Closed
Bug 197087
Opened 21 years ago
Closed 18 years ago
xml-rpc should use XMLHttpRequest (and other updates)
Categories
(Core :: XML, defect)
Core
XML
Tracking
()
RESOLVED
FIXED
People
(Reporter: samuel, Assigned: samuel)
References
(Depends on 1 open bug)
Details
(Keywords: fixed1.8.1)
Attachments
(5 files, 10 obsolete files)
763 bytes,
patch
|
Details | Diff | Splinter Review | |
34.24 KB,
text/plain
|
Details | |
1.03 KB,
patch
|
Details | Diff | Splinter Review | |
38.64 KB,
patch
|
doronr
:
review+
mtschrep
:
approval1.8.1+
|
Details | Diff | Splinter Review |
42.34 KB,
patch
|
Details | Diff | Splinter Review |
I'm converting xml-rpc to use XMLHttpRequest. This should fix all the security bugs, fix a couple of other bugs, and make it faster.
Assignee | ||
Updated•21 years ago
|
Assignee | ||
Comment 1•21 years ago
|
||
Big patch. I haven't had a chance to check xml-rpc fault handling. I will also attach the whole modified file for people to test with.
Assignee | ||
Comment 2•21 years ago
|
||
Put this file in the components directory under the mozilla bin directory and restart mozilla.
Assignee | ||
Comment 3•21 years ago
|
||
cc'ing a few of people I expect would be interested in this. Please test it out and tell me if it solves the problems you've been having.
"Error! (0) parseArray is not defined", so is array supported yet? The example program seem to work now.
Assignee | ||
Comment 5•21 years ago
|
||
Sorry, I'm not sure why that one worked at all... Try this one.
Attachment #117057 -
Attachment is obsolete: true
Assignee | ||
Comment 6•21 years ago
|
||
Ok, I think it's solid now. It seems to work on structs, arrays, and faults.
Attachment #117056 -
Attachment is obsolete: true
Attachment #117088 -
Attachment is obsolete: true
I think you should be able to create XMLHttpRequest object simply like this: new XMLHttpRequest() Also, please attach a diff as well.
Comment 8•21 years ago
|
||
The new nsXmlRpcClient.js (take 3) breaks my application. It is returning nsISupportsCString instead of nsISupportsString, so my onResults' QIs throw exceptions and fail. Now, I have been using my bug 157797 patch http://bugzilla.mozilla.org/attachment.cgi?id=100049&action=view for a long time because it doesn't trigger the aforementioned bug. I wasn't tracking any new developments in nsXmlRpcClient.js outside that particular bug's scope. When did nsISupportsCStrings start being sent instead of nsISupportsString?
Assignee | ||
Comment 9•21 years ago
|
||
The CString change was for all of mozilla: bug 157624.
Assignee | ||
Comment 10•21 years ago
|
||
Ok, I think this is ready for reviewing.
Assignee | ||
Updated•21 years ago
|
Attachment #117555 -
Flags: review?(heikki)
Comment 11•21 years ago
|
||
I'm experiencing something I'm not sure if it's normal, when I do a request (via xmlrpc) to a url that requires authentication, if failed it shows up the default authentication window used by mozilla. In a custom made xul app this is not good because I have my own authentication window, I hadn't experienced this in previous versions of the library (the ones without XMLHttpRequest), maybe is related with another thing and there is a way to avoid it that I'm not aware of, could someone clarify? Thanks
Assignee | ||
Comment 12•21 years ago
|
||
Adding darin to the CC list. Darin, any idea how to not get the authentication request window? I had assumed that since there was the option of passing authentication information to XMLHttpRequest that it would just fail if it was incorrect.
Assignee | ||
Comment 13•21 years ago
|
||
Comment 14•21 years ago
|
||
I have finally tested attachment 121022 [details] as part of a migration of our Mozilla application from 1.2.1 to 1.4. Our 60,000 line client exclusively uses Xml-Rpc. Up to Mozilla 1.2.1, I used a modified copy of the old nsXmlRpcClient.js. You can read all about it in bug 157797. When first moving to Moz 1.4rc1, I decided not to use my variant and went for the plain vanilla nsXmlRpcClient.js as found in 1.4. This didn't work apparently due to some stream closed problem. I recalled this bug and tried attachment 121022 [details]. Unfortunately, it exhibits bug 157797 behavior. To avoid that behavior the trivial "patch" at the end of this comment needs to be applied. As stated in bug 157797 there seems to be a deeply rooted problem somewhere in XPConnect, possibly related to handling of JS Contexts. ----------------------- @@ -309,7 +311,7 @@ obj=obj.QueryInterface(Components.interfaces['nsISupports' + sType]); writer.startElement('i4'); - writer.write(obj.toString()); + writer.write(obj.data.toString()); writer.endElement('i4'); break; @@ -325,7 +327,7 @@ obj=obj.QueryInterface(Components.interfaces['nsISupports' + sType]); writer.startElement('string'); - writer.write(obj.toString()); + writer.write(obj.data.toString()); writer.endElement('string'); break; @@ -334,7 +336,7 @@ obj=obj.QueryInterface(Components.interfaces['nsISupports' + sType]); writer.startElement('double'); - writer.write(obj.toString()); + writer.write(obj.data.toString()); writer.endElement('double'); break;
I was reading bug 180049, and wondered if nsIHttpAuthenticator would be the answer that is blocking us from fixing this bug. If the custom XUL app (described in comment #11) provides its own implementation of nsIHttpAuthenticator, will that be called in lieu of the default authentication window?
Comment 16•21 years ago
|
||
if you want an own password prompt, you should implement nsIAuthPrompt as well as nsIInterfaceRequestor (set up to return an nsIAuthPrompt when asked for it), and set that interfacerequestor as notificationCallbacks on the nsIChannel that you're using.
Comment 17•21 years ago
|
||
This patch is against attachment 121822 [details] [diff] [review]. Under semi-certain conditions (2-5% of the time, 10-20% in some of our code sections) we are having problems with attachment 121822 [details] [diff] [review] (which we use heavily), where we get the following error in nsXmlRpcClient.js. X---------------------------------------------- Error: parent has no properties Source File: file:///.../mozilla/components/nsXmlRpcClient.js Line: 158 X---------------------------------------------- If you read the code there is no (reasonable) way that error could happen without a problem with subjacent layers. We've spotted the error in Moz1.4 and 1.5 with attachment 121822 [details] [diff] [review] in multiple machines. We suspect of a race condition along the lines of XPConnect, XPCom, and handling of JSContexts. We have many observations, but most result too nebulous to comment here. After a lot of observation we produced a patch that has worked for us. We cannot claim that this workaround is correct for the problem is yet to be pinpointed (we have a good idea though), but so far it seems to be holding. Please notice how the patch essentially changes nothing, but side-effects play nicely.
Updated•20 years ago
|
Attachment #117555 -
Flags: review?(hjtoi-bugzilla)
Comment 18•20 years ago
|
||
Samuel, what's the status of this bug? I'd like to help.
Comment 19•20 years ago
|
||
Oh man. I still see problems in mozilla with xmlrpc. In fact, ive never gotten it to work properly (a really simple call of three parameters hangs the component in the parse loop until mozilla asks me if i wanna stop it). So I use the modifications from the mozblog crowd and they work fine. I think theirs is also cleaner in a way because I dont really understand the parser of the one included in mozilla or why should the component rewrite the parser if we already have xmlhttprequest. So, id like to see if the owner of this would find it usefull to rethink the implementation towards the one depicted here: http://mozblog.mozdev.org/nsXmlRpcClient.js I didnt make it, i just use it and most of the working articles ive found about xmlrpc and mozilla mention one should overwrite the original with this one. Its obviously based on the original, I think even Samuel worked on it and still, its not what comes with my mozilla ff or suite. Why?
Comment 20•20 years ago
|
||
I agree with comment #19. The file linked there was very helpful in fixing a serious problem i had gettin xml-rpc to perform the most basic of tasks. I am also putting a vote on this bug.
Comment 21•20 years ago
|
||
I've looked at the version they use for mozblog (mozblog.mozdev.org), and the tests I ran it through all worked fine. Can't say the same for what's shipping right now. Even the ultra-simple example in the source <http://lxr.mozilla.org/seamonkey/source/extensions/xml-rpc/test/xml-rpc.xul> fails with the current version of nsXmlRpcClient.js, but it works fine with the mozblog version. (Actually, that's not exactly true, because it's trying to open a connection to betty.userland.com, which doesn't work anymore. Change that to www.xmlrpc.com, *then* it works fine.)
Comment 22•20 years ago
|
||
Comment 23•20 years ago
|
||
Hello all, i've just uploaded a patch...and i'm looking for some comments on it. :-) What this patch does is: * Fix the unwanting popup authentification dialog window. This fix uses the same workaround that the one in the actually shipping version of nsXmlRpcClient.js. It sets the notificationCallback attribute of the channel to point back to us, so that we can spoof the authentication dialog. * Fix network error reporting. Before, the onerror event of the XMLHttpRequest object was not used. Doing an XML-RPC request to an unknown host for instance was never reported back to the caller. I'm impatiently waiting for comments of experienced Mozilla hackers :-), and i hope, this will allow us to finally submit this new XML-RPC implementation :-) Cheers, Fabien
Assignee | ||
Comment 24•20 years ago
|
||
Thank you for the help, I'll put the authentication fix in with the rest of the patch and it should be reviewable now. I have one question first though. Do you want to only provide the username and password, or do you want the option to get a callback requesting it?
