Bug 1730494 - Show error in webconsole when resource is blocked by CORP headers r=necko-reviewers,dragana

Differential Revision: https://phabricator.services.mozilla.com/D125392
2024-11-28 23:31:56 +00:00 · 2021-09-16 08:31:03 +00:00 · 2021-09-16 08:31:03 +00:00 · 13ab902ec7
commit 13ab902ec7
parent c1f1effff8
3 changed files with 28 additions and 0 deletions
--- a/netwerk/locales/en-US/necko.properties
+++ b/netwerk/locales/en-US/necko.properties
@ -30,6 +30,8 @@ AutomaticAuth=You are about to log in to the site “%1$S” with the username

 TrackerUriBlocked=The resource at “%1$S” was blocked because content blocking is enabled.
 UnsafeUriBlocked=The resource at “%1$S” was blocked by Safe Browsing.
+# LOCALIZATION NOTE (CORPBlocked): %1$S is the URL of the blocked resource. %2$S is the URL of the MDN page about CORP.
+CORPBlocked=The resource at “%1$S” was blocked due to its Cross-Origin-Resource-Policy header (or lack thereof). See %2$S
 CookieBlockedByPermission=Request to access cookies or storage on “%1$S” was blocked because of custom cookie permission.
 CookieBlockedTracker=Request to access cookie or storage on “%1$S” was blocked because it came from a tracker and content blocking is enabled.
 CookieBlockedAll=Request to access cookie or storage on “%1$S” was blocked because we are blocking all storage access requests.
--- a/netwerk/protocol/http/HttpChannelChild.cpp
+++ b/netwerk/protocol/http/HttpChannelChild.cpp
@ -1010,6 +1010,8 @@ void HttpChannelChild::DoOnStopRequest(nsIRequest* aRequest,
  };
  checkForBlockedContent();

+  MaybeLogCOEPError(aChannelStatus);
+
  // See bug 1587686. If the redirect setup is not completed, the post-redirect
  // channel will be not opened and mListener will be null.
  MOZ_ASSERT(mListener || !LoadWasOpened());
@ -2976,6 +2978,28 @@ HttpChannelChild::LogMimeTypeMismatch(const nsACString& aMessageName,
  return NS_OK;
 }

+nsresult HttpChannelChild::MaybeLogCOEPError(nsresult aStatus) {
+  if (aStatus == NS_ERROR_DOM_CORP_FAILED) {
+    RefPtr<Document> doc;
+    mLoadInfo->GetLoadingDocument(getter_AddRefs(doc));
+
+    nsAutoCString url;
+    mURI->GetSpec(url);
+
+    AutoTArray<nsString, 2> params;
+    params.AppendElement(NS_ConvertUTF8toUTF16(url));
+    // The MDN URL intentionally ends with a # so the webconsole linkification
+    // doesn't ignore the final ) of the URL
+    params.AppendElement(
+        u"https://developer.mozilla.org/docs/Web/HTTP/Cross-Origin_Resource_Policy_(CORP)#"_ns);
+    nsContentUtils::ReportToConsole(nsIScriptError::errorFlag, "COEP"_ns, doc,
+                                    nsContentUtils::eNECKO_PROPERTIES,
+                                    "CORPBlocked", params);
+  }
+
+  return NS_OK;
+}
+
 nsresult HttpChannelChild::CrossProcessRedirectFinished(nsresult aStatus) {
  if (!CanSend()) {
    return NS_BINDING_FAILED;
--- a/netwerk/protocol/http/HttpChannelChild.h
+++ b/netwerk/protocol/http/HttpChannelChild.h
@ -257,6 +257,8 @@ class HttpChannelChild final : public PHttpChannelChild,
  // ensure Cacnel is processed before any other channel events.
  void CancelOnMainThread(nsresult aRv);

+  nsresult MaybeLogCOEPError(nsresult aStatus);
+
 private:
  // this section is for main-thread-only object
  // all the references need to be proxy released on main thread.