Closed Bug 1583553 Opened 2 months ago Closed 21 days ago

[Fission] CORS console warnings do not show up for cross origin iframes: browser_CORS-console-warnings.js

Categories

(Core :: DOM: Security, defect, P3)

defect

Tracking

()

RESOLVED FIXED
mozilla72
Tracking Status
firefox72 --- fixed

People

(Reporter: valentin, Assigned: sstreich, NeedInfo)

References

(Blocks 2 open bugs)

Details

(Whiteboard: [domsecurity-backlog1])

Attachments

(1 file)

I've been looking at why browser_CORS-console-warnings.js fails with --enable-fission
The initial theory was that hud.ui.on("new-messages", on_new_message); doesn't work in Fission (which might still be true), but when running the test in both fission and non-fission I noticed that the CORS warnings actually don't show up in the console with fission (but it does show up in the terminal, so CORS still works, but probably can't print to the right webconsole since it's in a different process)

Doesn't show up in the devtools console
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://mochi.test:8888/browser/dom/security/test/cors/file_CrossSiteXHR_server.sjs?allowOrigin=http%3A//example.org. (Reason: CORS request did not succeed).

But this does show up in the terminal (stdout):
0:20.23 INFO Console message: [JavaScript Warning: "Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://mochi.test:8888/browser/dom/security/test/cors/file_CrossSiteXHR_server.sjs?allowOrigin=http%3A//example.org&allowCred&noCookie. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing)."]

Not sure if the bug belongs in DOM::Security or Devtools.

(In reply to Valentin Gosu [:valentin] (he/him) from comment #0)

Not sure if the bug belongs in DOM::Security or Devtools.

I think that bug belongs into DOM:Security because it's most likely a backend issue. Putting in the backlog for now, but we should get that fixed during our 'enable fission for dom:security' effort.

Priority: -- → P3
Whiteboard: [domsecurity-backlog1]
Blocks: 1580750
Assignee: nobody → sstreich
Keywords: checkin-needed

Pushed by ncsoregi@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/4d52d68c7c46
Make browser_CORS-console-warnings.js fission ready r=ckerschb

Keywords: checkin-needed

While the patch fixes the test, I presume we also want to make sure that the warnings show up in the devtools console?
Can we file a follow-up bug for that?

Flags: needinfo?(sstreich)

I just assumed that the Services.Console accesses the same Console as the Dev-Tools 🙈
Are there any cases where a Console message printed in the Console Service would not be shown in devtools?
In that case we definitely should try to find a better fission compatible solution!

Flags: needinfo?(sstreich)

As I mentioned in comment 0, the messages show up in the terminal Console message... but not in the devtools. I assume the console is referring to the terminal "console".
You can easily notice the difference by running the test in both fission and non-fission.

Flags: needinfo?(sstreich)
Status: NEW → RESOLVED
Closed: 21 days ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla72
You need to log in before you can comment on or make changes to this bug.