Comment 25•20 years ago
|
||
I'm not sure I really understand the sense of your question, but i'll try to answer anyway :-) The essence of this patch is to be able to handle authentification failures without popping default Mozilla prompt asking for username/password. Here is how it behaves: - The programmer specifies the credentials in the JavaScript code. - If credentials are Ok, then the XML-RPC call succeeds. - If credentials are incorrect, then the listener onError method is called with the "Server returned status 401" error message, which is the standard HTTP error code for user authentification failure. - The programmer can catch this error and do whatever he likes, maybe popup a custom dialog to say that authentication has failed. So for now it is the option to "only provide user name and password". Basically it is how the currently shipping nsXmlRpcClient.js works. To be honest with all, I wrote this fix so that we can finally try to submit this new XML-RPC immplemantion, as it works *far better* than what is currently shipping. 'hope it helps :-) Cheers, Fabien
Comment 26•20 years ago
|
||
Hello guys, I hope the Xmas season was good and that now you're back in front of your computers ;-) Samuel, could you please put the whole stuff into the reviewing process? I think a lot of people (including me :-)) would be a lot happier with this brand new XML-RPC ;-) Cheers, Fabien
Assignee | ||
Comment 27•19 years ago
|
||
This one contains all the fixes except the parent problem which needs to be looked into further.
Attachment #117170 -
Attachment is obsolete: true
Attachment #117555 -
Attachment is obsolete: true
Attachment #121022 -
Attachment is obsolete: true
Attachment #168159 -
Attachment is obsolete: true
Comment 28•19 years ago
|
||
In Deer Park this component is broken because of a change in the default Content-Type to application/xml when the XML-RPC spec calls for text/xml. To fix just add: this.xmlhttp.setRequestHeader('Content-Type','text/xml') After opening the connection and before sending the request.
Assignee | ||
Comment 29•19 years ago
|
||
*** Bug 287415 has been marked as a duplicate of this bug. ***
Assignee | ||
Updated•19 years ago
|
Summary: xml-rpc should use XMLHttpRequest → xml-rpc should use XMLHttpRequest (and other updates)
Assignee | ||
Comment 30•19 years ago
|
||
Attachment #176284 -
Attachment is obsolete: true
Assignee | ||
Comment 31•19 years ago
|
||
Assignee | ||
Comment 32•19 years ago
|
||
of course, 30 seconds after I attached the previous version, I discovered a minor bug, a spelling mistake and a change that wasn't necessary...
Attachment #209918 -
Attachment is obsolete: true
Assignee | ||
Updated•19 years ago
|
Attachment #209919 -
Flags: review?(bugmail)
Assignee | ||
Comment 33•19 years ago
|
||
I would rather that you asked someone else to review this patch. I don't know what the code is supposed to do and on top of that there seems to be many changes, cleanups and updates rolled into a single patch.
Comment 35•19 years ago
|
||
samuel, i tried your last version in a xulrunner app, i get: Error: XMLHttpRequest is not defined
Assignee | ||
Comment 36•18 years ago
|
||
I'll upload a new full file after review.
Attachment #209919 -
Attachment is obsolete: true
Attachment #209919 -
Flags: review?(bugmail)
Comment 37•18 years ago
|
||
Comment on attachment 211818 [details] [diff] [review] minor updates >Index: nsXmlRpcClient.js >=================================================================== >RCS file: /cvsroot/mozilla/extensions/xml-rpc/src/nsXmlRpcClient.js,v >retrieving revision 1.37 >diff -u -r1.37 nsXmlRpcClient.js >--- nsXmlRpcClient.js 12 Jan 2006 16:36:24 -0000 1.37 >+++ nsXmlRpcClient.js 14 Feb 2006 05:57:14 -0000 >+ this.xmlhttp = new XMLHttpRequest(); >+ if (this._useAuth) { >+ this.xmlhttp.open('POST', this._serverUrl, true, >+ this._username, this._password); >+ } else { >+ this.xmlhttp.open('POST', this._serverUrl); > } The useAuth case seems to be doing a sync request. >+ _onload: function(e) { >+ var result; >+ var parent = e.target.parent; >+ parent._inProgress = false; >+ parent._responseStatus = e.target.status; >+ parent._responseString = e.target.statusText; >+ if (!e.target.responseXML) { I have to admit, I have never seen that syntax (using e in an xmlHttpRequest onload). Usually I've seen having xmlhttp in a global scope and keying off it. So I can't really say if using e.target will work or is a good idea... Other than that, looks ok.
