Closed Bug 1651002 Opened 4 years ago Closed 4 years ago

Mixed active content error is triggered twice in WebConsole

Categories

(DevTools :: Console, defect, P2)

defect

Tracking

(firefox-esr68 wontfix, firefox-esr78 wontfix, firefox78 wontfix, firefox79 wontfix, firefox80 fixed)

RESOLVED FIXED
Firefox 80
Tracking Status
firefox-esr68 --- wontfix
firefox-esr78 --- wontfix
firefox78 --- wontfix
firefox79 --- wontfix
firefox80 --- fixed

People

(Reporter: cgeorgiu, Assigned: ckerschb)

Details

(Keywords: regression)

Attachments

(2 files)

Affected versions

  • latest Nightly 80.0a1
  • Beta 79.0b4
  • Release 78.0.1

Affected platforms

  • Windows 10 x64
  • macOS 10.15
  • Ubuntu 18.04 x64

Steps to reproduce

  1. Launch Firefox.
  2. Navigate to https://very.badssl.com/.
  3. Open Web Console (Ctrl/CMD + Shift + K).
  4. Inspect the error displayed in the Web Console, i.e. Blocked loading mixed active content “http://http.badssl.com/test/imported.js”.

Expected result

  • The error is displayed only once.

Actual result

  • The error is displayed twice.

Regression range
This issue seems to be an old regression, please observe below the regression range:

Bug 1627167- Re-enable Resources API to fetch console messages. r=Honza.

Additional notes

  • Please observed the attached screenshot.
  • I think this can be marked with a S4 severity.
Has Regression Range: --- → yes
Has STR: --- → yes

Ciprian, I think you came up to Bug 1627167 as the offender, but it's only because it was fixing an issue with cached messages that was hiding this issue.
If you go back before Bug 1626286, you'll see the issue again.
For example I tried with a build from 2020-01-01 and I was seeing the issue.

I wonder if the issue is similar to Bug 1645745, Christoph, would you know?

Has Regression Range: yes → no
Flags: needinfo?(ckerschb)
No longer regressed by: 1627167
Summary: Error is triggered twice in WebConsole → Mixed active content error is triggered twice in WebConsole

(In reply to Nicolas Chevobbe [:nchevobbe] from comment #1)

I wonder if the issue is similar to Bug 1645745, Christoph, would you know?

Are we observing that problem for all kinds of loads or only for loads we do preloads for? For loads of type script, images... (see IsPreloadTpe for full list) we do perform preloads and it's possible that the preload gets blocked so we then perform an actual load.

For the specific case of http://http.badssl.com/test/imported.js one could check the internal content policy type in the loadinfo -> const type = channel.loadInfo.internalContentPolicyType; and filter based on that. Usually if we block a request twice though, then I think I have seen only one line in the console but then a [2] at the end of the line, not 2 separate lines. Is that an indicator for some other problem?

Flags: needinfo?(ckerschb) → needinfo?(nchevobbe)

(In reply to Christoph Kerschbaumer [:ckerschb] from comment #2)

Are we observing that problem for all kinds of loads or only for loads we do preloads for? For loads of type script, images... (see IsPreloadTpe for full list) we do perform preloads and it's possible that the preload gets blocked so we then perform an actual load.

I think it's only for blocked mixed active content errors (so not for images, we only get warnings for them)

Usually if we block a request twice though, then I think I have seen only one line in the console but then a [2] at the end of the line, not 2 separate lines. Is that an indicator for some other problem?

That's the same issue. The 2 badge you see on the right indicate that the message was repeated 2 times.
In the case of https://very.badssl.com/ , we don't get the "repeat bubble" only because warning messages (hidden in the screenshot) are emitted between the first and second error messages (we only "repeat" messages that come one after the other, except for warning groups, but it's another topic).

Flags: needinfo?(nchevobbe)

Summarizing Nicolas' and my slack conversation:
We concluded what helps here (or at least improves the situation) is not reporting errors to the console for 'preloads' - we do the same for CSP preloads.

Please note that for image loads we might still encounter two entries in the console because the imgLoader explicitly calls the Mixed Content Blocker twice (both times with type image (not preload)), hence we can't distinguish that.

Anyway, not logging preload errors to the console definitely improves the situation here and we should do that.

Assignee: nobody → ckerschb
Severity: -- → S2
Status: NEW → ASSIGNED
Priority: -- → P2
Pushed by csabou@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/6a1cfdaee9c7
Do not report mixed content errors to the console for preloads. r=nchevobbe
Status: ASSIGNED → RESOLVED
Closed: 4 years ago
Resolution: --- → FIXED
Target Milestone: --- → Firefox 80
Flags: qe-verify+
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: