Closed Bug 1694622 Opened 4 years ago Closed 4 years ago

XHR requests in extensions background script send Origin: null in POST requests

Categories

(WebExtensions :: Request Handling, defect)

Product:
WebExtensions
Component:
Request Handling
Version:
Firefox 88
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 1685570

People

(Reporter: attila.ersek, Unassigned)

Details

Attachments

(1 file)

origin_null_request.png
84.47 KB, image/png
Details
Attached image origin_null_request.png

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.182 Safari/537.36

Steps to reproduce:

XHR POST requests in extension background script sends Origin: null header instead of omitting it or using an extension specific value. Requests with invalid Origin, this case null, are refused by our API as we couldn't validate their authenticity.

Actual results:

Make an XHR POST request to an API endpoint. Request was sent with Origin: null header. The request is refused by the API due to check on valid Origin.

Expected results:

The XHR POST request should not have an Origin header similarly to GET requests.

The Bugbug bot thinks this bug should belong to the 'Core::DOM: Networking' component, and is moving the bug to that component. Please revert this change in case you think the bot is wrong.

Component: Untriaged → DOM: Networking
Product: Firefox → Core

Thank you for the report.

This is probably a dupe of bug 1605305.
Could you check if the same bug happens with Firefox Nightly? https://nightly.mozilla.org/

Flags: needinfo?(attila.ersek)

(In reply to Valentin Gosu [:valentin] (he/him) from comment #2)

Thank you for the report.

This is probably a dupe of bug 1605305.
Could you check if the same bug happens with Firefox Nightly? https://nightly.mozilla.org/

Thank you for your response!

Tested with 88.0a1 (2021-02-23) (64-bit) and the issue still persists.

Flags: needinfo?(attila.ersek)

There's a pending needinfo? in bug 1685570 comment 28 because others have also noticed a problem that looks very much like this one (i.e. the fix doesn't seem to be working in all cases, and we see Origin: null in 86). I'm moving this into WebExtensions :: Request Handling so that they can track this (maybe as a dupe?)

Component: DOM: Networking → Request Handling
Product: Core → WebExtensions
Version: Firefox 85 → Firefox 88

This does indeed appear to be a duplicate of https://bugzilla.mozilla.org/show_bug.cgi?id=1685570.
Will mark it this way, but in case of error, please revert the changes. Thank you !

Status: UNCONFIRMED → RESOLVED
Closed: 4 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: