Closed
Bug 1470815
Opened 6 years ago
Closed 6 years ago
Security side panel is not visible for HTTP requests in the Console panel
Categories
(DevTools :: Console, defect, P2)
DevTools
Console
Tracking
(firefox63 fixed)
RESOLVED
FIXED
Firefox 63
Tracking | Status | |
---|---|---|
firefox63 | --- | fixed |
People
(Reporter: Honza, Assigned: Honza, Mentored)
Details
(Keywords: good-first-bug, Whiteboard: good-first-bug)
Attachments
(2 obsolete files)
The Network panel implements Security side panel displayed for HTTPS requests. However, this panel is not available in the Console panel when such HTTP request is expanded. STR: 0) Make sure to enable 'Requests' filter in the Console panel 1) Select the Network panel 2) Load google.com (or any website with HTTPS request) 3) Select the first document request and see that the Security side-panel is available 4) Select the Console panel and expand the same request. The Security tab is not available -> BUG I am using "Netmonitor" component, but "Console" component might also apply here. Honza
Assignee | ||
Comment 1•6 years ago
|
||
Some info for anyone interested in this bug: 1) The visibility of the panel is calculated here: https://searchfox.org/mozilla-central/rev/39b790b29543a4718d876d8ca3fd179d82fc24f7/devtools/client/netmonitor/src/components/TabboxPanel.js#124 Note that the `request.securityState` is set to null in case of the Console panel and it's correctly set to `secure` in case of the Network panel. 2) Here is the place where the flag is received from the backend https://searchfox.org/mozilla-central/rev/39b790b29543a4718d876d8ca3fd179d82fc24f7/devtools/client/netmonitor/src/connector/firefox-data-provider.js#354 FirefoxDataProvider is responsible for fetching all HTTP data from the backend. 3) processNetworkUpdates is helper implementing additional processing. This might also be part of the issue. https://searchfox.org/mozilla-central/rev/39b790b29543a4718d876d8ca3fd179d82fc24f7/devtools/client/netmonitor/src/utils/request-utils.js#465 4) Here is the place where `TabboxPanel` (HTTP detail tabs) is rendered when HTTP request is expanded in the Console panel https://searchfox.org/mozilla-central/rev/39b790b29543a4718d876d8ca3fd179d82fc24f7/devtools/client/webconsole/components/message-types/NetworkEventMessage.js#142 5) Here is the place where NetworkDataProvider starts fetching data from the backend when HTTP request is expanded in the Console panel https://searchfox.org/mozilla-central/rev/39b790b29543a4718d876d8ca3fd179d82fc24f7/devtools/client/webconsole/enhancers/net-provider.js#74 - The `request.securityState` field is apparently lost somewhere on the way in case of the Console panel... Honza
Hi, I am new to open source environment. Can you help me in fixing this bug?
Hi, I'd like to work on this bug but its my first time. Thanks, Cheryl.
Assignee | ||
Comment 4•6 years ago
|
||
(In reply to theBugger from comment #2) > Hi, I am new to open source environment. Can you help me in fixing this bug? Sorry for not replying sooner. Are you still interested in this bug, should I assign it to you? Also, if you use the "Need more information from" field (at the bottom of this page) you'll have good chance to get an answer from requested person much faster. Honza
Assignee | ||
Updated•6 years ago
|
Flags: needinfo?(saurabhgoyaliitr)
Comment 5•6 years ago
|
||
Hi Jan, I would like to solve this bug as my first bug. Would be helpful if you could guide me a little with the setup. [I have understood the problem statement, of Security tab not being visible in the Console Panel for an HTTPS request while it is visible in the Network Panel for the same request.] Thanks Hemakshi
Flags: needinfo?(odvarko)
Assignee | ||
Comment 6•6 years ago
|
||
(In reply to Hemakshi Sachdev from comment #5) > Hi Jan, > I would like to solve this bug as my first bug. Thanks for the interest! I need to ask Cheryl first, but if there is no response within 2 days, ping me (need info me) and I'll assign it to you. (In reply to Joan from comment #3) > I'd like to work on this bug but its my first time. Still interested in this bug? Honza
Flags: needinfo?(odvarko) → needinfo?(joanferns00)
Assignee | ||
Comment 8•6 years ago
|
||
(In reply to Hemakshi Sachdev from comment #7) > Hi Jan, > Any updates on this issue? Thanks for reaching out, assigned to you! Let me know if you have any questions. Honza
Assignee: nobody → sachdev.hemakshi
Status: NEW → ASSIGNED
Flags: needinfo?(odvarko)
Comment 9•6 years ago
|
||
Hi Thanks a lot! Since this is my first time with open source, it would be helpful if you can guide me a little on how to begin with setup and everything.
