464848 - simple cross-site XHR POST goes off deep end

Status: RESOLVED FIXED

(Core :: DOM: Core & HTML, defect, P1)

Description

[Vladimir Vukicevic [:vlad] [:vladv] (needinfo me, slow to respond)]

If you do a simple XHR POST without an explicit xhr.setRequestHeader("Content-Type", "text/plain"), you go down the preflight path which is painful.  sicking has more details.

Comment 1

[Jonas Sicking (:sicking) No longer reading bugmail consistently]

The reason is that we end up setting a charset parameter on the content-type. When checking for text/plain we should ignore any charset parameters, or at least ignore any that we set ourselves.

Comment 2

[Jesse Ruderman]

When we set it ourselves, is it based on the charset of the page?  If so, is that enough of a reason to want to do a preflight?

Comment 3

[Jonas Sicking (:sicking) No longer reading bugmail consistently]

Sites relying on the content-type is in itself a pretty extreme assumption that the Access-Control spec is making. That they rely on the charset sounds extremely unlikely.

Additionally, we've discussed (or might even already have tried) adding the charset when submitting <form>s which would allow the exact same thing.

Comment 4

[Jonas Sicking (:sicking) No longer reading bugmail consistently]

Attachment: Patch to fix

The problem wasn't in the Access-Control code at all. Turns out we're most of the time sending "application/xml" as content-type, even when sending plain strings. This rightly makes the Access-Control code go into preflight mode.

The patch makes us follow the XHR spec with regards to content-type, which means that we don't require a preflight.

Comment 5

[Jonas Sicking (:sicking) No longer reading bugmail consistently]

Attachment: Patch -w

Comment 6

[Jonas Sicking (:sicking) No longer reading bugmail consistently]

Attachment: Patch to fix

Oops, those were patches for a different bug. This one's correct

Comment 7

[Jonas Sicking (:sicking) No longer reading bugmail consistently]

Attachment: Patch -w

Comment 8

[Boris Zbarsky [:bzbarsky]]

Comment on attachment 356863 [details] [diff] [review]
Patch -w

>+++ src.e5393cfc9dc1/content/base/src/nsXMLHttpRequest.cpp	2009-01-13 17:15:51.000000000 -0800
>+    nsCAutoString defaultContentType(NS_LITERAL_CSTRING("text/plain"));

I haven't put in the time to sort out the tests enough, but I assume you added a test for this.  ;)

>-    case nsIDataType::VTYPE_EMPTY_ARRAY:
>-    case nsIDataType::VTYPE_ARRAY:
>-      // IE6 throws error here, so we do that as well
>-      return NS_ERROR_INVALID_ARG;

And I assume a test for this too?

>-        if (NS_FAILED(rv)) {

For what it's worth, in practice NS_ExtractCharsetFromContentType never returns failure.  I'm fine with the change here, in any case.

r+sr=bzbarsky

Comment 9

[Jonas Sicking (:sicking) No longer reading bugmail consistently]

(In reply to comment #8)
> (From update of attachment 356863 [details] [diff] [review])
> >+++ src.e5393cfc9dc1/content/base/src/nsXMLHttpRequest.cpp	2009-01-13 17:15:51.000000000 -0800
> >+    nsCAutoString defaultContentType(NS_LITERAL_CSTRING("text/plain"));
> 
> I haven't put in the time to sort out the tests enough, but I assume you added
> a test for this.  ;)

Yup, the new test_XHRSendData test tests this.

> >-    case nsIDataType::VTYPE_EMPTY_ARRAY:
> >-    case nsIDataType::VTYPE_ARRAY:
> >-      // IE6 throws error here, so we do that as well
> >-      return NS_ERROR_INVALID_ARG;
> 
> And I assume a test for this too?

Turns out our code is majorly broken for anything that isn't a string or a document. If I pass in an array or an object we fail when trying to convert to a string and end up throwing.

Fixing that will be a separate bug though, one we won't fix for 1.9.1

Comment 10

[Jonas Sicking (:sicking) No longer reading bugmail consistently]

This was checked in

Comment 11

[Nick Thomas [:nthomas] (UTC+12)]

There are 8 mochitest fails on mozilla-1.9.1 since this bug (or bug 464954) landed, win32 only:

*** 3695 ERROR TEST-UNEXPECTED-FAIL | /tests/content/base/test/test_XHRSendData.html | Wrong body - got "<!-- comment -->\r\n<out>hi</out>", expected "<!-- comment -->\n<out>hi</out>"
*** 3697 ERROR TEST-UNEXPECTED-FAIL | /tests/content/base/test/test_XHRSendData.html | Wrong body - got "<!-- comment -->\r\n<out>hi</out>", expected "<!-- comment -->\n<out>hi</out>"
*** 3699 ERROR TEST-UNEXPECTED-FAIL | /tests/content/base/test/test_XHRSendData.html | Wrong body - got "<!-- comment -->\r\n<out>hi</out>", expected "<!-- comment -->\n<out>hi</out>"
*** 3701 ERROR TEST-UNEXPECTED-FAIL | /tests/content/base/test/test_XHRSendData.html | Wrong body - got "<!-- comment -->\r\n<out>hi</out>", expected "<!-- comment -->\n<out>hi</out>"
*** 3703 ERROR TEST-UNEXPECTED-FAIL | /tests/content/base/test/test_XHRSendData.html | Wrong body - got "<!-- doc 2 -->\r\n<res>text</res>", expected "<!-- doc 2 -->\n<res>text</res>"
*** 3705 ERROR TEST-UNEXPECTED-FAIL | /tests/content/base/test/test_XHRSendData.html | Wrong body - got "<!-- doc 2 -->\r\n<res>text</res>", expected "<!-- doc 2 -->\n<res>text</res>"
*** 3707 ERROR TEST-UNEXPECTED-FAIL | /tests/content/base/test/test_XHRSendData.html | Wrong body - got "<!-- doc 2 -->\r\n<res>text</res>", expected "<!-- doc 2 -->\n<res>text</res>"
*** 3709 ERROR TEST-UNEXPECTED-FAIL | /tests/content/base/test/test_XHRSendData.html | Wrong body - got "<!-- doc 2 -->\r\n<res>text</res>", expected "<!-- doc 2 -->\n<res>text</res>"

http://tinderbox.mozilla.org/showlog.cgi?log=Firefox3.1/1232752728.1232758413.24642.gz

Looks like a line-ending problem.