CORS error not logged in console
Categories
(DevTools :: Console, defect)
Tracking
(Not tracked)
People
(Reporter: kannes-github, Unassigned)
Details
Attachments
(1 file)
|
307.77 KB,
image/png
|
Details |
cors_error.png
User Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 OPR/57.0.3098.116
Steps to reproduce:
I am not sure if this could hint at a security issue, that's why I mark it. Better safe than sorry. :)
The server is mine.
Actual results:
The site fails to load images to drape on the globe visualisation due to CORS. That's ok.
There are no CORS errors logged in the console by Firefox. That's not ok.
Instead Firefox only logs e.g. "Loading mixed (insecure) display content “http://hannes.enjoys.it/carto/VIIRS_SNPP_CorrectedReflectance_TrueColor_median/tiles_nocors/1/0/1.jpg” on a secure page[Learn More]" plus errors from the JS library in use, e.g. "err http://hannes.enjoys.it/carto/VIIRS_SNPP_CorrectedReflectance_TrueColor_median/tiles_nocors/${z}/${x}/${y}.jpg error { ... }" for all the requests.
Expected results:
Firefox should log appropriate CORS errors to the console (ref https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS/Errors)
|
||
Comment 1•7 years ago
|
||
The absence of errors isn't an exploitable security issue that we need to hide.
|
||
Comment 2•7 years ago
|
||
Hello, thanks for filing a bug.
Could you update Firefox to the latest version (65)?
I don't see CORS error in 64 indeed, but I do see them in 65.
|
|
||
Updated•7 years ago
|
|
|
||
Updated•7 years ago
|
|
|
||
Updated•1 year ago
|
Description
•