Open Bug 1732199 Opened 3 years ago Updated 1 month ago

Infinite reload of 201, 203, 204 responses

Categories

(Core :: Audio/Video, defect, P3)

Product:
Core
Component:
Audio/Video
Version:
Firefox 92
Type:
defect

Tracking

()

Status:
UNCONFIRMED

People

(Reporter: jannis, Assigned: jhlin, NeedInfo)

References

Details

User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:92.0) Gecko/20100101 Firefox/92.0

Steps to reproduce:

Visiting a URL that has status-code=203, content-type=video/mp4 and and empty body (https://demo.websec.saarland/echo/?ecohd_status=203&content-type=video/mp4) will bring the browser to reload/re-request the URL several times per second infinitely. This can be observed in the developer tools.

The same effect also happens when the URL is included as an audio, video, object, embed or iframe. The exact conditions of the response, i.e. which status-codes and content-types as well as whether the body has to be empty or not empty, depends on the inclusion method.
Status-codes: 201, 202, 203, 207, 208 and 226 with content-type: video/mp4 and an empty body work for audio, video, embed, object and iframe. Audio and video additionally accept audio/wav as a content-type.
Status-codes: 204 and 205 with content-type: video/mp4 or audio/wav and a non-empty body work for audio and video.
On this website there are several example inclusions that reload forever: https://demo.websec.saarland/static/reload_hell.html

Actual results:

The above mentioned responses are reloaded forever.
The browser will perform many requests and never finishes loading

Expected results:

The browser should not reload these resources (or abort reloading them after a limited amount of tries).

Group: core-security → dom-core-security
See Also: → 1732141

I don't know if this is the right networking behavior, but it's not really a security problem. if you wanted to keep someone's browser busy loading stuff you can just open a socket or a super big image file or something.

Group: dom-core-security
Component: DOM: Navigation → Networking: HTTP

The reload is not happening in necko.
I also see that necko channel is closed with error NS_ERROR_PARSED_DATA_CACHED.
Moving this to media.

Component: Networking: HTTP → Audio/Video

It's caused by ChannelMediaResource[1]. After removing the offset == 0 condition FF stops reloading infinitely. I will investigate further to see how to make the case works.

[1] https://searchfox.org/mozilla-central/source/dom/media/ChannelMediaResource.cpp#345-386

Assignee: nobody → jolin
Severity: -- → S3
Priority: -- → P3

John, did you investigate further?

Flags: needinfo?(jolin)
You need to log in before you can comment on or make changes to this bug.