The HTTPS Only error page repeats forever in view-source:http://IP-addresses when privacy.firstparty.isolate is enabled
Categories
(Core :: DOM: Security, defect, P3)
Tracking
()
People
(Reporter: pierov, Assigned: maltejur)
References
(Blocks 1 open bug)
Details
(Whiteboard: [domsecurity-active])
Attachments
(2 files)
48 bytes,
text/x-phabricator-request
|
Details | Review | |
48 bytes,
text/x-phabricator-request
|
RyanVM
:
approval-mozilla-esr115+
|
Details | Review |
Bug 1647829 solved an issue for which the HTTPS Only error page was shown in loop with privacy.firstparty.isolate
enabled.
But that condition still happens with view-source:http://IP-address
.
Steps to reproduce:
- Enable
privacy.firstparty.isolate
and HTTPS Only - Open
view-source:http://128.31.0.34/
in the URL bar - Get the HTTPS Only error
- Click on Continue to HTTP Site
Comment 1•9 months ago
•
|
||
Very little of this code seems to deal with nested nsIURIs, of which "view-source:" would be the most relevant example. We still use "jar:" internally but don't allow it for remote content, but it looks like some of the https-only code does still have to deal with it (internal chrome pages, I guess). It looks like "wyciwyg:" is gone), but in the past that was used to reference pages from the bfcache ("What You Cache Is What You Get") -- dunno what we use now.
The code for saving the exception patched in bug 1647829 already dealt with view-source:, and that patch only had to add the first-party-domain attribute.
bug 1
The Site Identity panel code in browser/base/content/browser-siteIdentity.js doesn't seem to deal with it correctly. Stripping view-source off the URL will work, but means every kind of nested URL has to be dealt with individually and indeed, this code also has a special-case "jar" section (that won't handle nested jar files, which can happen!)
https://searchfox.org/mozilla-central/rev/37d9d6f0a77147292a87ab2d7f5906a62644f455/browser/base/content/browser-siteIdentity.js#1125-1127,1155-1166
Instead it should have done something like this up at the top of setURI()
if (uri instanceof Ci.nsINestedURI)
uri = uri.QueryInterface(Ci.nsINestedURI).innerMostURI;
}
Fixing the above won't fix this loop, but it's related.
bug 2
openWebsiteInsecure() in AboutHttpsOnlyErrorParent.jsm (the file patched by bug 1647829) isn't quite right, either. It's good it's using innerURI
instead of syntactically rewriting the URL, but it shouldn't special-case "view-source". Instead check if it's a nsINestedURI, and if it is grab .innermostURI
, not just .innerURI
. Wasn't going to mention this, but seeing that browser-siteIdentity.js does have to deal with jar:
URIs then maybe we do have to make this code right.
This might be the reporter's bug
origin attributes without explicit first party setting is done here:
https://searchfox.org/mozilla-central/rev/37d9d6f0a77147292a87ab2d7f5906a62644f455/dom/ipc/WindowGlobalParent.cpp#1342,1354-1357
I'm guessing a similar problem to the original "about:" bug, but in this case it's getting a "view-source:" first-party from the original principal. But code that turns a URI into an origin (e.g. for same-origin checks) should already be de-nesting these. Maybe that code is broken, too?
Comment 2•9 months ago
|
||
Fixing the above won't fix this loop, but it's related.
To clarify the ambiguous pronouns, I meant fixing the browser-siteIdentity.js problems won't fix the view-source:
loop described in comment 0
I'm guessing a similar problem to the original "about:" bug [...]
I stress guessing. It would be easy to prove or disprove in a debugger, which I didn't check in (what was supposed to be) a quick "triage" pass. Start looking here, but I could be wrong.
Assignee | ||
Comment 3•9 months ago
|
||
As far as I can tell, the code linked in WindowGlobalParent::RecvReloadWithHttpsOnlyException
is doing its job correctly. At least when I visit the exceptions UI in the settings, I see that a temporary exception for http://128.31.0.34^firstPartyDomain=128.31.0.34
is correctly added. So the place where the problem lies is probably rather the code that is checking if a exception permission for the current principal is set, so nsHTTPSOnlyUtils::TestSitePermissionAndPotentiallyAddExemption
. That function is getting the principal here. I'll try to figure out what goes wrong there.
Assignee | ||
Comment 4•9 months ago
|
||
Comment 5•9 months ago
|
||
Bug 1758558 has some digging into Nest URIs and some potential bugs lurking in the codebase.
Assignee | ||
Comment 6•9 months ago
|
||
(In reply to Tom Ritter [:tjr] from comment #5)
Bug 1758558 has some digging into Nest URIs and some potential bugs lurking in the codebase.
Can you CC me on that bug? I currently don't have access to it.
Updated•9 months ago
|
Updated•9 months ago
|
Updated•9 months ago
|
Updated•8 months ago
|
Pushed by fbraun@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/54dd41cecdd0 Use innermost nested URI in `PopulateTopLevelInfoFromURI` r=freddyb,timhuang
Comment 8•8 months ago
|
||
Backed out for causing bc failures on browser_fpi_nested_uri.js.
[task 2023-11-06T10:32:45.490Z] 10:32:45 INFO - TEST-START | toolkit/components/httpsonlyerror/tests/browser/browser_fpi_nested_uri.js
[task 2023-11-06T10:32:45.619Z] 10:32:45 INFO - GECKO(3434) | ### XPCOM_MEM_BLOAT_LOG defined -- logging bloat/leaks to /tmp/tmpgbhdjkuv.mozrunner/runtests_leaks_tab_pid4172.log
[task 2023-11-06T10:32:45.647Z] 10:32:45 INFO - GECKO(3434) | [Child 4172, Main Thread] WARNING: could not set real-time limit in CubebUtils::InitLibrary: file /builds/worker/checkouts/gecko/dom/media/CubebUtils.cpp:657
[task 2023-11-06T10:32:45.882Z] 10:32:45 INFO - GECKO(3434) | [WARN rkv::backend::impl_safe::environment] `load_ratio()` is irrelevant for this storage backend.
[task 2023-11-06T10:32:45.906Z] 10:32:45 INFO - GECKO(3434) | console.error: (new Error("Polling for changes failed: Unexpected content-type \"text/plain;charset=US-ASCII\".", "resource://services-settings/remote-settings.sys.mjs", 321))
[task 2023-11-06T10:32:46.039Z] 10:32:46 INFO - GECKO(3434) | [Child 3532: Main Thread]: I/DocShellAndDOMWindowLeak --DOMWINDOW == 2 (7f75ed232400) [pid = 3532] [serial = 6] [outer = 0] [url = about:blank]
[task 2023-11-06T10:32:46.040Z] 10:32:46 INFO - GECKO(3434) | [Child 3532: Main Thread]: I/DocShellAndDOMWindowLeak --DOCSHELL 7f75ed22a000 == 0 [pid = 3532] [id = 2] [url = about:blank]
[task 2023-11-06T10:32:48.294Z] 10:32:48 INFO - GECKO(3434) | [Child 3631: Main Thread]: I/DocShellAndDOMWindowLeak --DOCSHELL 7fb9e446a800 == 2 [pid = 3631] [id = 3] [url = about:privatebrowsing]
[task 2023-11-06T10:32:48.295Z] 10:32:48 INFO - GECKO(3434) | [Child 3631: Main Thread]: I/DocShellAndDOMWindowLeak --DOCSHELL 7fb9e454ac00 == 1 [pid = 3631] [id = 2] [url = about:privatebrowsing]
[task 2023-11-06T10:32:48.391Z] 10:32:48 INFO - GECKO(3434) | [Child 3631: Main Thread]: I/DocShellAndDOMWindowLeak --DOMWINDOW == 7 (7fb9e44f53e0) [pid = 3631] [serial = 10] [outer = 0] [url = about:privatebrowsing]
[task 2023-11-06T10:32:48.392Z] 10:32:48 INFO - GECKO(3434) | [Child 3631: Main Thread]: I/DocShellAndDOMWindowLeak --DOMWINDOW == 6 (7fb9eb6042e0) [pid = 3631] [serial = 7] [outer = 0] [url = about:privatebrowsing]
[task 2023-11-06T10:32:48.600Z] 10:32:48 INFO - GECKO(3434) | [Parent 3434: Main Thread]: I/DocShellAndDOMWindowLeak --DOCSHELL 7fb3202e6400 == 5 [pid = 3434] [id = 5] [url = chrome://browser/content/browser.xhtml]
[task 2023-11-06T10:32:48.918Z] 10:32:48 INFO - GECKO(3434) | [Parent 3434, Main Thread] WARNING: '!top', file /builds/worker/checkouts/gecko/dom/xul/MenuBarListener.cpp:99
[task 2023-11-06T10:32:48.931Z] 10:32:48 INFO - GECKO(3434) | [Parent 3434: Main Thread]: I/DocShellAndDOMWindowLeak --DOMWINDOW == 13 (7fb324486b60) [pid = 3434] [serial = 13] [outer = 0] [url = chrome://browser/content/browser.xhtml]
[task 2023-11-06T10:32:48.931Z] 10:32:48 INFO - GECKO(3434) | [Parent 3434: Main Thread]: I/DocShellAndDOMWindowLeak --DOMWINDOW == 12 (7fb332dc9f20) [pid = 3434] [serial = 15] [outer = 0] [url = about:blank]
[task 2023-11-06T10:32:50.148Z] 10:32:50 INFO - GECKO(3434) | [Child 3532: Main Thread]: I/DocShellAndDOMWindowLeak --DOMWINDOW == 1 (7f75ec62a200) [pid = 3532] [serial = 7] [outer = 0] [url = about:blank]
[task 2023-11-06T10:32:52.672Z] 10:32:52 INFO - GECKO(3434) | [Child 3631: Main Thread]: I/DocShellAndDOMWindowLeak --DOMWINDOW == 5 (7fb9e454b000) [pid = 3631] [serial = 8] [outer = 0] [url = about:blank]
[task 2023-11-06T10:32:52.672Z] 10:32:52 INFO - GECKO(3434) | [Child 3631: Main Thread]: I/DocShellAndDOMWindowLeak --DOMWINDOW == 4 (7fb9e454c400) [pid = 3631] [serial = 9] [outer = 0] [url = about:privatebrowsing]
[task 2023-11-06T10:32:52.673Z] 10:32:52 INFO - GECKO(3434) | [Child 3631: Main Thread]: I/DocShellAndDOMWindowLeak --DOMWINDOW == 3 (7fb9e446bc00) [pid = 3631] [serial = 12] [outer = 0] [url = about:privatebrowsing]
[task 2023-11-06T10:32:52.674Z] 10:32:52 INFO - GECKO(3434) | [Child 3631: Main Thread]: I/DocShellAndDOMWindowLeak --DOMWINDOW == 2 (7fb9e446ac00) [pid = 3631] [serial = 11] [outer = 0] [url = about:blank]
[task 2023-11-06T10:32:52.913Z] 10:32:52 INFO - GECKO(3434) | [Parent 3434: Main Thread]: I/DocShellAndDOMWindowLeak --DOMWINDOW == 11 (7fb326463000) [pid = 3434] [serial = 16] [outer = 0] [url = about:blank]
[task 2023-11-06T10:32:52.913Z] 10:32:52 INFO - GECKO(3434) | [Parent 3434: Main Thread]: I/DocShellAndDOMWindowLeak --DOMWINDOW == 10 (7fb32034f800) [pid = 3434] [serial = 14] [outer = 0] [url = about:blank]
[task 2023-11-06T10:32:54.228Z] 10:32:54 INFO - GECKO(3434) | [Child 3532: Main Thread]: I/DocShellAndDOMWindowLeak --DOMWINDOW == 0 (7f75ed22b400) [pid = 3532] [serial = 8] [outer = 0] [url = about:blank]
