Workers fail to fetch from loopback addresses like http://127.0.0.1
Categories
(Core :: DOM: Security, defect, P3)
Tracking
()
People
(Reporter: irakli, Unassigned)
References
(Blocks 1 open bug)
Details
(Keywords: testcase, Whiteboard: [domsecurity-backlog])
Attachments
(1 file)
375 bytes,
text/x-python
|
Details |
There was a related bug reports like Bug 903966 which did fixed that issue for requests from document scope, however issue is still reproducible in worker contexts.
I have put together few examples to illustrate the issue:
https://gozala.io/loopback-worker/
Comment 1•6 years ago
|
||
I will move it to security because it looks like a similar issue as 903966
Updated•6 years ago
|
Updated•6 years ago
|
Comment 2•6 years ago
|
||
Is this testcase correct? I'm getting similar "failed to fetch" errors on Chrome.
Reporter | ||
Comment 3•6 years ago
|
||
Is this testcase correct? I'm getting similar "failed to fetch" errors on Chrome.
Depends on what's running on that address and if Access-Control-Allow-Origin
headers are set to respond to https://gozala.io/ if they are set on Chrome it does not fail on my end.
Updated•6 years ago
|
Comment 5•4 years ago
|
||
Comment 6•4 years ago
|
||
(In reply to Irakli Gozalishvili [:irakli] [:gozala] [@gozala] from comment #3)
Is this testcase correct? I'm getting similar "failed to fetch" errors on Chrome.
Depends on what's running on that address and if
Access-Control-Allow-Origin
headers are set to respond to https://gozala.io/ if they are set on Chrome it does not fail on my end.
I tried to attach a Python3 script to setup such a localhost server. The tests pass on Firefox 79, Firefox Nightly and Chrome. https://github.com/Gozala/loopback-worker/tree/master/docs does not have any service-worker.html file though. Is this bug fixed?
(In reply to Jonathan Kingston [:jkt] (not really reading NI, email if needed) from comment #4)
Looks like this would be fixed by Bug 1488740
That one should be fixed now, but the test are already passing in release for me.
Comment 7•2 years ago
|
||
Clear a needinfo that is pending on an inactive user.
Inactive users most likely will not respond; if the missing information is essential and cannot be collected another way, the bug maybe should be closed as INCOMPLETE
.
For more information, please visit auto_nag documentation.
Updated•2 years ago
|
Description
•