Network event should not be emitted for data-uri triggered by layout/res/html.css
Categories
(DevTools :: Netmonitor, defect)
Tracking
(firefox135 fixed)
| Tracking | Status | |
|---|---|---|
| firefox135 | --- | fixed |
People
(Reporter: jdescottes, Assigned: jdescottes)
References
Details
Attachments
(1 file)
While implementing data-URI support for devtools netmonitor, I realised we can see requests from some internal stylesheets such as https://searchfox.org/mozilla-central/rev/5da13af5e6be251b70e994c8b4bd35fb5271f1e3/layout/style/res/html.css#8-11
@font-face {
font-family: -moz-bullet-font;
src: url("data:font/woff2;base64,d09GMgABAAAAAAScAAsAAAAACfAAAARNAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAABmAAhBIRCAqGMIRJATYCJAMsCxgABCAFhF4HaBsuCMgehXEsLOlXaXd7sgbPQ172fjLwdhYFM92mABaiTuRVdO5/mx9I5UJiJom3phLRQw/TSF2M/vo25+pNyWkNws81NrUDAAf0QOdfcf7nmPEyBPZtCbbZEDuosskKZG922ZhBenh05qcSXktf6s3Oy9dAkWsyDzMoM5QTKcwKNjFayUPSREGFhUMrdE8MJsH052qGcYNO3pbEaYIBoDTItIKGAqhDdKHRD0kkKg6QGSCWEfueTNr3P6OvYaIbDH/8ULEAbjQtUt+hT/qmX/SH/twwMLDqN4jxzXjy4PHtltSA6lINqkpRd7N7onVBP20y7YBWyDIHFEBjqKBFMmECfQcTZtD3MmEB/SATVtCPM2ED/TQTdtCfS0/pEsN4ySin3r8q8xHE+0D0XMg8gJi4YrNpNv3qetXuDyeo6OBNZrq5gi7ouC1zcmB2Fd+FewIhcUIfszpF1hzXhrmMCwxaznRyZjig6Y2W7+bBn2DL8fJu/2oHbWc6X80+LUTXcVzv8O3IOy4qKVyFw/DHaMtfzNQEi5gbFT/EDpiofbpkYq2dQui6WcpfxrVBEJ/KxbLA4ZroZoVx+iE+QeTIiI7oKuoUIk/a1ekEOoNFjozm0suYYUelq13/88K1c3PTH9O9Q0d5LZbu7+J2aT7XP23KyQs+34WTU7r8d/k0l6dLl98Dn+/BSUZc7U0mm7FqhSMO9EHV/j5FB4qYX4aXNaKwz/4RRfAWsW8xGW+hvr8PTAf6IP9mRpkDwwv7QFz9HRuOeGWfd8rkyYsWTVy4vpG/pgVNWzBx0aTeIgeq58XFVfZXVduwuOq51a77aT0XLVw4v1PBFjRsQzO+tVeVp3KIwqfKbd6sdjzGvFSuPMquGpMT29lkrhwbE5uz6cGHhIETB06oUk+6tHLJgfnu/3nVnJzYxiXNjQNjYqsu+vCgYKDla5uUOzTNDZg46eCBd3d3gSk9Kz/bFiv8hvOzCT5eqyjBGerT+EiG/JGqwbC+UQ6Bv9bmKGWMj8Yn+fPVRJxKBGqTFXQyM9DhHSlvEHmLVxyYjY/Fdd3hACfLyP3VVZLvVR7B0pxSsGIBqHhwT5sSMOMkRG0BJhpsWMkEO24KwE0pqp3tIYTWCIjJjuBiGNTKTj8JoBLKAn4TmPFnj9oywZwFGx4egp1g3oObeLHdwUO2pFcYTITZCa2c1GQbNg6RCsu9bpikThhAWnLaBi3LM8+5VbMU6rUn30owOC83ULcfBlClb5BBre46BinaWRal85SUvlCbUx1Nbyj2HWCxBTkEgWScQKzsTioJW0IanAYRZqET4mZLSKU2JABII9np01lQ7lOt3srtM1KAeqgQPhYJSMCZJRuAukRZB1CF35gB1MJBr4ilIPZchNyIlDkpRt+3s96cz9K8XKQvCdZfcqWxgtLoXZ2AoKAyVSRRxSRmsYjVOriP089q3z6gdMjE5KI7kzumWzpnAwAAAA==");
}
This will be visible when loading the neterror page for instance (eg try to navigate to https://not-a-real-page.com/).
The principal for this request is the regular content principal, and I can't seem to find a way to filter out this request when we only want to show requests made by the content page itself. Usually those stylesheets will only load chrome:// or resource:// urls, which will be filtered out, but for data: URIs I can't find any property on the channel to differentiate it from a regular data: URI channel created by the page.
|
Assignee | |
Comment 1•1 year ago
|
||
Not really a regression, since this was a new feature being implemented
|
|
Assignee | |
Comment 2•1 year ago
|
||
Hi Valentin,
Do you know if we have any way to detect that a channel is made by an internal stylesheet? (here resource://gre-resources/html.css)
Checking the loadingPrincipal doesn't really help here, and the loadingContext is null.
I think if the loadingContext could be set to the stylesheet responsible for loading this data: url it would be enough for us to filter them out, but not sure if this is feasible?
|
||
Comment 3•1 year ago
|
||
* If a stylesheet links to a sub-resource, like an @imported stylesheet,
* or a background image, then the triggeringPrincipal is the principal
* of the stylesheet, while the LoadingPrincipal is the principal of the
* document being styled.
*
* The triggeringPrincipal is never null.
Based on this description, I'd expect the triggeringPrincipal to be that of the CSS resource resource://gre-resources/html.css
Is that not the case?
|
|
Assignee | |
Comment 4•1 year ago
|
||
You're right, the triggeringPrincipal is not null here, and it is indeed the system principal. But there is no property set on this principal beyond isSystemPrincipal (no URL etc...), so I don't really know which CSS triggered the request (but maybe that's normal?)
With that in mind, I could update the following check to use triggeringPrincipal instead of loadingPrincipal:
// Ignore requests from chrome or add-on code when we don't monitor the whole browser
if (
channel.loadInfo?.loadingDocument === null &&
(channel.loadInfo.loadingPrincipal ===
Services.scriptSecurityManager.getSystemPrincipal() ||
channel.loadInfo.isInDevToolsContext)
) {
return false;
}
Although I'm not sure what are the potential implications of changing this, I wonder if we might miss potentially useful content requests. Will test a bit.
|
|
Assignee | |
Comment 5•1 year ago
|
||
Depends on D217413
The isChannelFromSystemPrincipal should be able to rely completely on the loading and triggeringPrincipal information.
Reusing the helper to filter out privileged requests from the content toolbox.
|
||
Updated•1 year ago
|
|
||
Comment 8•1 year ago
|
||
Backed out for causing failures at browser_keyword.js.
Backout link: https://hg.mozilla.org/integration/autoland/rev/2cb36bcf446a8125e29b71a0c2af43b351847838
Push where failures started: https://treeherder.mozilla.org/jobs?repo=autoland&group_state=expanded&selectedTaskRun=QkqDRjWtTSKjWJcdW4KZew.0&resultStatus=testfailed%2Cbusted%2Cexception%2Cretry%2Cusercancel&revision=e3fb3ee49ffe227b83fa2e1352f6f2195f403c75
Failure log: https://treeherder.mozilla.org/logviewer?job_id=484236991&repo=autoland&lineNumber=13
|
||
Comment 10•1 year ago
|
||
| bugherder | ||
|
|
Assignee | |
Updated•1 year ago
|
Description
•