Closed Bug 1967707 Opened 9 months ago Closed 8 months ago

Expose error messaging when submitting invalid cookies

Categories

(DevTools :: Storage Inspector, enhancement, P2)

Product:
DevTools
Component:
Storage Inspector
Type:
enhancement

Tracking

(firefox141 fixed)

Status:
RESOLVED FIXED
Milestone:
141 Branch
Tracking Flags:
Tracking Status
firefox141 --- fixed

People

(Reporter: baku, Assigned: nchevobbe)

References

Details

Attachments

(1 file)

Bug 1967707 - [devtools] Display error message when submitting invalid cookies. r=#devtools
48 bytes, text/x-phabricator-request
Details | Review

Soon (bug 1955685), we’ll improve cookie validation to prevent storing invalid cookies. Currently, validation errors are only logged via console.error(), but it would be better to surface them through a UI component so users can see and fix issues while editing.

We're already doing this when deleting IndexedDB databases in https://searchfox.org/mozilla-central/rev/dbef1a2f75798fb0136b7428d959c8feb09ad5d1/devtools/client/storage/ui.js#1697-1711

const result = await front.removeDatabase(host, dbName);
if (result.blocked) {
  const notificationBox = this._toolbox.getNotificationBox();
  const message = await this._panelDoc.l10n.formatValue(
    "storage-idb-delete-blocked",
    { dbName }
  );

  notificationBox.appendNotification(
    message,
    "storage-idb-delete-blocked",
    null,
    notificationBox.PRIORITY_WARNING_LOW
  );
}

so it's using the notification box, and here we could have a higher priority

Given that Bug 1955685 is now fixed, we should triage this.

Baku: I don't have access to the blocking bug (not sure if anyone in the team can?). Can you share some examples of invalid cookie values?

Depends on: 1955685
Flags: needinfo?(amarchesini)
Whiteboard: [devtools-triage]

Note that I have a patch ready for this (my moz-phab is busted though, need to fix it so I can push my patch to Phab)
To have an invalid cookie, you can add one from the storage panel, and then edit its name, adding a space before it

Assignee: nobody → nchevobbe
Status: NEW → ASSIGNED

Here is a list of steps to create invalid cookies via devtools:

  • a cookie with a name (or value) starting or ending with spaces
  • a cookie with some invalid chars
  • mark a cookie as non-secure but with sameSite=none

https://searchfox.org/mozilla-central/rev/bd57b566959758d0455c6e37afca00648c8e4ff0/devtools/server/actors/resources/storage/cookies.js#570-573 - here is where the validation error is generated. The string is currently not localized. We can easily generate a localized one via a new attribute/method. I can work on that bit if needed.

Flags: needinfo?(amarchesini)
Priority: -- → P2
Whiteboard: [devtools-triage]
Pushed by nchevobbe@mozilla.com: https://github.com/mozilla-firefox/firefox/commit/6fb5debd791d https://hg.mozilla.org/integration/autoland/rev/2408bee8bcc4 [devtools] Display error message when submitting invalid cookies. r=devtools-reviewers,fluent-reviewers,devtools-backward-compat-reviewers,jdescottes,bolsson

https://hg.mozilla.org/mozilla-central/rev/2408bee8bcc4

Status: ASSIGNED → RESOLVED
Closed: 8 months ago
status-firefox141: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 141 Branch
QA Whiteboard: [qa-triage-done-c142/b141]
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: