Implement Cross-Origin header (requiring CORS for subresources)

RESOLVED FIXED in Firefox 67

Status

()

enhancement
P2
normal
RESOLVED FIXED
4 months ago
19 days ago

People

(Reporter: Nika, Assigned: valentin)

Tracking

(Blocks 3 bugs, {dev-doc-needed})

unspecified
mozilla67
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(Fission Milestone:M2, firefox67 fixed)

Details

(Whiteboard: [necko-triaged])

Attachments

(5 attachments)

Updated

4 months ago
Summary: Implement Require-CORS header → Implement Cross-Origin header (requiring CORS for subresources)

Updated

4 months ago
Blocks: 1477743

Updated

4 months ago
Priority: -- → P2

Updated

3 months ago
Fission Milestone: --- → M2
Whiteboard: [necko-triaged]
Assignee

Updated

3 months ago
Blocks: 1532287
Attachment #9047151 - Attachment description: Bug 1525036 - Add Test for Cross-Origin header policy r=nika → Bug 1525036 - Add Test for Cross-Origin header policy r=nika!
Attachment #9047152 - Attachment description: Bug 1525036 - Respect CrossOriginPolicy in nsHttpChannel r=nika → Bug 1525036 - Respect CrossOriginPolicy in nsHttpChannel r=nika!
Attachment #9047153 - Attachment description: Bug 1525036 - Respect CrossOriginPolicy in Fetch r=nika → Bug 1525036 - Respect CrossOriginPolicy in Fetch r=nika!
Attachment #9047154 - Attachment description: Bug 1525036 - Add pref for Cross-Origin policy r=nika → Bug 1525036 - Add pref for Cross-Origin policy r=nika!
Attachment #9047155 - Attachment description: Bug 1525036 - Add CrossOriginPolicy to the browsing context r=nika → Bug 1525036 - Add CrossOriginPolicy to the browsing context r=nika!

Comment 7

2 months ago
Pushed by valentin.gosu@gmail.com:
https://hg.mozilla.org/integration/autoland/rev/6391f42aaa6d
Add Test for Cross-Origin header policy r=nika
https://hg.mozilla.org/integration/autoland/rev/fa0363d33dbd
Respect CrossOriginPolicy in nsHttpChannel r=nika
https://hg.mozilla.org/integration/autoland/rev/502b0bb796cd
Respect CrossOriginPolicy in Fetch r=nika
https://hg.mozilla.org/integration/autoland/rev/0c05686bd62a
Add pref for Cross-Origin policy r=nika
https://hg.mozilla.org/integration/autoland/rev/6717beb3ac53
Add CrossOriginPolicy to the browsing context r=nika
Assignee

Updated

2 months ago
Blocks: 1533877

Backed out for /browser_httpCrossOriginHeader.js failures

backout: https://hg.mozilla.org/integration/autoland/rev/9da6e8f78737fbde6a11da1c0b002719b86dbbd5

failure log: https://treeherder.mozilla.org/logviewer.html#/jobs?job_id=232785449&repo=autoland&lineNumber=6642

