getAllResponseHeaders on XHR broken for packaged apps

RESOLVED WONTFIX

Status

Firefox OS
General
P1
critical
RESOLVED WONTFIX
5 years ago
2 months ago

People

(Reporter: basta, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

5 years ago
Since packaged apps can only access CORSed URLs, all requests suffer from this issue. This appears to be the same symptoms as bug 608735, which may not have been fixed for FXOS.

Calling xhr.getAllResponseHeaders() for any CORSed request seems to return null/empty string. This breaks jQuery's XHR and anything that relies on response headers to function.

I have not tested this in an app which requests the systemXHR permission.
Adding a few people Andrew recommended that might have some input.

What impact does this have on marketplace specifically?
(Reporter)

Comment 2

5 years ago
This prevents the Marketplace from looking at the Content-Type (or any other header) of any request that's coming back. This means that jQuery doesn't parse JSON on FXOS, but does on desktop. This also means that other applications won't be compatible with FXOS out-of-the-box if they rely on jQuery (or a jQuery-like library). 

A dirty hack is to patch jQuery that I'm using in Fireplace:

responseHeaders = xhr.getAllResponseHeaders();
// FIXME: This is a hack to work around bug 858225
if (!responseHeaders) {
    responseHeaders = 'Content-Type: ' + xhr.getResponseHeader('Content-Type');
}

We shouldn't need to do this, though, because getAllResponseHeaders should work.
What resource do you try to access?
(Reporter)

Comment 4

5 years ago
This is the test URI that I've been working with:

http://chimney.paas.allizom.org/api/v1/home/page/
The origin of that URI is:
http://chimney.paas.allizom.org

and the origin of your application is:
app://{guid}

Why do you expect the request to work cross-origin?
(Reporter)

Comment 6

5 years ago
As it says in comment 0, the URL has CORS headers. The body is accessible, just not the headers.
(In reply to Matt Basta [:basta] from comment #6)
> As it says in comment 0, the URL has CORS headers. The body is accessible,
> just not the headers.

Comment 0 do not specify that the body is accessible.

Do you have this problem with other apps than packaged apps? with regular web pages?
(Reporter)

Comment 8

5 years ago
The problem conceivably happens with all apps and not just packaged apps. I have not tested with a web app. It's more important for packaged apps, though, because ALL requests are affected since there are no URLs which share the app's origin.
(In reply to Matt Basta [:basta] from comment #8)
> The problem conceivably happens with all apps and not just packaged apps. I
> have not tested with a web app. It's more important for packaged apps,
> though, because ALL requests are affected since there are no URLs which
> share the app's origin.

I'm curious -- if you add the systemXHR privilege to your app, does that make it work?
(Reporter)

Comment 10

5 years ago
(In reply to Bill Walker [:bwalker] [@wfwalker] from comment #9)
> I'm curious -- if you add the systemXHR privilege to your app, does that
> make it work?

You'll have to give me a while to try this out, I'm unfortunately not equipped at the moment to make that happen. I'll try to give you an answer by the beginning of next week.

Comment 11

2 months ago
Firefox OS is not being worked on
Status: NEW → RESOLVED
Last Resolved: 2 months ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.