Flags: needinfo?(odvarko)
Assignee | ||
Comment 10•6 years ago
|
||
(In reply to Hemakshi Sachdev from comment #9) > Hi > Thanks a lot! > Since this is my first time with open source, it would be helpful if you can > guide me a little on how to begin with setup and everything. You might start reading here: https://developer.mozilla.org/en-US/docs/Tools/Contributing (how to start contributing to DevTools) And this page is also useful: https://firefox-dev.tools/ Honza
Flags: needinfo?(odvarko)
Assignee | ||
Comment 11•6 years ago
|
||
I did some more analysis of this issue and here are some results: (continue from #1) > The `request.securityState` field is apparently lost somewhere on the way in case of the Console panel... 1) I think that the `securityState` is lost in `transformNetworkEventPacket` method: https://searchfox.org/mozilla-central/rev/246f2b4fab2c1a6cca99418bc2e4d73d1102cc38/devtools/client/webconsole/utils/messages.js#260-273 We should make sure it's copied too like as follows: ... private: networkEvent.private, securityInfo: networkEvent.securityInfo, securityState: networkEvent.securityState, }); This makes the "Security" tab visible. 2) The second problem is that when the "Security" tab is selected there is no content. The tab only says "An error occurred <Not Available>" This is because the security data was not fetched from the backend. The panel needs to sent "securityInfo" packet. This should happen automatically in SecurityPanel.componentDidMount method using: fetchNetworkUpdatePacket(connector.requestData, request, ["securityInfo"]); Here: https://searchfox.org/mozilla-central/rev/246f2b4fab2c1a6cca99418bc2e4d73d1102cc38/devtools/client/netmonitor/src/components/SecurityPanel.js#81 This method is indeed executed, but there is internal condition that checks whether the data has already been fetched from the backend (to avoid double fetch). It's here: https://searchfox.org/mozilla-central/rev/246f2b4fab2c1a6cca99418bc2e4d73d1102cc38/devtools/client/netmonitor/src/utils/request-utils.js#93 if (request[`${updateType}Available`] && !request[updateType]) { requestData(request.id, updateType); } The problem is that `request[updateType]` is set to "secure" - that's what we did in `transformNetworkEventPacket` method (step #1) This is a collision, we are using the same field for two things: Doing the following hack fixes the problem (just for testing purposes): if (updateType == "securityInfo" && typeof(request.securityInfo) == "string") { request.securityInfo = null; } We need to map `secureInfo` to `secureState` - that's why we have `secureState` in the first place... But doing the following (alternative for #1) doesn't work: ... private: networkEvent.private, securityState: networkEvent.securityInfo, }); It's probably good idea to see why the Network panel works... @Hemakshi: does that help to move forward? Honza
Flags: needinfo?(sachdev.hemakshi)
Comment 12•6 years ago
|
||
(In reply to Jan Honza Odvarko [:Honza] from comment #11) > I did some more analysis of this issue and here are some results: > > (continue from #1) > > > The `request.securityState` field is apparently lost somewhere on the way in case of the Console panel... > > 1) I think that the `securityState` is lost in `transformNetworkEventPacket` > method: > https://searchfox.org/mozilla-central/rev/ > 246f2b4fab2c1a6cca99418bc2e4d73d1102cc38/devtools/client/webconsole/utils/ > messages.js#260-273 > > We should make sure it's copied too like as follows: > ... > private: networkEvent.private, > securityInfo: networkEvent.securityInfo, > securityState: networkEvent.securityState, > }); > > This makes the "Security" tab visible. Yes, I agree with this point. In fact, just by adding `securityInfo: networkEvent.securityInfo`, makes the "Security" tab visible. > @Hemakshi: does that help to move forward? It indeed does! Thanks a lot for this. I had no clue about the collision happening in the `fetchNetworkUpdatePacket` method in the https://searchfox.org/mozilla-central/rev/246f2b4fab2c1a6cca99418bc2e4d73d1102cc38/devtools/client/netmonitor/src/utils/request-utils.js#93 > It's probably good idea to see why the Network panel works... Yup, definitely will have to look at this. Thanks a lot! Hemakshi
Flags: needinfo?(sachdev.hemakshi)
Comment 13•6 years ago
|
||
(In reply to Jan Honza Odvarko [:Honza] from comment #11) > It's probably good idea to see why the Network panel works... For the Network Panel as far as I understand, all the requests are fetched from the back-end via firefox-data-provider and then stored in the redux store of Netmonitor, and from there used and passed on to the NetworkDetailsPanel component which in turn renders the TabboxPanel Component. Also, with Console Panel, when we open a particular request, the `request` field provided to the TabboxPanel contains an extra key of `securityInfo: "secure"`, which is the main cause of collision (Refer comment #11). Whereas this key is not present in the `request` object provided to the Network Panel, and so works for it. @Honza, please do let me know if I am wrong somewhere. Hemakshi
Flags: needinfo?(odvarko)
Comment 14•6 years ago
|
||
Hi, (In reply to Jan Honza Odvarko [:Honza] from comment #11) > It's probably good idea to see why the Network panel works... Update: The Network Panel, never maintains a `securityInfo: "secure"` key in it's state, until and unless the Security Tab is not rendered { which on mounting calls fetchNetworkUpdatePacket(connector.requestData, request, ["securityInfo"]); } The methods onNetworkEvent and onNetworkEventUpdate which are called by Console Panel in here https://searchfox.org/mozilla-central/rev/39b790b29543a4718d876d8ca3fd179d82fc24f7/devtools/client/webconsole/enhancers/net-provider.js#75 Use the Console Panel's state to do the mapping of `securityState` in https://searchfox.org/mozilla-central/rev/39b790b29543a4718d876d8ca3fd179d82fc24f7/devtools/client/netmonitor/src/connector/firefox-data-provider.js#354 So, if `networkInfo.securityInfo` is itself `null`, this sets `securityState` also to `null`, which then makes the value of Console Panel's `securityState` also to `null`. And so, the alternative ... private: networkEvent.private, securityState: networkEvent.securityInfo, }); in https://searchfox.org/mozilla-central/rev/39b790b29543a4718d876d8ca3fd179d82fc24f7/devtools/client/webconsole/utils/messages.js#255 also doesn't seems to work. And using the method ... private: networkEvent.private, securityInfo: networkEvent.securityInfo, securityState: networkEvent.securityState, }); leaves our state having a `securityInfo: "secure"` key, which causes the collision (Refer comment #11). The Network Panel on the other hand does not use it's state data to call onNetworkEvent and onNetworkEventUpdate and so this problem not occurs for it. Right now, I don't how and from where these methods are being called for Network Panel. I hope this helps in understanding the problem. Again, if I am wrong somewhere please let me know Hemakshi
Assignee | ||
Comment 15•6 years ago
|
||
@Hemakshi: I am attaching a patch that should fix the problem. Please try it out on your machine and let me know if it works for you. Honza
Flags: needinfo?(saurabhgoyaliitr)
Flags: needinfo?(odvarko)
Flags: needinfo?(joanferns00)
Assignee | ||
Comment 16•6 years ago
|
||
Also, I am changing the target component. It turned out that this is rather Console not Netmonitor bug. It also needs a test. I think that good inspiration might be existing tests in the Console panel: devtools/client/webconsole/test/mochitest/browser_webconsole_network* (specifically 'browser_webconsole_network_messages_expand.js' might help) Honza
Component: Netmonitor → Console
Assignee | ||
Comment 17•6 years ago
|
||
@hemakshi: I am seeing some test failures when pushing the patch to the Try server: https://treeherder.mozilla.org/#/jobs?repo=try&revision=e1041d82e14d7094b4d36fa87a229f1fd30a435e&selectedJob=194825926 Can you please look at that? Use `mach` to run a test locally, e.g.: `mach test devtools/client/netmonitor/test/browser_net_security-details.js` Honza
Flags: needinfo?(sachdev.hemakshi)
Assignee | ||
Updated•6 years ago
|
Attachment #9002415 -
Attachment is obsolete: true
Assignee | ||
Comment 18•6 years ago
|
||
@Hemakshi: I am attaching yet another patch that seems to fix the problem for me. Here is try push: https://treeherder.mozilla.org/#/jobs?repo=try&revision=97ba1c761c4aaeb155bc83a8ad08eb38eb8fc6e0 Can you please try it on your machine? Honza
Comment 19•6 years ago
|
||
(In reply to Jan Honza Odvarko [:Honza] from comment #18) > Created attachment 9002757 [details] [diff] [review] > security-panel.patch > > @Hemakshi: I am attaching yet another patch that seems to fix the problem > for me. > > Here is try push: > https://treeherder.mozilla.org/#/ > jobs?repo=try&revision=97ba1c761c4aaeb155bc83a8ad08eb38eb8fc6e0 > > Can you please try it on your machine? Hi, yes it seems to work on machine too! Hemakshi
Flags: needinfo?(sachdev.hemakshi)
Assignee | ||
Comment 20•6 years ago
|
||
Assigning this to me, based on offline discussion with hemakshi. @hemakshi: thanks for all the analysis and help! Honza
Assignee: sachdev.hemakshi → odvarko
Comment 21•6 years ago
|
||
Pushed by jodvarko@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/b39ce58378e1 Make sure the Security panel is visible for HTTP requests in the Console panel; r=nchevobbe
Assignee | ||
Updated•6 years ago
|
Attachment #9002757 -
Attachment is obsolete: true
Comment 22•6 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/b39ce58378e1
Status: ASSIGNED → RESOLVED
Closed: 6 years ago
status-firefox63:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → Firefox 63
You need to log in
before you can comment on or make changes to this bug.
Description
•