content scripts cannot fetch contents of file URIs
Categories
(WebExtensions :: Untriaged, defect)
Tracking
(firefox77 wontfix, firefox78 wontfix, firefox79 wontfix)
People
(Reporter: gildas.lormeau, Unassigned)
References
(Regression)
Details
(Keywords: regression)
Attachments
(1 file)
|
388.54 KB,
application/x-zip-compressed
|
Details |
User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:79.0) Gecko/20100101 Firefox/79.0
Steps to reproduce:
- unzip the attached file
- install the extension
- open demo/index.html file in a tab from the filesystem
- refresh the page
Actual results:
The log in the console displays "KO"
Expected results:
The log in the console should display "OK"
The extension has a content script. This content script tries to retrieve the content of the image displayed in the page with window.fetch. In Firefox 73, this used to work fine. Since Firefox 74, the browser blocks the request.
This issue impacts the Web Extension called "SingleFile" (https://addons.mozilla.org/en-US/firefox/addon/single-file/) which cannot process anymore external resources of pages read from the filesystem. I'm the author of the extension and received some complains about this issue.
In this case, Chromium-based browsers also blocks content scripts (for about 6 months) but background scripts are allowed to fetch file URIs with an XHR.
|
Reporter | |
Updated•4 years ago
|
|
|
Reporter | |
Updated•4 years ago
|
|
||
Comment 1•4 years ago
|
||
Hi Gildas,
Thank you for submitting this bug report. After testing on Windows 10 x 64 bit and MacOS 10.14 with Nightly 79.0a1 (20200611093454), Beta 78.0b5 (20200609215727) and Release 77.0.1 (20200602222727), I was able to reproduce the issue that you described.
From the information provided, I managed to get a regression range on the issue, narrowing it down to https://bugzilla.mozilla.org/show_bug.cgi?id=1420296 (2020-06-11T18:14:12.605000: DEBUG : Found commit message:
Bug 1420296 - Add file check to WebExtensionPolicy r=rpl,zombie), with this differential revision: https://phabricator.services.mozilla.com/D54540.
|
||
Updated•4 years ago
|
|
||
Updated•4 years ago
|
|
||
Updated•4 years ago
|
|
|
||
Comment 2•4 years ago
|
||
The severity field is not set for this bug.
:mixedpuppy, could you have a look please?
For more information, please visit auto_nag documentation.
|
||
Comment 3•4 years ago
|
||
This was an intentional change. It was a (security) bug that it was not correctly enforced before.
Bug 1266960 / bug 1246236 is the general bug to support file access.
|
|
Reporter | |
Comment 4•4 years ago
|
||
Thank you, that's what I was afraid of. Since the behavior of Firefox is now different from the behavior of Chrome regarding the host permission "file:///*", should I create a compatibility issue instead?
|
||
Updated•4 years ago
|
Will someone answer the question of Gildas Lormeau?
|
|
||
Updated•4 years ago
|
|
|
||
Comment 6•4 years ago
|
||
(In reply to Gildas Lormeau from comment #4)
Since the behavior of Firefox is now different from the behavior of Chrome regarding the host permission "file:///*", should I create a compatibility issue instead?
We are already tracking this feature in several bugs (those in comment 3 among others), so there is no need for a new bug.
|
|
Reporter | |
Comment 7•4 years ago
|
||
(In reply to Rob Wu [:robwu] from comment #6)
(In reply to Gildas Lormeau from comment #4)
Since the behavior of Firefox is now different from the behavior of Chrome regarding the host permission "file:///*", should I create a compatibility issue instead?
We are already tracking this feature in several bugs (those in comment 3 among others), so there is no need for a new bug.
Ok, Thank you!
Description
•