[task 2023-11-06T10:34:15.901Z] 10:34:15 INFO - TEST-INFO | started process screentopng
[task 2023-11-06T10:34:16.243Z] 10:34:16 INFO - TEST-INFO | screentopng: exit 0
[task 2023-11-06T10:34:16.245Z] 10:34:16 INFO - Buffered messages logged at 10:32:45
[task 2023-11-06T10:34:16.246Z] 10:34:16 INFO - Entering setup bound
[task 2023-11-06T10:34:16.247Z] 10:34:16 INFO - Leaving setup bound
[task 2023-11-06T10:34:16.247Z] 10:34:16 INFO - Entering test bound
[task 2023-11-06T10:34:16.249Z] 10:34:16 INFO - Console message: [JavaScript Warning: "HTTPS-Only Mode: Upgrading insecure request “http://192.168.0.0/” to use “https”." {file: "http://192.168.0.0/" line: 0}]
[task 2023-11-06T10:34:16.249Z] 10:34:16 INFO - Buffered messages finished
[task 2023-11-06T10:34:16.250Z] 10:34:16 INFO - TEST-UNEXPECTED-FAIL | toolkit/components/httpsonlyerror/tests/browser/browser_fpi_nested_uri.js | Test timed out -
[task 2023-11-06T10:34:16.252Z] 10:34:16 INFO - GECKO(3434) | [Child 4128: Main Thread]: I/DocShellAndDOMWindowLeak ++DOCSHELL 7f8c8ac34400 == 1 [pid = 4128] [id = 0]
[task 2023-11-06T10:34:16.253Z] 10:34:16 INFO - GECKO(3434) | [Child 4128: Main Thread]: I/DocShellAndDOMWindowLeak ++DOMWINDOW == 1 (7f8c8b6b5020) [pid = 4128] [serial = 1] [outer = 0]
[task 2023-11-06T10:34:16.253Z] 10:34:16 INFO - GECKO(3434) | [Child 4128: Main Thread]: I/DocShellAndDOMWindowLeak ++DOMWINDOW == 2 (7f8c8ac34c00) [pid = 4128] [serial = 2] [outer = 7f8c8b6b5020]
[task 2023-11-06T10:34:16.254Z] 10:34:16 INFO - GECKO(3434) | [Parent 3434, Main Thread] WARNING: NS_ENSURE_SUCCESS(rv, rv) failed with result 0x80040111 (NS_ERROR_NOT_AVAILABLE): file /builds/worker/checkouts/gecko/caps/BasePrincipal.cpp:1535
[task 2023-11-06T10:34:16.255Z] 10:34:16 INFO - GECKO(3434) | [Parent 3434, Main Thread] WARNING: Failed to preload local storage!: file /builds/worker/checkouts/gecko/dom/ipc/ContentParent.cpp:6435
[task 2023-11-06T10:34:16.256Z] 10:34:16 INFO - Console message: [JavaScript Error: "HTTPS-Only Mode: Upgrading insecure request “https://192.168.0.0/” failed. (M6-C14)" {file: "https://192.168.0.0/" line: 0}]
[task 2023-11-06T10:34:16.257Z] 10:34:16 INFO - GECKO(3434) | [Child 4128: Main Thread]: I/DocShellAndDOMWindowLeak ++DOMWINDOW == 3 (7f8c8ac37400) [pid = 4128] [serial = 3] [outer = 7f8c8b6b5020]
[task 2023-11-06T10:34:16.257Z] 10:34:16 INFO - GECKO(3434) | [Child 4128, Main Thread] WARNING: NS_ENSURE_SUCCESS(rv, NS_OK) failed with result 0x80004005 (NS_ERROR_FAILURE): file /builds/worker/checkouts/gecko/caps/BasePrincipal.cpp:1150
[task 2023-11-06T10:34:16.258Z] 10:34:16 INFO - GECKO(3434) | JavaScript error: resource://gre/modules/XULStore.sys.mjs, line 60: Error: Can't find profile directory.
[task 2023-11-06T10:34:16.258Z] 10:34:16 INFO - GECKO(3434) | [Child 4128, Main Thread] WARNING: '!mLocalStore', file /builds/worker/checkouts/gecko/dom/xul/XULPersist.cpp:146
[task 2023-11-06T10:34:16.275Z] 10:34:16 INFO - Console message: [JavaScript Error: "Error: Can't find profile directory." {file: "resource://gre/modules/XULStore.sys.mjs" line: 60}]
[task 2023-11-06T10:34:16.276Z] 10:34:16 INFO - load@resource://gre/modules/XULStore.sys.mjs:60:15
[task 2023-11-06T10:34:16.277Z] 10:34:16 INFO - XULStore@resource://gre/modules/XULStore.sys.mjs:17:10
[task 2023-11-06T10:34:16.277Z] 10:34:16 INFO -
[task 2023-11-06T10:34:16.597Z] 10:34:16 INFO - GECKO(3434) | MEMORY STAT | vsize 3193MB | residentFast 397MB | heapAllocated 215MB
Assignee | ||
Updated•8 months ago
|
Pushed by fbraun@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/544dcbd8979a Use innermost nested URI in `PopulateTopLevelInfoFromURI` r=freddyb,timhuang
Comment 10•8 months ago
|
||
bugherder |
Reporter | ||
Comment 11•8 months ago
|
||
Thanks for the fix!
Would it be possible to uplift it to the ESR?
Comment 12•8 months ago
|
||
The patch landed in nightly and beta is affected.
:mjurgens, is this bug important enough to require an uplift?
- If yes, please nominate the patch for beta approval.
- If no, please set
status-firefox120
towontfix
.
For more information, please visit BugBot documentation.
Assignee | ||
Comment 13•8 months ago
|
||
Original Revision: https://phabricator.services.mozilla.com/D190468
Updated•8 months ago
|
Assignee | ||
Updated•8 months ago
|
Comment 14•8 months ago
|
||
Uplift Approval Request
- Is Android affected?: no
- Code covered by automated testing: yes
- Risk associated with taking this patch: Low/Medium
- User impact if declined: Tor Browser users and ESR users with privacy.firstparty.isolate enabled will see a infinite error loop when viewing the source code of a page visited by IP-address until the next major ESR release
- Fix verified in Nightly: yes
- Explanation of risk level: This is a simple behavioural change which is limited to a single function, but it does touch relatively low-level code
- Needs manual QE test: no
- String changes made/needed: No
- Steps to reproduce for manual QE testing: https://bugzilla.mozilla.org/show_bug.cgi?id=1855734#c0
Comment 15•8 months ago
|
||
Uplift Approval Request
- Is Android affected?: no
- Code covered by automated testing: yes
- Risk associated with taking this patch: Low/Medium
- User impact if declined: Tor Browser users and ESR users with privacy.firstparty.isolate and HTTPS-Only enabled will see a infinite error loop when viewing the source code of a page visited by IP-address until the next major ESR release
- Fix verified in Nightly: yes
- Needs manual QE test: no
- Explanation of risk level: This is a simple behavioural change which is limited to a single function, but it does touch relatively low-level code
- String changes made/needed: No
- Steps to reproduce for manual QE testing: https://bugzilla.mozilla.org/show_bug.cgi?id=1855734#c0
Comment 16•7 months ago
|
||
Comment on attachment 9362976 [details]
Bug 1855734 - Use innermost nested URI in PopulateTopLevelInfoFromURI
Approved for 115.6esr.
Updated•7 months ago
|
Comment 17•7 months ago
|
||
uplift |
https://hg.mozilla.org/releases/mozilla-esr115/rev/6f850e14e9dc
Updated•7 months ago
|
Comment 18•6 months ago
|
||
Hello! Reproduced the issue using STR from comment 0 on Windows 10x64. The HTTPS-only error page is displayed again and again after clicking to continue to the HTTP site.
The issue is verified fixed with Firefox 121.0 and 115.6esr on Windows 10x64, macOS 12 and Ubuntu 22.1. Clicking the Continue to the HTTP site
button will now open the page as expected.
Description
•