Closed Bug 1798000 Opened 2 years ago Closed 2 years ago

ClickUp fails to load with Partially Implemented Opaque Response Blocking enabled

Categories

(Core :: DOM: Networking, defect, P1)

Product:
Core
Component:
DOM: Networking
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Tracking Flags:
Tracking Status
firefox-esr102 --- unaffected
firefox106 --- unaffected
firefox107 --- unaffected
firefox108 --- disabled
firefox109 --- fixed

People

(Reporter: mossop, Assigned: sefeng)

References

(Regression)

Details

(Keywords: regression, Whiteboard: [necko-triaged][orb:m1])

ClickUp (https://www.cluckup.com) fails to load correctly unless I disable browser.opaqueResponseBlocking.

Flags: needinfo?(sefeng)

Set release status flags based on info from the regressing bug 1785331

status-firefox106: --- → unaffected
status-firefox107: --- → unaffected
status-firefox108: --- → affected
status-firefox-esr102: --- → unaffected

Dave, what part of it didn't load correctly? AFAIC, we don't block any request on https://www.cluckup.com. Did you see any requests were blocked in browser console?

Flags: needinfo?(dtownsend)

(In reply to Sean Feng [:sefeng] from comment #2)

Dave, what part of it didn't load correctly? AFAIC, we don't block any request on https://www.cluckup.com. Did you see any requests were blocked in browser console?

You probably have to have an account and login. Here is the log from the browser console:

The resource at “https://app-cdn.clickup.com/favicon-16x16.bc9ca0a8aa1b1fdd.png?ngsw-bypass=1&cache-bust=1666988220491” was blocked due to its Cross-Origin-Resource-Sharing header (or lack thereof). 2
The resource at “https://www.google.com/favicon.ico?ngsw-bypass=1&cache-bust=1666988220491” was blocked due to its Cross-Origin-Resource-Sharing header (or lack thereof). 2
The resource at “https://data.webproduct.clickup.com/data/ptm.gif/a55d7d66-bb17-4dd8-47ee-554adf4eca7b?v=2.158.0_prod&ct=1666988222025&s=434” was blocked due to its Cross-Origin-Resource-Sharing header (or lack thereof).
The resource at “https://events.split.io/api/testImpressions/count/beacon” was blocked due to its Cross-Origin-Resource-Sharing header (or lack thereof).
The resource at “https://app-cdn.clickup.com/favicon-16x16.bc9ca0a8aa1b1fdd.png?ngsw-bypass=1&cache-bust=1666988222728” was blocked due to its Cross-Origin-Resource-Sharing header (or lack thereof). 2
The resource at “https://www.google.com/favicon.ico?ngsw-bypass=1&cache-bust=1666988222728” was blocked due to its Cross-Origin-Resource-Sharing header (or lack thereof). 2
The resource at “https://app-cdn.clickup.com/favicon-32x32.db10e72c524be8bd.png” was blocked due to its Cross-Origin-Resource-Sharing header (or lack thereof). 2
The resource at “https://app-cdn.clickup.com/favicon-16x16.bc9ca0a8aa1b1fdd.png?ngsw-bypass=1&cache-bust=1666988228363” was blocked due to its Cross-Origin-Resource-Sharing header (or lack thereof). 2
The resource at “https://www.google.com/favicon.ico?ngsw-bypass=1&cache-bust=1666988228362” was blocked due to its Cross-Origin-Resource-Sharing header (or lack thereof). 2
The resource at “https://app-cdn.clickup.com/favicon-16x16.bc9ca0a8aa1b1fdd.png?ngsw-bypass=1&cache-bust=1666988233444” was blocked due to its Cross-Origin-Resource-Sharing header (or lack thereof). 2
The resource at “https://www.google.com/favicon.ico?ngsw-bypass=1&cache-bust=1666988233444” was blocked due to its Cross-Origin-Resource-Sharing header (or lack thereof). 2
The resource at “https://app-cdn.clickup.com/favicon-16x16.bc9ca0a8aa1b1fdd.png?ngsw-bypass=1&cache-bust=1666988238515” was blocked due to its Cross-Origin-Resource-Sharing header (or lack thereof). 2
The resource at “https://www.google.com/favicon.ico?ngsw-bypass=1&cache-bust=1666988238514” was blocked due to its Cross-Origin-Resource-Sharing header (or lack thereof). 2
The resource at “https://app-cdn.clickup.com/favicon-16x16.bc9ca0a8aa1b1fdd.png?ngsw-bypass=1&cache-bust=1666988243594” was blocked due to its Cross-Origin-Resource-Sharing header (or lack thereof). 2
The resource at “https://www.google.com/favicon.ico?ngsw-bypass=1&cache-bust=1666988243593” was blocked due to its Cross-Origin-Resource-Sharing header (or lack thereof). 2
The resource at “https://app-cdn.clickup.com/favicon-16x16.bc9ca0a8aa1b1fdd.png?ngsw-bypass=1&cache-bust=1666988248661” was blocked due to its Cross-Origin-Resource-Sharing header (or lack thereof). 2
The resource at “https://www.google.com/favicon.ico?ngsw-bypass=1&cache-bust=1666988248660” was blocked due to its Cross-Origin-Resource-Sharing header (or lack thereof).
Flags: needinfo?(dtownsend)

(In reply to Dave Townsend [:mossop] from comment #3)

(In reply to Sean Feng [:sefeng] from comment #2)

Dave, what part of it didn't load correctly? AFAIC, we don't block any request on https://www.cluckup.com. Did you see any requests were blocked in browser console?

