Closed Bug 1488039 Opened 1 year ago Closed 1 year ago

warning message in Console Web for false positive cors test

Categories

(Core :: Networking: HTTP, defect, P5, minor)

defect

Tracking

()

RESOLVED FIXED
mozilla64
Tracking Status
firefox64 --- fixed

People

(Reporter: gwenael.pellen, Assigned: mayhemer)

Details

(Whiteboard: [necko-triaged])

Attachments

(2 files)

Attached file get-request.har
User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:61.0) Gecko/20100101 Firefox/61.0
Build ID: 20180704192850

Steps to reproduce:

prepare site A (https://siteA.tld) with socket.io server (nodejs)
prepare site B (https://siteB.tld) with socket.io client to connect on site A, simple html page, with polling mode.

Open Firefox on site B. Site B work fine, no problem for use.

BUT polling mode create a GET request on site A, with long timeout (~25s)

If you reload the page (site B)

GET request is canceled, GET request have an empty response.  (get-request.har : extract of har)

CORS test is running on this request and failed.

------
This issue is tested with user on irc.mozilla.org

--------
contact me on irc.mozilla.og (gwenael) for site exemple.


Actual results:

Warning message is present in Console Web.

in french:

"""Blocage d’une requête multiorigines (Cross-Origin Request) : la politique « Same Origin » ne permet pas de consulter la ressource distante située sur https://siteB/... . Raison : échec de la requête CORS."""


Expected results:

No warning message.

CORS test not be run on cancelled request.
the problem seems to be with HTTP long polling as used by socket.io:
If there's a long lived HTTP socket waiting to finish that requires CORS, than a refresh of the page will show a CORS error for that request.

It seems that we shouldn't log to the console on cancelled requests, as we can't actually say whether they would or wouldn't get a CORS header in the response.
Component: Untriaged → Networking: HTTP
Product: Firefox → Core
Version: 61 Branch → unspecified
This is very likely not the right component.
The component (Net::HTTP) is correct.  The error is logged from:
https://searchfox.org/mozilla-central/rev/721842eed881c7fcdccb9ec0fe79e4e6d4e46604/netwerk/protocol/http/nsCORSListenerProxy.cpp#563

the status is NS_BINDING_ABORTED, which is indication of the currently viewed page load cancellation (which we do before reload.)

filtering that error code out is IMO enough to get rid of the warning.
Severity: normal → minor
Status: UNCONFIRMED → NEW
Ever confirmed: true
Priority: -- → P5
Whiteboard: [necko-triaged]
Assignee: nobody → honzab.moz
Status: NEW → ASSIGNED
Comment on attachment 9006000 [details]
Bug 1488039 - Don't log cancelled CORS requests as errors, r=ckerschb

Christoph Kerschbaumer [:ckerschb] has approved the revision.
Attachment #9006000 - Flags: review+
Keywords: checkin-needed
Pushed by csabou@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/7879f6833a4c
Don't log cancelled CORS requests as errors, r=ckerschb
Keywords: checkin-needed
https://hg.mozilla.org/mozilla-central/rev/7879f6833a4c
Status: ASSIGNED → RESOLVED
Closed: 1 year ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla64
You need to log in before you can comment on or make changes to this bug.