Closed Bug 193953 Opened 22 years ago Closed 21 years ago

WSDL Proxy callback doesn't allow access to the SOAP Response


(Core Graveyard :: Web Services, defect, P2)

Windows 2000


(Not tracked)



(Reporter: doronr, Assigned: harishd)




(2 files, 2 obsolete files)

In my wsdl-proxy using sample, I have:

translateCallback : function (aTranslatedValue, aSOAPXPCOMClasses){
  responseSOAP = aSOAPXPCOMClasses.soapResponse.message;

  // serialize message

Trying to serialize the response message gives me a security error. 
aSOAPXPCOMClasses seems to be a nsIWebServiceProxy.

So either we should not expose the message (which is bad, I think its usable for
debugging) or allow accessing of the message.

283 [scriptable, uuid(1ef83ece-b645-4b55-a501-df42c3333b47)]
284 interface nsIWebServiceSOAPCallContext : nsIWebServiceCallContext {
285   /**
286    * For users who want access to the lower-level constructs that
287    * are used for the method invocation, this attributes provides
288    * the SOAP response once the call has completed.
289    *
290    * @see nsISOAPResponse
291    */
292   readonly attribute nsISOAPResponse soapResponse;
293 };

is what I used to be more exact.
Priority: -- → P2
Target Milestone: --- → mozilla1.4beta
harish - this still happens - try my wsdl tool and check the checkbox after a
wsdl call to get the error.
Component: XML → Web Services
Attached patch Patch v1.0 [ not final ] (obsolete) — Splinter Review
This patch should fix the problem serializing the response. However, the
response document's properties are still not accessible because the script
security manager denies access if the codebase is changed. Talked to Mitch and
he promised to take a look into it.
I'm looking at ways to make this cleaner.
Attached patch Patch part 2 (obsolete) — Splinter Review
Apply this patch in addition to the one you've got, and things should work.
This patch doesn't change anything in XMLExtras. I realized it was semantically
incorrect to assume that calls to nsAggregatePrincipal::SetCodebase only come
from nsHTMLDocument::SetDomain (obviously, since you're calling SetCodebase as
well), so I added an extra method to nsAggregatePrincipal which SetDomain calls
explicitly to activate the "both pages must set domain" rule. That way, when
XMLRequest calls SetDomain, that restriction will not get in your way.

Regarding your patch, please change the name of ForgePrincipal to something
like ChangePrincipal. ForgePrincipal makes it sound like something
inappropriate, but I think it's perfectly legit - the script is "adopting" the
XML page, just as it would an external .js or CSS file.
Comment on attachment 124478 [details] [diff] [review]
Patch part 2

Nit pick: PRBool, in nsAggregatePrincipal.h, can be replaced with PRPackedBool.
Attachment #124391 - Attachment is obsolete: true
Attachment #124478 - Attachment is obsolete: true
Attachment #124492 - Flags: superreview?(jst)
Attachment #124492 - Flags: review?(heikki)
Comment on attachment 124492 [details] [diff] [review]
Patch v1.2 [ includes patchv1.0 & patch part2 ]

>Index: extensions/webservices/soap/src/
>+ 		  widget \

Where does the widget dependency come from?

>Index: extensions/webservices/soap/src/nsHTTPSOAPTransport.cpp
>+  * codebase pricipal with the subject codebase to.
>+  * override cross domain checks. So use caution 

What's the period doing there?

>+  rv = secMgr->CheckSameOrigin(0, targetURI);


>+  // forge the principal only if the script security 


>         rv = mResponse->SetMessage(document);
>+        ChangePrincipal(document);

Should you change principal before setting the message?

>Index: caps/idl/nsIAggregatePrincipal.idl
>+    void domainWasSet();
>+    boolean wasDomainSet();

This seems to beg for an attribute instead. How about

attribute boolean domainChanged

>Index: caps/include/nsAggregatePrincipal.h
>+    PRBool mDomainWasSet;

If you change the IDL to my suggestion then this should be mDomainChanged. Same
with later code.

With those, r=heikki
Attachment #124492 - Flags: review?(heikki) → review+
Comment on attachment 124492 [details] [diff] [review]
Patch v1.2 [ includes patchv1.0 & patch part2 ]

sr=jst with the heikki's changes made.
Attachment #124492 - Flags: superreview?(jst) → superreview+
Heikki, Could you please rs this patch?
Comment on attachment 125429 [details] [diff] [review]
Patch v1.3 [ includes heikki's suggestion ]

rs=heikki for the changes
Fix landed on the trunk.
Closed: 21 years ago
Resolution: --- → FIXED
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.