Closed Bug 1720371 Opened 3 years ago Closed 2 years ago

Eyedropper may fail under certain Content-Security-Policy settings

Categories

(DevTools :: Inspector, defect, P2)

Firefox 87
defect

Tracking

(firefox-esr91 wontfix, firefox90 wontfix, firefox91 wontfix, firefox92 wontfix, firefox95 wontfix, firefox96 wontfix, firefox97 verified)

VERIFIED FIXED
97 Branch
Tracking Status
firefox-esr91 --- wontfix
firefox90 --- wontfix
firefox91 --- wontfix
firefox92 --- wontfix
firefox95 --- wontfix
firefox96 --- wontfix
firefox97 --- verified

People

(Reporter: mdavids, Assigned: jdescottes)

References

(Blocks 1 open bug, Regression)

Details

(Keywords: regression)

Attachments

(1 file)

User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.114 Safari/537.36

Steps to reproduce:

Actual results:

  • Eyedropper appear, but is broken
  • Console log shows a CSP-issue:

Content Security Policy: The page’s settings blocked the loading of a resource at data:image/png;base64,iVBORw0KGgoAAAANSU… (“img-src”).

Expected results:

Functional eyedropper.

Has STR: --- → yes
Component: Untriaged → Inspector
Product: Firefox → DevTools

Reproduced on all the latest Firefox versions (Release 90, Beta 91.0b1 and Nightly 92.0a1) on MacOS 10.15.
Thanks for reporting this issue!

Status: UNCONFIRMED → NEW
Ever confirmed: true
Blocks: devtools-csp
Severity: -- → S3
Priority: -- → P2

The issue is that the codepath we added to support remote frames relies on loading an image in the content process which fails if the page uses CSPs.

https://searchfox.org/mozilla-central/rev/fac07284a9a996ddf968ea53adaf25c2a8b7c520/devtools/server/actors/highlighters/eye-dropper.js#232-239

We either need a way to create an ImageData from a base64 URL without using an intermediary Image load. Or we need to send the data over using a different format.

Regressed by: 1568831
Version: Firefox 90 → Firefox 87
Has Regression Range: --- → yes

We can probably just send over the imageData instead of converting to a base64 here.

Assignee: nobody → jdescottes
Status: NEW → ASSIGNED

Use ImageData instead of base64 URL.

Set release status flags based on info from the regressing bug 1568831

Pushed by jdescottes@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/5565c42f8ca9
[devtools] Fix eyedropper on pages with CSP r=nchevobbe
Status: ASSIGNED → RESOLVED
Closed: 2 years ago
Resolution: --- → FIXED
Target Milestone: --- → 97 Branch
Flags: qe-verify+

I've reproduced this bug using STR from comment 0, on an affected Nightly build 92.0a1 (20210713214232).

The issue is verified as fixed on latest Beta 97.0b8, across platforms: Win 10 x64, macOS 11, Ubuntu 18.04 x64.

Status: RESOLVED → VERIFIED
Flags: qe-verify+
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: