Script resources blocked by CSP are not displayed in the Network Monitor with Fission Enabled
Categories
(Core :: Networking, defect, P2)
Tracking
()
| Tracking | Status | |
|---|---|---|
| firefox89 | --- | fixed |
People
(Reporter: bomsy, Assigned: bomsy)
References
(Blocks 2 open bugs)
Details
(Whiteboard: dt-fission-m3-mvp [necko-triaged])
Attachments
(1 file)
STR
- Go to https://indigo-dandelion-particle.glitch.me/
- Open the Network monitor
- Make sure "Disable Cache" is checked
- Make sure all fission prefs are on , especially
devtools.testing.enableServerWatcherSupport - Reload the page
Actual results:
Cannot see the script request which is blocked by CSP in the Network Monitor.
Expected results:
Script request blocked by CSP should be displayed in the network monitor.
Note:
Setting the devtools.testing.enableServerWatcherSupport to false, reloading the browser and then the page causes the script to show up.
Also this causes browser_net_block-csp.js test to fail, this would be disabled for fission until this is fixed.
|
Assignee | |
Updated•5 years ago
|
|
||
Updated•5 years ago
|
|
|
Assignee | |
Comment 1•5 years ago
|
||
Hello Valentin,
We see this issue with fission enabled, scripts are no longer visible.
It seems closely related to Bug 1638259, where a solution is suggested.
Do you think that's a fair assumption, I'm look to investigate and try that.
|
||
Comment 2•5 years ago
|
||
Hi Hubert,
Yes, I suspect it's the same issue.
Christoph could probably confirm if that's the case.
|
||
Comment 3•5 years ago
|
||
Tracking dt-fission-m3-mvp bugs for Fission MVP.
|
|
Assignee | |
Comment 4•5 years ago
•
|
||
Thanks Valentin!
Hello Christoph,
Would you be able to confirm that this issue is closely related to Bug 1638259.
|
|
Assignee | |
Comment 5•5 years ago
|
||
Moving to the networking component
|
||
Comment 6•5 years ago
|
||
(In reply to Hubert Boma Manilla (:bomsy) from comment #4)
Would you be able to confirm that this issue is closely related to Bug 1678795.
Yes, this bug is very similar to (in fact the same problem as) Bug 1678795. In particular, see Comment 22 in Bug 1678795.
Very likely we have that problem for more content types, not only style and script - basically whenever we perform a security check where we do not have a created an nsIChannel yet. In particular we can search for SEC_ONLY_FOR_EXPLICIT_CONTENTSEC_CHECK which provides all the problematic callsites.
|
|
||
Updated•5 years ago
|
|
||
Comment 7•5 years ago
|
||
I think there was a copy and paste error starting in comment 4 and that we're actually talking about bug 1638259 because :ckerschb's comment in comment 6 linking to a comment was linking to https://bugzilla.mozilla.org/show_bug.cgi?id=1638259#c22. :ckerschb can you confirm this?
|
|
||
Comment 8•5 years ago
|
||
(In reply to Andrew Sutherland [:asuth] (he/him) from comment #7)
I think there was a copy and paste error starting in comment 4 and that we're actually talking about bug 1638259 because :ckerschb's comment in comment 6 linking to a comment was linking to https://bugzilla.mozilla.org/show_bug.cgi?id=1638259#c22. :ckerschb can you confirm this?
Yes, thanks for fixing that up and sorry about the confusion, it's comment 22 in Bug 1638259 I was talking about.
|
|
Assignee | |
Comment 9•5 years ago
|
||
Thanks for the catch Andrew, I made the original mistake in comment 4.
Thanks
|
|
||
Comment 10•5 years ago
|
||
Moving some dt-fission-m3-mvp bugs from Fission MVP to M7 (blocking Beta experiment).
|
|
||
Comment 11•5 years ago
|
||
Tracking dt-fission-m3-mvp test and infrastructure bugs for Fission M8 (blocking Release experiment).
|
|
||
Comment 12•5 years ago
|
||
Tracking DevTools Post-M8 bugs for Fission MVP milestone. They don't block the Fission Release channel experiment, but we would like them to be completed before we roll out Fission by default.
|
|
Assignee | |
Comment 13•5 years ago
|
||
Depends on D103665
|
||
Updated•5 years ago
|
|
||
Comment 14•5 years ago
|
||
|
||
Comment 15•5 years ago
|
||
| bugherder | ||
|
||
Updated•5 years ago
|
Description
•