You probably have to have an account and login. Here is the log from the browser console:

The resource at “https://app-cdn.clickup.com/favicon-16x16.bc9ca0a8aa1b1fdd.png?ngsw-bypass=1&cache-bust=1666988220491” was blocked due to its Cross-Origin-Resource-Sharing header (or lack thereof). 2

Similar warnings for any image attachments in BMO, with or without logged on.

STR:

  1. Open a bug report link with image attachment, e.g. bug 1798111.
    ↳ The resource at “https://bug1798111.bmoattachments.org/attachment.cgi?id=9300916” was blocked due to its Cross-Origin-Resource-Sharing header (or lack thereof). Image is not shown inline neither.

  2. Left-click an image attachment link.
    ↳ The resource at “https://bug1798111.bmoattachments.org/attachment.cgi?id=9300916” was blocked due to its Cross-Origin-Resource-Sharing header (or lack thereof).
    Opening the image in a new tab works.

(In reply to Fanolian from comment #4)

Similar warnings for any image attachments in BMO, with or without logged on.

It seems worthy for a separate bug. Filed bug 1798127.

clickup.com seems to be working properly locally with my fix to bug 1797983, so I'll verify this bug again after that bug is fixed.

Depends on: 1797983

Assigning to Sean to verify after bug 1797983 lands.

Assignee: nobody → sefeng
Severity: -- → S3
Priority: -- → P1
Whiteboard: [necko-triaged]
Whiteboard: [necko-triaged] → [necko-triaged][orb:m1]

Dave, mind confirming the fix here? It seems to load for me.

Flags: needinfo?(dtownsend)

Yes this seems fixed.

Status: NEW → RESOLVED
Closed: 2 years ago
Flags: needinfo?(sefeng)
Flags: needinfo?(dtownsend)
Resolution: --- → FIXED

Well...ORB has been turned off by default, so it should work regardless the status of bug 1797983. However it should work now with ORB.
Dave, can you please to test again with browser.opaqueResponseBlocking=true? Ignore me if you have done this already. Thanks!

Flags: needinfo?(dtownsend)

(In reply to Sean Feng [:sefeng] from comment #10)

Well...ORB has been turned off by default, so it should work regardless the status of bug 1797983. However it should work now with ORB.
Dave, can you please to test again with browser.opaqueResponseBlocking=true? Ignore me if you have done this already. Thanks!

Yes I already did this.

Flags: needinfo?(dtownsend)

I am not able to reproduce the issue on Win10x64 using FF build 108.0a1(20221028212211). I need to reproduce it in order to confirm the fix. Also links from comment#4 are not valid when I try to open them. Any other way in reproducing this?
Reporter it seems you have verified the issue. Can you please confirm if you verified it against Beta 109.0b, so I can mark it as verified? Thank you so much.

Flags: needinfo?(dtownsend)

(In reply to Monica Chiorean from comment #12)

I am not able to reproduce the issue on Win10x64 using FF build 108.0a1(20221028212211). I need to reproduce it in order to confirm the fix. Also links from comment#4 are not valid when I try to open them. Any other way in reproducing this?
Reporter it seems you have verified the issue. Can you please confirm if you verified it against Beta 109.0b, so I can mark it as verified? Thank you so much.

The original link should be http://www.clickup.com.

Flags: needinfo?(dtownsend)

(In reply to Dave Townsend [:mossop] from comment #13)

(In reply to Monica Chiorean from comment #12)

I am not able to reproduce the issue on Win10x64 using FF build 108.0a1(20221028212211). I need to reproduce it in order to confirm the fix. Also links from comment#4 are not valid when I try to open them. Any other way in reproducing this?
Reporter it seems you have verified the issue. Can you please confirm if you verified it against Beta 109.0b, so I can mark it as verified? Thank you so much.

The original link should be http://www.clickup.com.

Link (http://www.clickup.com/) seems to load fine on both old and latest Beta(there is no difference in loading). Is FF build 108.0a1(20221028212211) the one with the issue ?

Flags: needinfo?(dtownsend)

(In reply to Monica Chiorean from comment #14)

(In reply to Dave Townsend [:mossop] from comment #13)

(In reply to Monica Chiorean from comment #12)

I am not able to reproduce the issue on Win10x64 using FF build 108.0a1(20221028212211). I need to reproduce it in order to confirm the fix. Also links from comment#4 are not valid when I try to open them. Any other way in reproducing this?
Reporter it seems you have verified the issue. Can you please confirm if you verified it against Beta 109.0b, so I can mark it as verified? Thank you so much.

The original link should be http://www.clickup.com.

Link (http://www.clickup.com/) seems to load fine on both old and latest Beta(there is no difference in loading). Is FF build 108.0a1(20221028212211) the one with the issue ?

Yes

Flags: needinfo?(dtownsend)
You need to log in before you can comment on or make changes to this bug.