Closed Bug 1481947 Opened 6 years ago Closed 6 years ago

new Worker() fails with network.http.referer.XOriginPolicy=1 on localhost-like domains and IPs

Categories

(Core :: Networking, defect, P2)

Product:
Core
Component:
Networking
Version:
60 Branch
Type:
defect

Tracking

()

Status:
VERIFIED FIXED
Milestone:
mozilla65
Tracking Flags:
Tracking Status
firefox61 --- wontfix
firefox62 --- wontfix
firefox63 --- wontfix
firefox64 --- wontfix
firefox65 --- verified

People

(Reporter: bugzilla, Assigned: dragana)

Details

(Whiteboard: [necko-triaged])

Attachments

(1 file)

When getting eTLD+1 fails, check if uri is an ip literal or localhost.
47 bytes, text/x-phabricator-request
Details | Review 
User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0
Build ID: 20180621121604

Steps to reproduce:

about:config network.http.referer.XOriginPolicy;1
go to local website at http://domain/
console > new SharedWorker('a.js')
[Exception... "The requested number of domain levels exceeds those present in the host string"  nsresult: "0x804b0050 (NS_ERROR_INSUFFICIENT_DOMAIN_LEVELS)"  location: "JS frame :: debugger eval code :: <TOP_LEVEL> :: line 1"  data: no]
go to local website at http://192.168.1.1
console > new SharedWorker('a.js')
[Exception... "The host string is an IP address" nsresult: "0x804b0051 (NS_ERROR_HOST_IS_IP_ADDRESS)" location: "JS frame :: debugger eval code :: <TOP_LEVEL> :: line 1" data: no]

new Worker() gives same error codes (0x804b0050, 0x804b0051) but with fewer explanation: NetworkError: Failed to load worker script at (nsresult = 0x804b0050)

tested on 62.0b9 and 60.1.0esr


Actual results:

no Workers was created


Expected results:

Workers were created
Build ID:  20180813100104
User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:63.0) Gecko/20100101 Firefox/63.0

The exception is only displayed when accessing "http://192.168.1.1" and creating a new SharedWorker, the exception isn't displayed when accessing "http://domain/". 
I trying to reproduce this issue on the Firefox Nightly 63.0a1, Firefox 62.0b16 and on Firefox 61.0.2 on Windows 10 x64, Ubuntu 17.04 x64 and on Mac OS X 10.12.
Status: UNCONFIRMED → NEW
Component: Untriaged → Networking
Ever confirmed: true
Product: Firefox → Core
I'm not sure how the referer pref affects workers.
Olli, can you take a look? Or point me to the right direction? :)
Flags: needinfo?(bugs)
I'm not familiar with that pref at all.

asuth might know better about worker side.
Flags: needinfo?(bugs) → needinfo?(bugmail)
Assignee: nobody → dd.mozilla
Status: NEW → ASSIGNED
Priority: -- → P2
Whiteboard: [necko-triaged]
Keywords: checkin-needed
Pushed by apavel@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/a9127ac945bd
When getting eTLD+1 fails, check if uri is an ip literal or localhost. r=asuth
Keywords: checkin-needed
https://hg.mozilla.org/mozilla-central/rev/a9127ac945bd
Status: ASSIGNED → RESOLVED
Closed: 6 years ago
status-firefox65: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla65
Flags: qe-verify+

I have reproduced this bug using an affected Nightly build from 2018-08-08, and by following the STR from comment 0.

I can confirm that workers are properly created and no exception error is thrown in the console when accessing http://192.168.1.1, or a local .html page via python -m SimpleHTTPServer. Tested on 65.0 RC (20190121133710) under Windows 10 x64, macOS 10.13 and Ubuntu 16.04 x86.

Status: RESOLVED → VERIFIED
status-firefox65: fixedverified
Flags: qe-verify+
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: