Closed Bug 1525036 Opened 2 years ago Closed 2 years ago

Implement Cross-Origin header (requiring CORS for subresources)

Categories

(Core :: Networking, enhancement, P2)

enhancement

Tracking

()

RESOLVED FIXED
mozilla67
Fission Milestone M2
Tracking Status
firefox67 --- fixed

People

(Reporter: nika, Assigned: valentin)

References

Details

(Keywords: dev-doc-needed, Whiteboard: [necko-triaged])

Attachments

(4 files, 1 obsolete file)

Summary: Implement Require-CORS header → Implement Cross-Origin header (requiring CORS for subresources)
Blocks: resab
Priority: -- → P2
Fission Milestone: --- → M2
Whiteboard: [necko-triaged]
Blocks: 1532287
Attachment #9047151 - Attachment description: Bug 1525036 - Add Test for Cross-Origin header policy r=nika → Bug 1525036 - Add Test for Cross-Origin header policy r=nika!
Attachment #9047152 - Attachment description: Bug 1525036 - Respect CrossOriginPolicy in nsHttpChannel r=nika → Bug 1525036 - Respect CrossOriginPolicy in nsHttpChannel r=nika!
Attachment #9047153 - Attachment description: Bug 1525036 - Respect CrossOriginPolicy in Fetch r=nika → Bug 1525036 - Respect CrossOriginPolicy in Fetch r=nika!
Attachment #9047154 - Attachment description: Bug 1525036 - Add pref for Cross-Origin policy r=nika → Bug 1525036 - Add pref for Cross-Origin policy r=nika!
Attachment #9047155 - Attachment description: Bug 1525036 - Add CrossOriginPolicy to the browsing context r=nika → Bug 1525036 - Add CrossOriginPolicy to the browsing context r=nika!
Pushed by valentin.gosu@gmail.com:
https://hg.mozilla.org/integration/autoland/rev/6391f42aaa6d
Add Test for Cross-Origin header policy r=nika
https://hg.mozilla.org/integration/autoland/rev/fa0363d33dbd
Respect CrossOriginPolicy in nsHttpChannel r=nika
https://hg.mozilla.org/integration/autoland/rev/502b0bb796cd
Respect CrossOriginPolicy in Fetch r=nika
https://hg.mozilla.org/integration/autoland/rev/0c05686bd62a
Add pref for Cross-Origin policy r=nika
https://hg.mozilla.org/integration/autoland/rev/6717beb3ac53
Add CrossOriginPolicy to the browsing context r=nika
Blocks: 1533877

Backed out for /browser_httpCrossOriginHeader.js failures

backout: https://hg.mozilla.org/integration/autoland/rev/9da6e8f78737fbde6a11da1c0b002719b86dbbd5

failure log: https://treeherder.mozilla.org/logviewer.html#/jobs?job_id=232785449&repo=autoland&lineNumber=6642

task 2019-03-08T22:33:23.200Z] 22:33:23 INFO - Navigated to: https://example.com/browser/toolkit/components/remotebrowserutils/tests/browser/cross_origin_header.sjs
[task 2019-03-08T22:33:23.201Z] 22:33:23 INFO - Buffered messages finished
[task 2019-03-08T22:33:23.203Z] 22:33:23 INFO - TEST-UNEXPECTED-FAIL | toolkit/components/remotebrowserutils/tests/browser/browser_httpCrossOriginHeader.js | false == true - JS frame :: chrome://mochitests/content/browser/toolkit/components/remotebrowserutils/tests/browser/browser_httpCrossOriginHeader.js :: test_policy/< :: line 41
[task 2019-03-08T22:33:23.205Z] 22:33:23 INFO - Stack trace:
[task 2019-03-08T22:33:23.207Z] 22:33:23 INFO - chrome://mochitests/content/browser/toolkit/components/remotebrowserutils/tests/browser/browser_httpCrossOriginHeader.js:test_policy/<:41
[task 2019-03-08T22:33:23.208Z] 22:33:23 INFO - resource://testing-common/BrowserTestUtils.jsm:withNewTab:111
[task 2019-03-08T22:33:23.209Z] 22:33:23 INFO - chrome://mochitests/content/browser/toolkit/components/remotebrowserutils/tests/browser/browser_httpCrossOriginHeader.js:test_policy:21
[task 2019-03-08T22:33:23.210Z] 22:33:23 INFO - chrome://mochitests/content/browser/toolkit/components/remotebrowserutils/tests/browser/browser_httpCrossOriginHeader.js:test_enabled:65
[task 2019-03-08T22:33:23.211Z] 22:33:23 INFO - chrome://mochikit/content/browser-test.js:Tester_execTest/<:1106
[task 2019-03-08T22:33:23.211Z] 22:33:23 INFO - chrome://mochikit/content/browser-test.js:Tester_execTest:1134
[task 2019-03-08T22:33:23.212Z] 22:33:23 INFO - chrome://mochikit/content/browser-test.js:nextTest/<:995
[task 2019-03-08T22:33:23.213Z] 22:33:23 INFO - chrome://mochikit/content/tests/SimpleTest/SimpleTest.js:SimpleTest.waitForFocus/waitForFocusInner/focusedOrLoaded/<:803
[task 2019-03-08T22:33:23.214Z] 22:33:23 INFO - GECKO(11134) | Waiting for browser load
[task 2019-03-08T22:33:23.215Z] 22:33:23 INFO - GECKO(11134) | Saw state f0001 and status 0
[task 2019-03-08T22:33:23.216Z] 22:33:23 INFO - Console message: [JavaScript Warning: "Loading failed for the <script> with source “chrome://browser/content/aboutNetError.js”." {file: "about:neterror?e=blockedByPolicy&u=https%3A//example.com/browser/toolkit/components/remotebrowserutils/tests/browser/cross_origin_header.sjs&c=UTF-8&f=regular&d=Your%20organization%20has%20blocked%20access%20to%20this%20page%20or%20website." line: 187}]
[task 2019-03-08T22:33:23.217Z] 22:33:23 INFO - GECKO(11134) | Saw state c0010 and status 0
[task 2019-03-08T22:33:23.218Z] 22:33:23 INFO - GECKO(11134) | Browser loaded https://example.com/browser/toolkit/components/remotebrowserutils/tests/browser/cross_origin_header.sjs?anonymous
[task 2019-03-08T22:33:23.219Z] 22:33:23 INFO - Test tab ready: https://example.com/browser/toolkit/components/remotebrowserutils/tests/browser/cross_origin_header.sjs?anonymous

Flags: needinfo?(valentin.gosu)
Flags: needinfo?(valentin.gosu)

Note to MDN writers:

I've added a note to the Fx67 rel notes about this:
https://developer.mozilla.org/en-US/docs/Mozilla/Firefox/Releases/67#HTTP

The header still needs documenting, and BCD filling in.

Is it clear to the MDN audience that it's not shipping? We'll also likely tweak the design a bit given ongoing discussion with other implementers.

Flags: needinfo?(cmills)

(In reply to Anne (:annevk) from comment #12)

Is it clear to the MDN audience that it's not shipping? We'll also likely tweak the design a bit given ongoing discussion with other implementers.

Ooops, I missed the bit about the pref! Thanks for the heads up :annevk; I've removed it from the release notes, and instead added an entry to https://developer.mozilla.org/en-US/docs/Mozilla/Firefox/Experimental_features#Security to cover it (see the bottom of the table).

Flags: needinfo?(cmills)
Attachment #9047151 - Attachment is obsolete: true
You need to log in before you can comment on or make changes to this bug.