[HTTPS-Everywhere] https-everywhere bug with channels not attached to a window

Peter Eckersley pde at eff.org
Sun May 13 17:08:02 PDT 2012 

On Sat, May 12, 2012 at 06:31:25PM -0400, Loic J. Duros wrote:
 
> Ah, got it. Thanks for pointing out that the issue is the same. I'm
> able to see that the https-everywhere-uri-rewrite notification is
> triggered on some sites, but I don't have yet a clear idea how I
> would update my xhr after the channel has been replaced. Justin
> Samuel in RequestPolicy checks with the content policy "shouldLoad"
> if the current url has a mapping, which would show it has been
> rewritten. However, in the case of the xhr, my guess is that I'd
> have to update the original nsIHttpChannel? Not sure how to do this
> yet, but in any case, many thanks for your help.

Would it help if we sent an https-everywhere-uri-rewrite2 notification which
actually gives you a new nsIHTTPChannel that replaces the previous one?

> 
> var req = Cc["@mozilla.org/xmlextras/xmlhttprequest;1"]
>     .createInstance(Ci.nsIXMLHttpRequest);
> 
> req.open('GET',
> 'http://pagead2.googlesyndication.com/pagead/show_ads.js', true);
> 
> req.send(null);
> 
> req.onreadystatechange = function (evt) {
>     if (req.readyState == 4 && req.status == 200) {
>         // do something with req.responseText
>       }
> };
> 
> >
> >On Tue, May 08, 2012 at 02:25:17PM -0400, Loic J. Duros wrote:
> >>Hello:
> >>
> >>I'd like to report an issue with Https Everywhere. I'm not sure if I
> >>can report it to a bug tracker directly, and whether this can be
> >>reproduced for any url switched from http to https.
> >>
> >>Https-Everywhere seems to assume that there is a DOM window attached
> >>to all channels, and it fails (returning null) when that's not the
> >>case. It will log "DOMWindow exploded" when that's the case.
> >>
> >>To reproduce this issue, you must make an xhr request directly from
> >>code that is not attached to a window. This is common practice, and
> >>is the case if an extension is performing a request to fetch data
> >>without a DOM window using nsIXMLHttpRequest:
> >>https://developer.mozilla.org/en/nsIXMLHttpRequest
> >>
> >>Attempting to perform an xhr request on such a url as:
> >>http://pagead2.googlesyndication.com/pagead/show_ads.js will never
> >>get through:
> >>
> >>         var req = Cc["@mozilla.org/xmlextras/xmlhttprequest;1"]
> >>         .createInstance(Ci.nsIXMLHttpRequest);
> >>
> >>         // request made synchronous for the sake of the demo
> >>         req.open('GET',
> >>'http://pagead2.googlesyndication.com/pagead/show_ads.js', false);
> >>         req.send(null);
> >>
> >>My extension (GNU LibreJS) relies on such XHR requests to analyze
> >>JavaScript before a response even gets parsed, and as a temporary
> >>fix I've added a 15 second time out to cancel the piece of code that
> >>analyzes the script, since it's not being returned at all. Since we
> >>are planning on adding LibreJS to GNU IceCat and that GNU IceCat
> >>runs https-everywhere, it is for us an important issue, and if you
> >>know of a potential way to address this, it would be very helpful!
> >>:-)
> >>
> >>Thanks,
> >>
> >>Loic
> >>
> >>
> >>_______________________________________________
> >>HTTPS-everywhere mailing list
> >>HTTPS-everywhere at mail1.eff.org
> >>https://mail1.eff.org/mailman/listinfo/https-everywhere
> 

-- 
Peter Eckersley                            pde at eff.org
Technology Projects Director      Tel  +1 415 436 9333 x131
Electronic Frontier Foundation    Fax  +1 415 436 9993

More information about the HTTPS-everywhere mailing list