Comment 38•18 years ago
|
||
(In reply to comment #37) > The useAuth case seems to be doing a sync request. The 3rd parameter is called "async" and "The default value is true.", see: http://lxr.mozilla.org/mozilla/source/extensions/xmlextras/base/public/nsIXMLHttpRequest.idl#183 > > >+ _onload: function(e) { > >+ var result; > >+ var parent = e.target.parent; > >+ parent._inProgress = false; > >+ parent._responseStatus = e.target.status; > >+ parent._responseString = e.target.statusText; > >+ if (!e.target.responseXML) { > > I have to admit, I have never seen that syntax (using e in an xmlHttpRequest > onload). Usually I've seen having xmlhttp in a global scope and keying off it. > So I can't really say if using e.target will work or is a good idea... I can confirm that onload and onerror (but NOT onreadystatechange) get normal DOM events passed to them like other handlers, and that the target (and currentTarget and originalTarget) is the XMLHttpRequest object itself. See: http://lxr.mozilla.org/mozilla/source/extensions/xmlextras/base/src/nsXMLHttpRequest.cpp#778 http://lxr.mozilla.org/mozilla/source/extensions/xmlextras/base/src/nsXMLHttpRequest.cpp#1408
Updated•18 years ago
|
Attachment #211818 -
Flags: review+
Assignee | ||
Updated•18 years ago
|
Attachment #211818 -
Flags: approval-branch-1.8.1?
Assignee | ||
Comment 39•18 years ago
|
||
Comment on attachment 211818 [details] [diff] [review] minor updates checked in on trunk
Assignee | ||
Updated•18 years ago
|
Attachment #211818 -
Flags: approval-branch-1.8.1? → approval-branch-1.8.1?(peterv)
Updated•18 years ago
|
Attachment #211818 -
Flags: approval-branch-1.8.1?(peterv) → approval1.8.1?
Comment 40•18 years ago
|
||
Is XML-RPC something that existing extensions use? I don't recall any browser component using this. How important is it that this patch be included with FF2?
Comment 41•18 years ago
|
||
Darin, some of us (I won't claim "a lot," but definitely some) have been waiting for this to be fixed for a long time. I'm tired of having to hack around it.
Is this something that's only exposed to extensions and not Web content? Do you have any idea how many extensions use this, and what proportion of those need the improvements? We'd also like to see a patch of this size baked on the trunk before considering it for the branch. It doesn't appear to have landed on the trunk yet.
Comment 43•18 years ago
|
||
David Baron, comment 39 and http://bonsai.mozilla.org/cvslog.cgi?file=mozilla/extensions/xml-rpc/src/nsXmlRpcClient.js&rev=1.38 disagree with you - it has been on trunk since February.
Assignee | ||
Comment 44•18 years ago
|
||
You picked the week I'm away to ask these questions, although I see that they've all been answered by others. Yes, it's been in trunk for quite a while and there have been no issues reported. I know that mozblog has been using an older version of this patch for a long time (I think they include it in their package). I should mark the dependent bugs fixed now too, but I'll wait until I get home. I requested branch approval when I checked it in on trunk, but no one responded.
Updated•18 years ago
|
Attachment #211818 -
Flags: approval1.8.1? → approval1.8.1+
(In reply to comment #43) > David Baron, comment 39 and > http://bonsai.mozilla.org/cvslog.cgi?file=mozilla/extensions/xml-rpc/src/nsXmlRpcClient.js&rev=1.38 > disagree with you - it has been on trunk since February. We don't have time to read through 40 comments in a triage meeting; if it was fixed on the trunk it should have been marked RESOLVED-FIXED.
Comment 46•18 years ago
|
||
fwiw this patch doesn't apply on the 1.8 branch: patching file nsXmlRpcClient.js Hunk #7 FAILED at 158. Hunk #9 FAILED at 337. Hunk #11 FAILED at 825.
Assignee | ||
Comment 47•18 years ago
|
||
This is the patch to bring the trunk changes to the branch.
Assignee | ||
Comment 48•18 years ago
|
||
checked in on branch
Comment 49•16 years ago
|
||
Put this file in the components directory under the mozilla bin directory and restart mozilla. This does not appear to work. Do you have to do something special once the file is in the directory?
You need to log in
before you can comment on or make changes to this bug.
Description
•