Closed
Bug 1909270
Opened 1 year ago
Closed 1 year ago
webRequest details.thirdParty is constant, even across cross-origin redirects
Categories
(WebExtensions :: Request Handling, defect, P3)
WebExtensions
Request Handling
Tracking
(firefox131 fixed)
RESOLVED
FIXED
131 Branch
| Tracking | Status | |
|---|---|---|
| firefox131 | --- | fixed |
People
(Reporter: robwu, Assigned: robwu)
References
Details
(Whiteboard: [addons-jira])
Attachments
(1 file)
STR:
- In an extension with webRequest and all_urls permission (or at least example.com and httpbingo.org), run this snippet:
browser.webRequest.onBeforeRequest.addListener(e=>console.log(e.thirdParty,e.url,e.requestId),{urls:['*://*/*logme*']}) - Visit https://example.com/ and run this snippet:
fetch("https://httpbingo.org/redirect-to?url=https%3A%2F%2Fexample.com%2Flogme") - Visit https://httpsbingo.com/robots.txt and run the same snippet at step 2.
- Look at the devtools console from step 1.
Expected:
- Step 2 should log: true, false (or true, true if a request is considered third-party if any request in the redirect chain was third-party)
- Step 3 should log: false, true (=initially same-origin request, redirected to cross-origin should be third party)
Actual:
- Step 2 logs true, true.
- Step 3 logs false, false - despite the redirect target being cross-origin relative to the requestor,
details.thirdPartyis false. This is a bug.
This is caused by the attribute being annotated as "Constant" rather than "Pure" at https://searchfox.org/mozilla-central/rev/5756c5a3dea4f2896cdb3c8bb15d0ced5e2bf690/dom/chrome-webidl/ChannelWrapper.webidl#449
According to the WebIDL docs, "Constant" should only be used for properties that always return the same value, whereas "Pure" can be used for fields whose value is constant unless the underlying DOM state changes (docs: https://firefox-source-docs.mozilla.org/dom/webIdlBindings/index.html#pure)
Besides changing "Constant" to "Pure", we should also clear the cached value, or else we will have the same issue as bug 1909081.
|
Assignee | |
Updated•1 year ago
|
Summary: details.thirdParty is constant, even across cross-origin redirects → webRequest details.thirdParty is constant, even across cross-origin redirects
|
|
Assignee | |
Comment 1•1 year ago
|
||
|
||
Updated•1 year ago
|
Assignee: nobody → rob
Status: NEW → ASSIGNED
|
|
Assignee | |
Updated•1 year ago
|
Whiteboard: [addons-jira]
|
||
Updated•1 year ago
|
|
||
Updated•1 year ago
|
Severity: -- → S3
Priority: -- → P3
Pushed by rob@robwu.nl:
https://hg.mozilla.org/integration/autoland/rev/7b38046842cb
Clear thirdParty flag on redirect r=zombie
|
||
Comment 3•1 year ago
|
||
| bugherder | ||
Status: ASSIGNED → RESOLVED
Closed: 1 year ago
status-firefox131:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 131 Branch
You need to log in
before you can comment on or make changes to this bug.
Description
•