task 2019-03-08T22:33:23.200Z] 22:33:23 INFO - Navigated to: https://example.com/browser/toolkit/components/remotebrowserutils/tests/browser/cross_origin_header.sjs
[task 2019-03-08T22:33:23.201Z] 22:33:23 INFO - Buffered messages finished
[task 2019-03-08T22:33:23.203Z] 22:33:23 INFO - TEST-UNEXPECTED-FAIL | toolkit/components/remotebrowserutils/tests/browser/browser_httpCrossOriginHeader.js | false == true - JS frame :: chrome://mochitests/content/browser/toolkit/components/remotebrowserutils/tests/browser/browser_httpCrossOriginHeader.js :: test_policy/< :: line 41
[task 2019-03-08T22:33:23.205Z] 22:33:23 INFO - Stack trace:
[task 2019-03-08T22:33:23.207Z] 22:33:23 INFO - chrome://mochitests/content/browser/toolkit/components/remotebrowserutils/tests/browser/browser_httpCrossOriginHeader.js:test_policy/<:41
[task 2019-03-08T22:33:23.208Z] 22:33:23 INFO - resource://testing-common/BrowserTestUtils.jsm:withNewTab:111
[task 2019-03-08T22:33:23.209Z] 22:33:23 INFO - chrome://mochitests/content/browser/toolkit/components/remotebrowserutils/tests/browser/browser_httpCrossOriginHeader.js:test_policy:21
[task 2019-03-08T22:33:23.210Z] 22:33:23 INFO - chrome://mochitests/content/browser/toolkit/components/remotebrowserutils/tests/browser/browser_httpCrossOriginHeader.js:test_enabled:65
[task 2019-03-08T22:33:23.211Z] 22:33:23 INFO - chrome://mochikit/content/browser-test.js:Tester_execTest/<:1106
[task 2019-03-08T22:33:23.211Z] 22:33:23 INFO - chrome://mochikit/content/browser-test.js:Tester_execTest:1134
[task 2019-03-08T22:33:23.212Z] 22:33:23 INFO - chrome://mochikit/content/browser-test.js:nextTest/<:995
[task 2019-03-08T22:33:23.213Z] 22:33:23 INFO - chrome://mochikit/content/tests/SimpleTest/SimpleTest.js:SimpleTest.waitForFocus/waitForFocusInner/focusedOrLoaded/<:803
[task 2019-03-08T22:33:23.214Z] 22:33:23 INFO - GECKO(11134) | Waiting for browser load
[task 2019-03-08T22:33:23.215Z] 22:33:23 INFO - GECKO(11134) | Saw state f0001 and status 0
[task 2019-03-08T22:33:23.216Z] 22:33:23 INFO - Console message: [JavaScript Warning: "Loading failed for the <script> with source “chrome://browser/content/aboutNetError.js”." {file: "about:neterror?e=blockedByPolicy&u=https%3A//example.com/browser/toolkit/components/remotebrowserutils/tests/browser/cross_origin_header.sjs&c=UTF-8&f=regular&d=Your%20organization%20has%20blocked%20access%20to%20this%20page%20or%20website." line: 187}]
[task 2019-03-08T22:33:23.217Z] 22:33:23 INFO - GECKO(11134) | Saw state c0010 and status 0
[task 2019-03-08T22:33:23.218Z] 22:33:23 INFO - GECKO(11134) | Browser loaded https://example.com/browser/toolkit/components/remotebrowserutils/tests/browser/cross_origin_header.sjs?anonymous
[task 2019-03-08T22:33:23.219Z] 22:33:23 INFO - Test tab ready: https://example.com/browser/toolkit/components/remotebrowserutils/tests/browser/cross_origin_header.sjs?anonymous

Flags: needinfo?(valentin.gosu)
Assignee

Updated

2 months ago
Flags: needinfo?(valentin.gosu)

Note to MDN writers:

I've added a note to the Fx67 rel notes about this:
https://developer.mozilla.org/en-US/docs/Mozilla/Firefox/Releases/67#HTTP

The header still needs documenting, and BCD filling in.

Comment 12

19 days ago

Is it clear to the MDN audience that it's not shipping? We'll also likely tweak the design a bit given ongoing discussion with other implementers.

Flags: needinfo?(cmills)

(In reply to Anne (:annevk) from comment #12)

Is it clear to the MDN audience that it's not shipping? We'll also likely tweak the design a bit given ongoing discussion with other implementers.

Ooops, I missed the bit about the pref! Thanks for the heads up :annevk; I've removed it from the release notes, and instead added an entry to https://developer.mozilla.org/en-US/docs/Mozilla/Firefox/Experimental_features#Security to cover it (see the bottom of the table).

Flags: needinfo?(cmills)
You need to log in before you can comment on or make changes to this bug.