[Fission] CORS console warnings do not show up for cross origin iframes: browser_CORS-console-warnings.js
Categories
(Core :: DOM: Security, defect, P3)
Tracking
()
| Tracking | Status | |
|---|---|---|
| firefox72 | --- | fixed |
People
(Reporter: valentin, Assigned: sstreich, NeedInfo)
References
(Blocks 1 open bug)
Details
(Whiteboard: [domsecurity-backlog1])
Attachments
(1 file)
I've been looking at why browser_CORS-console-warnings.js fails with --enable-fission
The initial theory was that hud.ui.on("new-messages", on_new_message); doesn't work in Fission (which might still be true), but when running the test in both fission and non-fission I noticed that the CORS warnings actually don't show up in the console with fission (but it does show up in the terminal, so CORS still works, but probably can't print to the right webconsole since it's in a different process)
Doesn't show up in the devtools console
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://mochi.test:8888/browser/dom/security/test/cors/file_CrossSiteXHR_server.sjs?allowOrigin=http%3A//example.org. (Reason: CORS request did not succeed).
But this does show up in the terminal (stdout):
0:20.23 INFO Console message: [JavaScript Warning: "Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://mochi.test:8888/browser/dom/security/test/cors/file_CrossSiteXHR_server.sjs?allowOrigin=http%3A//example.org&allowCred&noCookie. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing)."]
Not sure if the bug belongs in DOM::Security or Devtools.
|
||
Updated•5 years ago
|
|
|
||
Comment 1•5 years ago
|
||
(In reply to Valentin Gosu [:valentin] (he/him) from comment #0)
Not sure if the bug belongs in DOM::Security or Devtools.
I think that bug belongs into DOM:Security because it's most likely a backend issue. Putting in the backlog for now, but we should get that fixed during our 'enable fission for dom:security' effort.
|
Assignee | |
Updated•5 years ago
|
|
|
Assignee | |
Comment 2•5 years ago
|
||
|
|
Assignee | |
Updated•5 years ago
|
Pushed by ncsoregi@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/4d52d68c7c46
Make browser_CORS-console-warnings.js fission ready r=ckerschb
|
Reporter | |
Comment 4•5 years ago
|
||
While the patch fixes the test, I presume we also want to make sure that the warnings show up in the devtools console?
Can we file a follow-up bug for that?
|
|
Assignee | |
Comment 5•5 years ago
|
||
I just assumed that the Services.Console accesses the same Console as the Dev-Tools 🙈
Are there any cases where a Console message printed in the Console Service would not be shown in devtools?
In that case we definitely should try to find a better fission compatible solution!
|
|
Reporter | |
Comment 6•5 years ago
|
||
As I mentioned in comment 0, the messages show up in the terminal Console message... but not in the devtools. I assume the console is referring to the terminal "console".
You can easily notice the difference by running the test in both fission and non-fission.
|
||
Comment 7•5 years ago
|
||
| bugherder | ||
|
||
Comment 8•5 years ago
|
||
Retroactively moving fixed bugs whose summaries mention "Fission" (or other Fission-related keywords) but are not assigned to a Fission Milestone to an appropriate Fission Milestone.
This will generate a lot of bugmail, so you can filter your bugmail for the following UUID and delete them en masse:
0ee3c76a-bc79-4eb2-8d12-05dc0b68e732
Description
•