Bug 1575068 - update console error for CORSMissingAllowHeaderFromPreflight, r=ckerschb

Differential Revision: https://phabricator.services.mozilla.com/D57040 --HG-- extra : moz-landing-system : lando
2024-12-03 18:47:53 +00:00 · 2019-12-17 09:54:57 +00:00 · 2019-12-17 09:54:57 +00:00 · f0a71ae12f
commit f0a71ae12f
parent 297db2081a
5 changed files with 26 additions and 23 deletions
--- a/devtools/client/webconsole/test/browser/browser_webconsole_cors_errors.js
+++ b/devtools/client/webconsole/test/browser/browser_webconsole_cors_errors.js
@ -32,11 +32,14 @@ add_task(async function() {
  await checkCorsMessage(message, "CORSDisabled");
  await pushPref("content.cors.disable", false);

-  info("Test CORSPreflightDidNotSucceed");
-  onCorsMessage = waitForMessage(hud, `CORS preflight channel did not succeed`);
-  makeFaultyCorsCall("CORSPreflightDidNotSucceed");
+  info("Test CORSPreflightDidNotSucceed2");
+  onCorsMessage = waitForMessage(
+    hud,
+    `CORS preflight response did not succeed`
+  );
+  makeFaultyCorsCall("CORSPreflightDidNotSucceed2");
  message = await onCorsMessage;
-  await checkCorsMessage(message, "CORSPreflightDidNotSucceed");
+  await checkCorsMessage(message, "CORSPreflightDidNotSucceed2");

  info("Test CORS did not succeed");
  onCorsMessage = waitForMessage(hud, "Reason: CORS request did not succeed");
@ -135,17 +138,17 @@ add_task(async function() {
  message = await onCorsMessage;
  await checkCorsMessage(message, "CORSInvalidAllowHeader");

-  info("Test CORSMissingAllowHeaderFromPreflight");
+  info("Test CORSMissingAllowHeaderFromPreflight2");
  onCorsMessage = waitForMessage(
    hud,
-    `Reason: missing token ${quote("xyz")} in CORS ` +
+    `Reason: header ${quote("xyz")} is not allowed according to ` +
      `header ${quote(
        "Access-Control-Allow-Headers"
-      )} from CORS preflight channel`
+      )} from CORS preflight response`
  );
-  makeFaultyCorsCall("CORSMissingAllowHeaderFromPreflight");
+  makeFaultyCorsCall("CORSMissingAllowHeaderFromPreflight2");
  message = await onCorsMessage;
-  await checkCorsMessage(message, "CORSMissingAllowHeaderFromPreflight");
+  await checkCorsMessage(message, "CORSMissingAllowHeaderFromPreflight2");

  // See Bug 1480671.
  // XXX: how to make Origin to not be included in the request ?
@ -205,7 +208,7 @@ function makeFaultyCorsCall(errorCategory, corsUrl) {
        options.credentials = "include";
      }

-      if (category === "CORSMissingAllowHeaderFromPreflight") {
+      if (category === "CORSMissingAllowHeaderFromPreflight2") {
        options.headers = new content.Headers({ xyz: true });
      }

--- a/devtools/client/webconsole/test/browser/sjs_cors-test-server.sjs
+++ b/devtools/client/webconsole/test/browser/sjs_cors-test-server.sjs
@ -47,8 +47,8 @@ function handleRequest(request, response) {
    case "CORSMissingAllowCredentials":
      corsMissingAllowCredentials(request, response);
      break;
-    case "CORSPreflightDidNotSucceed":
-      corsPreflightDidNotSucceed(request, response);
+    case "CORSPreflightDidNotSucceed2":
+      corsPreflightDidNotSucceed2(request, response);
      break;
    case "CORSInvalidAllowMethod":
      corsInvalidAllowMethod(request, response);
@ -56,8 +56,8 @@ function handleRequest(request, response) {
    case "CORSInvalidAllowHeader":
      corsInvalidAllowHeader(request, response);
      break;
-    case "CORSMissingAllowHeaderFromPreflight":
-      corsMissingAllowHeaderFromPreflight(request, response);
+    case "CORSMissingAllowHeaderFromPreflight2":
+      corsMissingAllowHeaderFromPreflight2(request, response);
      break;
  }
 }
@ -116,7 +116,7 @@ function corsMissingAllowCredentials(request, response) {
  response.setHeader("Access-Control-Allow-Origin", "http://example.com");
 }

-function corsPreflightDidNotSucceed(request, response) {
+function corsPreflightDidNotSucceed2(request, response) {
  const isPreflight = request.method == "OPTIONS";
  if (isPreflight) {
    response.setStatusLine(request.httpVersion, 500, "Preflight fail");
@ -137,8 +137,8 @@ function corsInvalidAllowHeader(request, response) {
  response.setHeader("Access-Control-Allow-Headers", "xyz;");
 }

-function corsMissingAllowHeaderFromPreflight(request, response) {
-  response.setStatusLine(request.httpVersion, 200, "corsMissingAllowHeaderFromPreflight");
+function corsMissingAllowHeaderFromPreflight2(request, response) {
+  response.setStatusLine(request.httpVersion, 200, "corsMissingAllowHeaderFromPreflight2");
  response.setHeader("Access-Control-Allow-Origin", "*");
  response.setHeader("Access-Control-Allow-Methods", "PUT");
 }
--- a/devtools/server/actors/errordocs.js
+++ b/devtools/server/actors/errordocs.js
@ -144,10 +144,10 @@ const CorsErrorDocs = {
  CORSNotSupportingCredentials: "CORSNotSupportingCredentials",
  CORSMethodNotFound: "CORSMethodNotFound",
  CORSMissingAllowCredentials: "CORSMissingAllowCredentials",
-  CORSPreflightDidNotSucceed: "CORSPreflightDidNotSucceed",
+  CORSPreflightDidNotSucceed2: "CORSPreflightDidNotSucceed2",
  CORSInvalidAllowMethod: "CORSInvalidAllowMethod",
  CORSInvalidAllowHeader: "CORSInvalidAllowHeader",
-  CORSMissingAllowHeaderFromPreflight: "CORSMissingAllowHeaderFromPreflight",
+  CORSMissingAllowHeaderFromPreflight2: "CORSMissingAllowHeaderFromPreflight2",
 };

 const baseStorageAccessPolicyErrorUrl =
--- a/dom/locales/en-US/chrome/security/security.properties
+++ b/dom/locales/en-US/chrome/security/security.properties
@ -20,10 +20,10 @@ CORSAllowOriginNotMatchingOrigin=Cross-Origin Request Blocked: The Same Origin P
 CORSNotSupportingCredentials=Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at ‘%1$S’. (Reason: Credential is not supported if the CORS header ‘Access-Control-Allow-Origin’ is ‘*’).
 CORSMethodNotFound=Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at %1$S. (Reason: Did not find method in CORS header ‘Access-Control-Allow-Methods’).
 CORSMissingAllowCredentials=Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at %1$S. (Reason: expected ‘true’ in CORS header ‘Access-Control-Allow-Credentials’).
-CORSPreflightDidNotSucceed=Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at %1$S. (Reason: CORS preflight channel did not succeed).
+CORSPreflightDidNotSucceed2=Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at %1$S. (Reason: CORS preflight response did not succeed).
 CORSInvalidAllowMethod=Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at %1$S. (Reason: invalid token ‘%2$S’ in CORS header ‘Access-Control-Allow-Methods’).
 CORSInvalidAllowHeader=Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at %1$S. (Reason: invalid token ‘%2$S’ in CORS header ‘Access-Control-Allow-Headers’).
-CORSMissingAllowHeaderFromPreflight=Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at %1$S. (Reason: missing token ‘%2$S’ in CORS header ‘Access-Control-Allow-Headers’ from CORS preflight channel).
+CORSMissingAllowHeaderFromPreflight2=Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at %1$S. (Reason: header ‘%2$S’ is not allowed according to header ‘Access-Control-Allow-Headers’ from CORS preflight response).

 # LOCALIZATION NOTE: Do not translate "Strict-Transport-Security", "HSTS", "max-age" or "includeSubDomains"
 STSUnknownError=Strict-Transport-Security: An unknown error occurred processing the header specified by the site.
--- a/netwerk/protocol/http/nsCORSListenerProxy.cpp
+++ b/netwerk/protocol/http/nsCORSListenerProxy.cpp
@ -1290,7 +1290,7 @@ nsresult nsCORSPreflightListener::CheckPreflightRequestApproved(
  bool succeedded;
  rv = http->GetRequestSucceeded(&succeedded);
  if (NS_FAILED(rv) || !succeedded) {
-    LogBlockedRequest(aRequest, "CORSPreflightDidNotSucceed", nullptr,
+    LogBlockedRequest(aRequest, "CORSPreflightDidNotSucceed2", nullptr,
                      nsILoadInfo::BLOCKING_REASON_CORSPREFLIGHTDIDNOTSUCCEED,
                      parentHttpChannel);
    return NS_ERROR_DOM_BAD_URI;
@ -1362,7 +1362,7 @@ nsresult nsCORSPreflightListener::CheckPreflightRequestApproved(
      const auto& comparator = nsCaseInsensitiveCStringArrayComparator();
      if (!headers.Contains(mPreflightHeaders[i], comparator)) {
        LogBlockedRequest(
-            aRequest, "CORSMissingAllowHeaderFromPreflight",
+            aRequest, "CORSMissingAllowHeaderFromPreflight2",
            NS_ConvertUTF8toUTF16(mPreflightHeaders[i]).get(),
            nsILoadInfo::BLOCKING_REASON_CORSMISSINGALLOWHEADERFROMPREFLIGHT,
            parentHttpChannel);