Open Bug 1696128 Opened 4 years ago Updated 1 month ago

The Authorization header is cropped in NetworkMonitor for long JWT tokens.

Categories

(DevTools :: Netmonitor, defect, P3)

Firefox 86
Desktop
Linux
defect

Tracking

(Not tracked)

People

(Reporter: petcuandrei, Unassigned)

References

(Blocks 1 open bug)

Details

Attachments

(3 files)

User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:87.0) Gecko/20100101 Firefox/87.0

Steps to reproduce:

I signed up to https://alpha.uipath.com/ (it can be any web site that uses a long enough JWT token). Here is the header of my token.

I opened devtools > network > click on a XHR request > I copied the Authorization header.

Go to https://jwt.io/ and paste the token

Actual results:

The token is invalid. It says that the signature is broken.
This happens because the body contains …

Expected results:

I should have seen the token as valid with no cropping and no "…".
If I go to raw data region, I can copy it but it's harder to do also because of the other bug where focus is lost due to this bug https://bugzilla.mozilla.org/show_bug.cgi?id=1632030

Component: Untriaged → Netmonitor
OS: Unspecified → Linux
Product: Firefox → DevTools
Hardware: Unspecified → Desktop
Version: Firefox 87 → Firefox 86

Thank you for the report!

Could you please attach a screenshot, thank you.

Honza

Flags: needinfo?(petcuandrei)

Can I just pick this up? It's simpler to try to fix on my machine than to help you reproduce. I'm a n00b at devtools :)

Flags: needinfo?(petcuandrei) → needinfo?(odvarko)
Assignee: nobody → petcuandrei
Status: NEW → ASSIGNED
Flags: needinfo?(odvarko)

Still exploring the source of the issue but here is what I found:
cropLimit: 1024, is the source of the issue. If I change it to cropLimit: 2048, it works for this specific token I have.
https://searchfox.org/mozilla-central/source/devtools/client/netmonitor/src/components/request-details/PropertiesView.js#76

const shouldCrop = !isOpen && cropLimit && text.length > cropLimit;
https://searchfox.org/mozilla-central/source/devtools/client/shared/components/reps/reps/string.js#85

maybeCropString -> rawCropString

And then it crops the middle of my string with alternativeText.

if (text.length > limit) {
      return (
        text.substr(0, Math.ceil(halfLimit)) +
        alternativeText +
        text.substr(text.length - Math.floor(halfLimit))
      );
    }

https://searchfox.org/mozilla-central/source/devtools/client/shared/components/reps/reps/rep-utils.js#221

This seems to be by design, it's not a bug. What should I do? My original problem is that it was hard for me to copy a JWT token. Should we just increase this number or should we find alternative UX for it?

Flags: needinfo?(odvarko)

Or maybe I should just fix https://bugzilla.mozilla.org/show_bug.cgi?id=1632030 and use the raw version of the headers.

We could disable the `cropLimit` for HTTP header values: @Bomsy, what do you think? Honza
Flags: needinfo?(odvarko) → needinfo?(hmanilla)

Yes. Honza, i agree lets just disable it for the HeadersPanel.

Hi Andrei,
Lets go with Honza's suggestion above in comment 6
Thanks

Flags: needinfo?(hmanilla)
Severity: -- → S3
Priority: -- → P3

Is this bug still open to being worked on? I would like to tackle it.

Go ahead assigned to you.

Thanks

Assignee: petcuandrei → clintonadeleke
Whiteboard: dt-outreachy-2021

I've made the necessary code changes and would be waiting on your review, secondly, I was wondering is this covered by tests, if yes, how am I to go about testing this?

Thank you for the patch!

Two thing we should do here:

This test feels similar, so you can get some inspiration
https://searchfox.org/mozilla-central/source/devtools/client/netmonitor/test/browser_net_headers_filter.js

Please add all additional changes into the one existing patch
(use hg commit amend)

Honza

I'm having some issues setting up the test, I think I've spent around 3 days trying to figure out what each function is for, so any pointers would be highly appreciated, So far here's what I've done: ```js ```

The bug assignee is inactive on Bugzilla, so the assignee is being reset.

Assignee: V1KT1M → nobody
Status: ASSIGNED → NEW
Whiteboard: dt-outreachy-2021

This applies to every header not just the authorization header. All headers are trimmed in middle. However raw headers show complete headers text.
If showing complete header is not feasible or if you do not want to implement, then please make sure while copying the header value, complete header should be copied to clipboard but not just the selected trimmed one.

:)

You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: