource://devtools/client/shared/vendor/react-dom.js:10553:12
renderSubtreeIntoContainer@resource://devtools/shared/base-loader.js -> resource://devtools/client/shared/vendor/react-dom.js:12804:5
render@resource://devtools/shared/base-loader.js -> resource://devtools/client/shared/vendor/react-dom.js:12861:12
bootstrap@resource://devtools/shared/base-loader.js -> resource://devtools/client/netmonitor/src/app.js:64:5
async*open@resource://devtools/shared/base-loader.js -> resource://devtools/client/netmonitor/panel.js:24:11
async*onLoad@resource://devtools/shared/base-loader.js -> resource://devtools/client/framework/toolbox.js:1704:19
event-emitter.js:183:13
Use of nsIFile in content process is deprecated. NetUtil.jsm:266:12
[Show/hide message details.] error occurred while processing 'sendHTTPRequest: [Exception... "Failed to open input source 'http://json-schema.org/example/geo.json'"  nsresult: "0x805e0006 (<unknown>)"  location: "JS frame :: resource://devtools/shared/base-loader.js -> resource://devtools/server/actors/webconsole.js :: sendHTTPRequest :: line 1729"  data: yes]
Stack: sendHTTPRequest@resource://devtools/shared/base-loader.js -> resource://devtools/server/actors/webconsole.js:1729:5
onPacket@resource://devtools/shared/base-loader.js -> resource://devtools/server/main.js:1783:15
receiveMessage@resource://devtools/shared/base-loader.js -> resource://devtools/shared/transport/transport.js:735:7
MessageListener.receiveMessage*_addListener@resource://devtools/shared/base-loader.js -> resource://devtools/shared/transport/transport.js:709:7
ready@resource://devtools/shared/base-loader.js -> resource://devtools/shared/transport/transport.js:726:7
_onConnection@resource://devtools/shared/base-loader.js -> resource://devtools main.js:1638
Content Security Policy: The page’s settings blocked the loading of a resource at http://json-schema.org/example/geo.json (“default-src”).
[Show/hide message details.] TelemetryStopwatch: key "TELEMETRY_PENDING_LOAD_MS" was already initialized TelemetryStopwatch.jsm:352
[Show/hide message details.] TelemetryStopwatch: requesting elapsed time for nonexisting stopwatch. Histogram: "TELEMETRY_PENDING_LOAD_MS", key: "null" TelemetryStopwatch.jsm:373
[Show/hide message details.] TelemetryStopwatch: requesting elapsed time for nonexisting stopwatch. Histogram: "TELEMETRY_PENDING_LOAD_MS", key: "null" TelemetryStopwatch.jsm:373
[Show/hide message details.] TelemetryStopwatch: requesting elapsed time for nonexisting stopwatch. Histogram: "TELEMETRY_PENDING_LOAD_MS", key: "null" TelemetryStopwatch.jsm:373
1530521014211	Toolkit.Telemetry	WARN	TelemetryStorage::_scanArchive - have seen this id before: 173b1bd4-44ec-4cdf-89c9-cc4163a36e27, overwrite: false
Flags: needinfo?(david.olah)

Updated

9 months ago
Duplicate of this bug: 1498785
You need to log in before you can comment on or make changes to this bug.