Closed Bug 1830022 Opened 2 years ago Closed 1 year ago

Add Idempotency-Key header to POST and PATCH requests.

Categories

(Core :: Networking: HTTP, enhancement, P2)

Product:
Core
Component:
Networking: HTTP
Type:
enhancement
Points:
7

Tracking

()

Status:
RESOLVED FIXED
Milestone:
135 Branch
Tracking Flags:
Tracking Status
firefox135 --- fixed

People

(Reporter: valentin, Assigned: smayya)

References

(Blocks 1 open bug, Regressed 1 open bug)

Details

(Keywords: webcompat:platform-bug, Whiteboard: [necko-triaged][necko-priority-queue])

Attachments

(3 files)

Bug 1830022 - add Idempotency-Key header to post request. r=#necko
48 bytes, text/x-phabricator-request
Details | Review
Bug 1830022 - add test to verify Idempotency-Key header settings. r=#necko
48 bytes, text/x-phabricator-request
Details | Review
Bug 1830022 - update POST tests for idempotency-key. r=#necko
48 bytes, text/x-phabricator-request
Details | Review

See https://mailarchive.ietf.org/arch/msg/httpapi/qAKwsPgiz7wbnorZcQTiGKMarEk for context.
https://datatracker.ietf.org/doc/draft-ietf-httpapi-idempotency-key-header/

The changes would be something like:
If the request is POST/PATCH and it doesn't have the "Idempotency-Key" header set, then add one with a random UUID value. (If it already has one, set by fetch for example, we should not overwrite it).
Add a test that the same header is sent when refreshing the page that sent the inital POST.

Whiteboard: [necko-triaged][necko-priority-next] → [necko-triaged][necko-priority-queue]
  • We generate a random string when the POST or PATCH http channel don't have an "Idempotency-Key" and set it.
  • Make sure we set the same Idempotency-Key header when we refresh the page and the POST dialog shows up (we are posting the same content again, it should use the same idempotency-key).
  • Figure out how the repost-ing is triggered. TODO
Points: --- → 7
Assignee: nobody → smayya
Attachment #9435054 - Attachment description: WIP: Bug 1830022 - add Idempotency-Key header to post request. r=#necko → Bug 1830022 - add Idempotency-Key header to post request. r=#necko
Attachment #9435055 - Attachment description: WIP: Bug 1830022 - add test to verify Idempotency-Key header settings. r=#necko → Bug 1830022 - add test to verify Idempotency-Key header settings. r=#necko
Pushed by smayya@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/6f0c887676d8 add Idempotency-Key header to post request. r=necko-reviewers,valentin https://hg.mozilla.org/integration/autoland/rev/c45ae56fbc1c add test to verify Idempotency-Key header settings. r=necko-reviewers,valentin

Backed out for causing wpt failures @ fetch-request-xhr.https.html

TEST-UNEXPECTED-FAIL | /service-workers/service-worker/fetch-request-xhr.https.html | event.request has the expected headers for same-origin POST. - promise_test: Unhandled rejection with value: object "Error: assert_array_equals: event.request has the expected headers for same-origin POST. lengths differ, expected array ["accept", "content-type"] length 2, got ["accept", "content-type", "idempotency-key"] length 3"

————————————————————————————
Backed out for causing mochitest failures @ test_fetch_cors_sw_reroute.html

TEST-UNEXPECTED-FAIL | dom/tests/mochitest/fetch/test_fetch_cors_sw_reroute.html | Expected test failure for {"pass":1,"method":"POST","body":"hi there","noAllowPreflight":1}

————————————————————————————
Backed out for causing dt failures @ browser_net_copy_as_curl.js

TEST-UNEXPECTED-FAIL | devtools/client/netmonitor/test/browser_net_copy_as_curl.js | Timed out while polling clipboard for requested data, got: curl 'https://example.com/browser/devtools/client/netmonitor/test/sjs_simple-test-server.sjs' -X POST -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:134.0) Gecko/20100101 Firefox/134.0' -H 'Accept: */*' -H 'Accept-Language: en-US' -H 'Accept-Encoding: gzip, deflate, br, zstd' -H 'X-Custom-Header-1:
Flags: needinfo?(smayya)
Flags: needinfo?(smayya)
Attachment #9435054 - Attachment description: Bug 1830022 - add Idempotency-Key header to post request. r=#necko → WIP: Bug 1830022 - add Idempotency-Key header to post request. r=#necko
Attachment #9435055 - Attachment description: Bug 1830022 - add test to verify Idempotency-Key header settings. r=#necko → WIP: Bug 1830022 - add test to verify Idempotency-Key header settings. r=#necko

Depends on D227802

Hey Martin,

There are couple of issues before we land this.
Do you think it is OK to treat IDK header as CORS-safe, i.e. can we use this header in fetch API's no-cors mode. Currently we treat the following headers as CORS-safe

I just noticed that the draft has expired. Do we have any reasons not to land this patch?

Kindly confirm.

Thanks

Flags: needinfo?(mt)

Discussed internally with Martin.

Here are our next steps:

  • Release this feature under a pref by safe-listing the IDK header.
  • Contacting the spec author for further clarity on this one.
Flags: needinfo?(mt)
Attachment #9435054 - Attachment description: WIP: Bug 1830022 - add Idempotency-Key header to post request. r=#necko → Bug 1830022 - add Idempotency-Key header to post request. r=#necko
Attachment #9435055 - Attachment description: WIP: Bug 1830022 - add test to verify Idempotency-Key header settings. r=#necko → Bug 1830022 - add test to verify Idempotency-Key header settings. r=#necko
Attachment #9440990 - Attachment description: WIP: Bug 1830022 - update POST test to accomodate idempotency-key → WIP: Bug 1830022 - update POST tests for idempotency-key
Attachment #9440990 - Attachment description: WIP: Bug 1830022 - update POST tests for idempotency-key → Bug 1830022 - update POST tests for idempotency-key. r=#necko
Pushed by smayya@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/046fbeb93400 add Idempotency-Key header to post request. r=necko-reviewers,valentin https://hg.mozilla.org/integration/autoland/rev/1418de170250 add test to verify Idempotency-Key header settings. r=necko-reviewers,valentin https://hg.mozilla.org/integration/autoland/rev/e3b4f68850a3 update POST tests for idempotency-key. r=necko-reviewers,devtools-reviewers,kershaw,jdescottes

Backed out for causing multiple failures.

  • Backout link
  • Push with failures - wpt failures
  • Failure Log
  • Failure line: TEST-UNEXPECTED-FAIL | /service-workers/service-worker/fetch-request-xhr.https.html | event.request has the expected headers for same-origin POST. - promise_test: Unhandled rejection with value: object "Error: assert_array_equals: event.request has the expected headers for same-origin POST. lengths differ, expected array ["accept", "content-type"] length 2, got ["accept", "content-type", "idempotency-key"] length 3"
  • Push with failures - dt failures
  • Failure Log
  • Failure line: TEST-UNEXPECTED-FAIL | devtools/client/netmonitor/test/browser_net_copy_as_powershell.js | Timed out while polling clipboard for requested data, got: $session = New-Object Microsoft.PowerShell.Commands.WebRequestSession
Flags: needinfo?(smayya)
Pushed by smayya@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/1c2d7061c4c1 add Idempotency-Key header to post request. r=necko-reviewers,valentin https://hg.mozilla.org/integration/autoland/rev/8eac77ee30b8 add test to verify Idempotency-Key header settings. r=necko-reviewers,valentin https://hg.mozilla.org/integration/autoland/rev/0e63fe79ee46 update POST tests for idempotency-key. r=necko-reviewers,devtools-reviewers,kershaw,jdescottes

Backed out for causing Wd assertion failures on nsHttpChannel.cpp

Backout link

Push with failures

Failure log

Flags: needinfo?(smayya)
Pushed by smayya@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/49a118de2acc add Idempotency-Key header to post request. r=necko-reviewers,valentin https://hg.mozilla.org/integration/autoland/rev/26df7b20115e add test to verify Idempotency-Key header settings. r=necko-reviewers,valentin https://hg.mozilla.org/integration/autoland/rev/a90576b7f21b update POST tests for idempotency-key. r=necko-reviewers,devtools-reviewers,kershaw,jdescottes

https://hg.mozilla.org/mozilla-central/rev/49a118de2acc
https://hg.mozilla.org/mozilla-central/rev/26df7b20115e
https://hg.mozilla.org/mozilla-central/rev/a90576b7f21b

Status: NEW → RESOLVED
Closed: 1 year ago
status-firefox135: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 135 Branch
Regressions: 1937298
Regressions: 1940594
Regressions: 1938542
Blocks: 1990204
Blocks: 1991641
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: