Closed Bug 1937905 Opened 8 months ago Closed 6 months ago

A document should be added to DOM indicating network errors due to invalid header values

Categories

(Core :: Networking, defect, P2)

Product:
Core
Component:
Networking
Version:
Firefox 133
Type:
defect
Points:
2

Tracking

()

Status:
RESOLVED FIXED
Milestone:
138 Branch
Tracking Flags:
Tracking Status
firefox138 --- fixed

People

(Reporter: ats, Assigned: sekim)

References

(Blocks 1 open bug)

Details

(Whiteboard: [necko-triaged][necko-priority-queue])

Attachments

(3 files)

Bug 1937905 - Part 1: Add a neterror page for DOM indicating network errors due to invalid header values r=#necko
48 bytes, text/x-phabricator-request
Details | Review
Bug 1937905 - Part 2: Add a test for a neterror page due to invalid header values r=#necko
48 bytes, text/x-phabricator-request
Details | Review
Bug 1937905 - DOM's appstrings.properties should include entity for invalidHeaderValue r=flod
48 bytes, text/x-phabricator-request
Details | Review

Steps to reproduce:

Visit a webpage which returns a header containing a null value (\x00).

Actual results:

  • Firefox returns a network error (NS_ERROR_DOM_INVALID_HEADER_VALUE) as per spec.
  • No document is added to DOM indicating error.

Expected results:

An error document (eg: about:error) should be added to DOM for better user experience. This also causes tests for headers with null values to fail.

This is a follow-up bug from https://bugzilla.mozilla.org/show_bug.cgi?id=1891465 & https://github.com/web-platform-tests/wpt/pull/48855.

The Bugbug bot thinks this bug should belong to the 'Core::Networking' component, and is moving the bug to that component. Please correct in case you think the bot is wrong.

Component: Untriaged → Networking
Product: Firefox → Core

Hi Sean,

I think you might be interested in this bug as well.

Thanks.

Blocks: necko-error
Severity: -- → S3
Points: --- → 2
Flags: needinfo?(sekim)
Priority: -- → P2
Whiteboard: [necko-triaged][necko-priority-next]
Assignee: nobody → sekim
Flags: needinfo?(sekim)
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true

Hello Kershaw,

Do you have any suggestions for the error message?

Thank you

Flags: needinfo?(kershaw)

(In reply to Sean Kim from comment #4)

Hello Kershaw,

Do you have any suggestions for the error message?

Thank you

Maybe something like:

A header received from the server contains prohibited null characters (0x00).

I would suggest you to also ask in #content_design.
Thanks.

Flags: needinfo?(kershaw)
Whiteboard: [necko-triaged][necko-priority-next] → [necko-triaged][necko-priority-queue]
Attachment #9444972 - Attachment description: WIP: Bug 1937905 - A document should be added to DOM indicating network errors due to invalid header values r=#necko → Bug 1937905 - Part 1: Add a neterror page for DOM indicating network errors due to invalid header values r=#necko
Pushed by sekim@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/e37c1dbf5004 Part 1: Add a neterror page for DOM indicating network errors due to invalid header values r=fluent-reviewers,bolsson https://hg.mozilla.org/integration/autoland/rev/f7983c22a75f Part 2: Add a test for a neterror page due to invalid header values r=necko-reviewers,kershaw

https://hg.mozilla.org/mozilla-central/rev/e37c1dbf5004
https://hg.mozilla.org/mozilla-central/rev/f7983c22a75f

Status: ASSIGNED → RESOLVED
Closed: 6 months ago
status-firefox138: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 138 Branch
Pushed by sekim@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/e3b5deda2492 DOM's appstrings.properties should include entity for invalidHeaderValue r=flod DONTBUILD
Attachment #9470022 - Attachment description: Bug 1937905 - DOM's appstrings.properties should include entity for invalidHeaderValue r=flod → Bug 1937905 - DOM's appstrings.properties should include entity for blockedByCORP and invalidHeaderValue r=flod
Pushed by sekim@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/6ad61b4ea16d DOM's appstrings.properties should include entity for blockedByCORP and invalidHeaderValue r=flod

Making significant changes to a patch after review is generally not OK.

Recording here for a follow-up, since there is already a needinfo open.

+blockedByCORP=Firefox didn’t load this page because it looks like the security configuration doesn’t match the previous page.

DOM is supposed to be browser-agnostic, so having "Firefox" is a string is incorrect (although there is at least one in the file).

The browser didn’t load this page because it looks like the security configuration doesn’t match the previous page.

Even the string in /browser shouldn't have Firefox hard-coded (linters would have caught that for .ftl), it should be a placeholder replaced at run-time. This makes it impossible for other browsers to expose their own name instead of Firefox.

Note that the fix will require a new string ID.

A patch has been attached on this bug, which was already closed. Filing a separate bug will ensure better tracking. If this was not by mistake and further action is needed, please alert the appropriate party. (Or: if the patch doesn't change behavior -- e.g. landing a test case, or fixing a typo -- then feel free to disregard this message)

(In reply to Francesco Lodolo [:flod] from comment #14)

Making significant changes to a patch after review is generally not OK.

Recording here for a follow-up, since there is already a needinfo open.

+blockedByCORP=Firefox didn’t load this page because it looks like the security configuration doesn’t match the previous page.

DOM is supposed to be browser-agnostic, so having "Firefox" is a string is incorrect (although there is at least one in the file).

The browser didn’t load this page because it looks like the security configuration doesn’t match the previous page.

Even the string in /browser shouldn't have Firefox hard-coded (linters would have caught that for .ftl), it should be a placeholder replaced at run-time. This makes it impossible for other browsers to expose their own name instead of Firefox.

Note that the fix will require a new string ID.

Sorry about that, I assumed that it was fine to do so since I copied the lines of code from appstring.properties in browser/. I just filed a new bug -- https://bugzilla.mozilla.org/show_bug.cgi?id=1952234 -- we should back this patch out and only add invalidHeaderValue. Bug 1952244 should handle a browser-agnostic message for blockedByCORP.

Flags: needinfo?(sekim)
Blocks: 1952234
Flags: needinfo?(sekim)
Attachment #9470022 - Attachment description: Bug 1937905 - DOM's appstrings.properties should include entity for blockedByCORP and invalidHeaderValue r=flod → Bug 1937905 - DOM's appstrings.properties should include entity for invalidHeaderValue r=flod
Pushed by sekim@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/2f3369435b8b DOM's appstrings.properties should include entity for invalidHeaderValue r=flod
No longer blocks: 1952234
Duplicate of this bug: 1952234
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: