Last Comment Bug 724465 - Http referer on a plugin initiated post request is causing a Http/400 from IIS
: Http referer on a plugin initiated post request is causing a Http/400 from IIS
Status: VERIFIED FIXED
[qa!]
: regression
Product: Core
Classification: Components
Component: Plug-ins (show other bugs)
: 12 Branch
: x86 Windows 7
: -- normal with 1 vote (vote)
: mozilla13
Assigned To: Benjamin Smedberg [:bsmedberg]
:
Mentors:
: 721311 722004 722855 724405 726133 727820 (view as bug list)
Depends on:
Blocks: 410904 727820
  Show dependency treegraph
 
Reported: 2012-02-05 22:19 PST by Igor Mackeev
Modified: 2012-05-09 07:40 PDT (History)
21 users (show)
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---
unaffected
unaffected
+
verified


Attachments
Http Post from FF10, SM trunk and Opera11.60 (3.17 KB, text/plain)
2012-02-12 04:14 PST, Matthias Versen [:Matti]
no flags Details
Don't send Referer with plugin POST requests, rev. 1 (1.39 KB, patch)
2012-02-16 08:31 PST, Benjamin Smedberg [:bsmedberg]
jaas: review+
Details | Diff | Splinter Review
Test (920 bytes, patch)
2012-02-16 08:32 PST, Benjamin Smedberg [:bsmedberg]
no flags Details | Diff | Splinter Review

Description Igor Mackeev 2012-02-05 22:19:17 PST
User Agent: Mozilla/5.0 (Windows NT 6.1; rv:12.0a2) Gecko/20120205 Firefox/12.0a2
Build ID: 20120205042013

Steps to reproduce:

After updating to 12a2 from 11a2:
Tried to log into my Sip Sorcery account via their Silverlight portal (http://www.sipsorcery.com/mainsite/Home/Portal)


Actual results:

The dot in the upper left corner turned red (should be green)
I entered my login and password and got an error logging in


Expected results:

The dot initially should be green and I should be able to log in.
Comment 1 Alice0775 White 2012-02-05 23:25:50 PST
It works if network.http.sendRefererHeader set to 0 or 1.
Comment 2 Igor Mackeev 2012-02-05 23:43:47 PST
Yes! I've changed it to 1 and it works again.
Thank you.
Comment 3 Matthias Versen [:Matti] 2012-02-08 03:01:09 PST
It looks like a bug in the site if just disabling the referer of the embed object makes it work.
Can someone contact them, maybe Igor ?
Comment 4 Igor Mackeev 2012-02-12 02:01:33 PST
There is nothing wrong with the site. The same problem had been reported a bit earlier with another site.
And I found a new one:http://services.biathlonresults.com/Live.aspx (works fine with 1)
Everything that has Silverlight in it looks broken.
Comment 5 Matthias Versen [:Matti] 2012-02-12 04:12:25 PST
I used http://services.biathlonresults.com/Live.aspx for testing and I can confirm this issue with Seamonkey trunk on win32.

Seamonkey gets a HTTP 400 "Bad Request (Invalid Header Name)" after a HTTP post that includes the referer. I'm not sure why it shouldn't be valid to send the referer here but Opera11.6 doesn't send a referer for Post requests initiated by the Plugin.
I bet that removing the referer from the post request will fix all regressions from bug 410904

I will attach a wireshark snippet that shows the post requests from FF10,SM trunk and Opera11.60

I'm requesting tracking because this seems to break many silverlight pages.
Look at the depending bugs of bug 410904
Comment 6 Matthias Versen [:Matti] 2012-02-12 04:14:04 PST
Created attachment 596453 [details]
Http Post from FF10, SM trunk and Opera11.60
Comment 7 Matthias Versen [:Matti] 2012-02-13 09:24:20 PST
*** Bug 721311 has been marked as a duplicate of this bug. ***
Comment 8 Benjamin Smedberg [:bsmedberg] 2012-02-16 07:19:45 PST
Josh, I think we should disable referrers for plugin POSTs to fix this issue. Do you disagree?
Comment 9 Benjamin Smedberg [:bsmedberg] 2012-02-16 07:35:17 PST
*** Bug 727820 has been marked as a duplicate of this bug. ***
Comment 10 Benjamin Smedberg [:bsmedberg] 2012-02-16 08:31:47 PST
Created attachment 597831 [details] [diff] [review]
Don't send Referer with plugin POST requests, rev. 1
Comment 11 Benjamin Smedberg [:bsmedberg] 2012-02-16 08:32:15 PST
Created attachment 597832 [details] [diff] [review]
Test
Comment 14 Benjamin Smedberg [:bsmedberg] 2012-02-17 08:03:09 PST
Comment on attachment 597831 [details] [diff] [review]
Don't send Referer with plugin POST requests, rev. 1

This patch reverts to the prior behavior for POST requests only, and should be fairly safe.
Comment 15 Matthias Versen [:Matti] 2012-02-18 07:33:12 PST
*** Bug 724405 has been marked as a duplicate of this bug. ***
Comment 16 Matthias Versen [:Matti] 2012-02-18 10:23:50 PST
*** Bug 722855 has been marked as a duplicate of this bug. ***
Comment 17 Matthias Versen [:Matti] 2012-02-18 10:26:06 PST
*** Bug 726133 has been marked as a duplicate of this bug. ***
Comment 18 Matthias Versen [:Matti] 2012-02-18 10:33:02 PST
*** Bug 722004 has been marked as a duplicate of this bug. ***
Comment 19 dindog 2012-02-20 08:27:51 PST
this bug fixed don't solve all problem, if you ever test...

Most of the video playing problem is GET, not POST, why not follow other browser send the plugin itself as referer? That solve all issue for once and all.
Comment 20 Benjamin Smedberg [:bsmedberg] 2012-02-21 05:37:58 PST
That's not what this bug is about. If you need to file a bug specifically about the GET issue, please do it separately with a testcase/testcase URL.
Comment 21 Alex Keybl [:akeybl] 2012-02-21 09:25:09 PST
Comment on attachment 597831 [details] [diff] [review]
Don't send Referer with plugin POST requests, rev. 1

[Triage Comment]
Fixes silverlight breakage and deemed low risk - approved for Aurora 12.
Comment 22 Alex Keybl [:akeybl] 2012-03-02 15:03:43 PST
Landing on Aurora 12 ping.
Comment 23 Matthias Versen [:Matti] 2012-03-03 09:13:18 PST
*** Bug 732371 has been marked as a duplicate of this bug. ***
Comment 24 Swarnava Sengupta (:Swarnava) 2012-03-03 09:55:23 PST
(In reply to Alex Keybl [:akeybl] from comment #22)
> Landing on Aurora 12 ping.

When it will land on Aurora 12?
Comment 25 Kohei Yoshino [:kohei] 2012-03-04 23:36:48 PST
> When it will land on Aurora 12?

(echo)

This also breaks some Japanese video sites:
http://streaming.yahoo.co.jp/guide/sample/?b=300
http://www.dmm.com/digital/-/player/=/action=sample/

We hope this would get fixed soon.
Comment 26 Benjamin Smedberg [:bsmedberg] 2012-03-08 06:36:20 PST
Bug 410904 was backed out of Aurora (FF12).
Comment 27 Kohei Yoshino [:kohei] 2012-03-08 17:53:51 PST
(In reply to Benjamin Smedberg  [:bsmedberg] from comment #26)
> Bug 410904 was backed out of Aurora (FF12).

Confirmed those videos can now play w/o changing the referer pref.
Comment 28 Justin Wood (:Callek) (Away until Aug 29) 2012-03-08 23:11:49 PST
Comment on attachment 597831 [details] [diff] [review]
Don't send Referer with plugin POST requests, rev. 1

clearing approval per bsmedberg's "gecko 12--> unaffected" comment and that this never landed there
Comment 29 Justin Wood (:Callek) (Away until Aug 29) 2012-03-08 23:12:50 PST
Comment on attachment 597832 [details] [diff] [review]
Test

Did you mean to include contents of test_pluginstream_referer.html/sjs? and/or did this patch land?
Comment 30 Swarnava Sengupta (:Swarnava) 2012-03-20 00:51:28 PDT
Pool Live Tour not working, bug 732371 on Firefox 12 beta 1
Comment 31 Benjamin Smedberg [:bsmedberg] 2012-03-20 07:45:51 PDT
Bug 410904 was backed out of Firefox 12 train, so it cannot be the cause of this bug. Please reopen the other bug which is probably not a duplicate.
Comment 32 Paul Silaghi, QA [:pauly] 2012-05-09 07:40:38 PDT
http://www.sipsorcery.com/mainsite/Home/Portal
https://indexes.nasdaqomx.com/
https://amarantisnoord.swp.nl/
are working fine, no errors/crashes occur.

This is verified fixed on FF 13b2:
Mozilla/5.0 (Windows NT 6.1; rv:13.0) Gecko/20100101 Firefox/13.0
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:13.0) Gecko/20100101 Firefox/13.0

Note You need to log in before you can comment on or make changes to this bug.