Closed
Bug 1481947
Opened 6 years ago
Closed 6 years ago
new Worker() fails with network.http.referer.XOriginPolicy=1 on localhost-like domains and IPs
Categories
(Core :: Networking, defect, P2)
Tracking
()
VERIFIED
FIXED
mozilla65
People
(Reporter: bugzilla, Assigned: dragana)
Details
(Whiteboard: [necko-triaged])
Attachments
(1 file)
User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0 Build ID: 20180621121604 Steps to reproduce: about:config network.http.referer.XOriginPolicy;1 go to local website at http://domain/ console > new SharedWorker('a.js') [Exception... "The requested number of domain levels exceeds those present in the host string" nsresult: "0x804b0050 (NS_ERROR_INSUFFICIENT_DOMAIN_LEVELS)" location: "JS frame :: debugger eval code :: <TOP_LEVEL> :: line 1" data: no] go to local website at http://192.168.1.1 console > new SharedWorker('a.js') [Exception... "The host string is an IP address" nsresult: "0x804b0051 (NS_ERROR_HOST_IS_IP_ADDRESS)" location: "JS frame :: debugger eval code :: <TOP_LEVEL> :: line 1" data: no] new Worker() gives same error codes (0x804b0050, 0x804b0051) but with fewer explanation: NetworkError: Failed to load worker script at (nsresult = 0x804b0050) tested on 62.0b9 and 60.1.0esr Actual results: no Workers was created Expected results: Workers were created
Comment 1•6 years ago
|
||
Build ID: 20180813100104 User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:63.0) Gecko/20100101 Firefox/63.0 The exception is only displayed when accessing "http://192.168.1.1" and creating a new SharedWorker, the exception isn't displayed when accessing "http://domain/". I trying to reproduce this issue on the Firefox Nightly 63.0a1, Firefox 62.0b16 and on Firefox 61.0.2 on Windows 10 x64, Ubuntu 17.04 x64 and on Mac OS X 10.12.
Status: UNCONFIRMED → NEW
Component: Untriaged → Networking
Ever confirmed: true
Product: Firefox → Core
Updated•6 years ago
|
Comment 2•6 years ago
|
||
I'm not sure how the referer pref affects workers. Olli, can you take a look? Or point me to the right direction? :)
Flags: needinfo?(bugs)
Comment 3•6 years ago
|
||
I'm not familiar with that pref at all. asuth might know better about worker side.
Flags: needinfo?(bugs) → needinfo?(bugmail)
Comment 4•6 years ago
|
||
It seems likely this is due to: * ScriptLoader invoking HttpBaseChannel::SetReferrerWithPolicy https://searchfox.org/mozilla-central/rev/2466b82b729765fb0a3ab62f812c1a96a7362478/dom/script/ScriptLoader.cpp#1140 * which invokes HttpBaseChannel::SetReferrerWithPolicy https://searchfox.org/mozilla-central/rev/2466b82b729765fb0a3ab62f812c1a96a7362478/netwerk/protocol/http/HttpBaseChannel.cpp#1820 * which invokes nsEffectiveTLDService::GetBaseDomain https://searchfox.org/mozilla-central/rev/2466b82b729765fb0a3ab62f812c1a96a7362478/netwerk/dns/nsEffectiveTLDService.cpp#119 * which invokes nsEffectiveTLDService::GetBaseDomainInternal which can return: * NS_ERROR_INSUFFICIENT_DOMAIN_LEVELS * https://searchfox.org/mozilla-central/rev/2466b82b729765fb0a3ab62f812c1a96a7362478/netwerk/dns/nsEffectiveTLDService.cpp#307 * https://searchfox.org/mozilla-central/rev/2466b82b729765fb0a3ab62f812c1a96a7362478/netwerk/dns/nsEffectiveTLDService.cpp#197 * NS_ERROR_HOST_IS_IP_ADDRESS * https://searchfox.org/mozilla-central/rev/2466b82b729765fb0a3ab62f812c1a96a7362478/netwerk/dns/nsEffectiveTLDService.cpp#213 It seems like other callers like ThirdPartyUtil have special handling for these error codes like at https://searchfox.org/mozilla-central/rev/2466b82b729765fb0a3ab62f812c1a96a7362478/dom/base/ThirdPartyUtil.cpp#295
Flags: needinfo?(bugmail)
Assignee | ||
Updated•6 years ago
|
Assignee: nobody → dd.mozilla
Status: NEW → ASSIGNED
Priority: -- → P2
Whiteboard: [necko-triaged]
Assignee | ||
Comment 5•6 years ago
|
||
Assignee | ||
Updated•6 years ago
|
Keywords: checkin-needed
Pushed by apavel@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/a9127ac945bd When getting eTLD+1 fails, check if uri is an ip literal or localhost. r=asuth
Keywords: checkin-needed
Comment 7•6 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/a9127ac945bd
Status: ASSIGNED → RESOLVED
Closed: 6 years ago
status-firefox65:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla65
Updated•6 years ago
|
Updated•5 years ago
|
Flags: qe-verify+
Comment 8•5 years ago
|
||
I have reproduced this bug using an affected Nightly build from 2018-08-08, and by following the STR from comment 0.
I can confirm that workers are properly created and no exception error is thrown in the console when accessing http://192.168.1.1, or a local .html page via python -m SimpleHTTPServer. Tested on 65.0 RC (20190121133710) under Windows 10 x64, macOS 10.13 and Ubuntu 16.04 x86.
You need to log in
before you can comment on or make changes to this bug.
Description
•