Closed Bug 1595595 Opened 5 years ago Closed 5 years ago

firefox-ci-tc.services.mozilla.com has a CSP that blocks it from working with reftest-analyzer (breaking treeherder-to-reftest analyzer flow)

Categories

(Release Engineering :: Firefox-CI Administration, defect)

Product:
Release Engineering
Component:
Firefox-CI Administration
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 1595363

People

(Reporter: dholbert, Unassigned)

Details

STR:

  1. Load this TreeHerder log:
    https://treeherder.mozilla.org/logviewer.html#/jobs?job_id=275631304
  2. (optional) Open the devtools console (F12 or Ctrl+Shift+K)
  3. Click the "open analyzer" link at the top.

ACTUAL RESULTS:

  • The analyzer stays on the "load reftest log" screen (it doesn't successfully get the log)
  • Web Console says:

Content Security Policy: The page’s settings blocked the loading of a resource at https://firefox-ci-tc.services.mozilla.com/api/queue/v1/task…QXy0yZ4HJioOKw/runs/0/artifacts/public/logs/live_backing.log (“connect-src”).

EXPECTED RESULTS:

  • Reftest analyzer should successfully analyze the log and get to the compare-screenshots view.
  • There shouldn't be a CSP error (i.e. we should use a CSP that permits our hosted reftest-analyzer to load the log)

Side note: from clicking around on TreeHerder, it looks like a lot of logs are hosted on queue.taskcluster.net which works just fine for reftest-analyzer. This particular one lives on firefox-ci-tc.services.mozilla.com for some reason, and that domain has this CSP issue, it seems.

Actually, I'm seeing similar issues for queue.taskcluster.net logs as-viewed-in-the-shortlog.

E.g. this URL gives me "Network error when attempting to fetch resource" in the bottom-half (log-viewing) portion, for a queue.taskcluster.net URL, and the console says it's a CSP issue:
https://treeherder.mozilla.org/logviewer.html#/jobs?job_id=272726453&repo=autoland&lineNumber=2944

Content Security Policy: The page’s settings blocked the loading of a resource at https://queue.taskcluster.net/v1/task/DiX5J0KxTHWTmxMTwcaMtQ/runs/0/artifacts/public/logs/live_backing.log (“connect-src”).

...though that one does let itself be viewed in reftest-analyzer, so maybe it's permissive for some domains but not all of the ones that we need to be permissive for?

Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.