Bug 1442551 - Console log added for NS_ERROR_DOM_BAD_URI. r=ckerschb

Reviewers: ckerschb

Reviewed By: ckerschb

Subscribers: flod, Pike

Bug #: 1442551

Differential Revision: https://phabricator.services.mozilla.com/D766

--HG--
extra : rebase_source : 2948376a84b35aba1c215edb38734ad99fcb1982
extra : amend_source : 73c90e63e5ff97b31c108e2618fe738bbf1460a3

dom/locales/en-US/chrome/security/security.properties

@@ -6,6 +6,9 @@ BlockMixedActiveContent = Blocked loading mixed active content “%1$S”
 # CORS
 # LOCALIZATION NOTE: Do not translate "Access-Control-Allow-Origin", Access-Control-Allow-Credentials, Access-Control-Allow-Methods, Access-Control-Allow-Headers
 CORSDisabled=Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at %1$S. (Reason: CORS disabled).
+CORSDidNotSucceed=Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at %1$S. (Reason: CORS request did not succeed).
+CORSOriginHeaderNotAdded=Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at %1$S. (Reason: CORS header ‘Origin’ cannot be added).
+CORSExternalRedirectNotAllowed=Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at %1$S. (Reason: CORS request external redirect not allowed).
 CORSRequestNotHttp=Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at %1$S. (Reason: CORS request not http).
 CORSMissingAllowOrigin=Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at %1$S. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing).
 CORSAllowOriginNotMatchingOrigin=Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at %1$S. (Reason: CORS header ‘Access-Control-Allow-Origin’ does not match ‘%2$S’).

netwerk/protocol/http/nsCORSListenerProxy.cpp

@@ -490,6 +490,7 @@ nsCORSListenerProxy::OnStartRequest(nsIRequest* aRequest,
     }
     listener->OnStartRequest(aRequest, aContext);
 
+    //Reason for NS_ERROR_DOM_BAD_URI already logged in CheckRequestApproved()
     return NS_ERROR_DOM_BAD_URI;
   }
 
@@ -554,10 +555,12 @@ nsCORSListenerProxy::CheckRequestApproved(nsIRequest* aRequest)
   nsresult status;
   nsresult rv = aRequest->GetStatus(&status);
   if (NS_FAILED(rv)) {
-   return rv;
+    LogBlockedRequest(aRequest, "CORSDidNotSucceed", nullptr, topChannel);
+    return rv;
   }
 
   if (NS_FAILED(status)) {
+    LogBlockedRequest(aRequest, "CORSDidNotSucceed", nullptr, topChannel);
     return status;
   }
 
@@ -667,6 +670,7 @@ nsCORSListenerProxy::OnDataAvailable(nsIRequest* aRequest,
 
   MOZ_ASSERT(mInited, "nsCORSListenerProxy has not been initialized properly");
   if (!mRequestApproved) {
+    //Reason for NS_ERROR_DOM_BAD_URI already logged in CheckRequestApproved()
     return NS_ERROR_DOM_BAD_URI;
   }
   nsCOMPtr<nsIStreamListener> listener;
@@ -752,6 +756,7 @@ nsCORSListenerProxy::AsyncOnChannelRedirect(nsIChannel *aOldChannel,
         }
       }
       aOldChannel->Cancel(NS_ERROR_DOM_BAD_URI);
+      //Reason for NS_ERROR_DOM_BAD_URI already logged in CheckRequestApproved()
       return NS_ERROR_DOM_BAD_URI;
     }
 
@@ -985,6 +990,9 @@ nsCORSListenerProxy::UpdateChannel(nsIChannel* aChannel,
   // If we have an expanded principal here, we'll reject the CORS request,
   // because we can't send a useful Origin header which is required for CORS.
   if (nsContentUtils::IsExpandedPrincipal(mOriginHeaderPrincipal)) {
+    nsCOMPtr<nsIHttpChannel> httpChannel = do_QueryInterface(aChannel);
+    LogBlockedRequest(aChannel, "CORSOriginHeaderNotAdded", nullptr,
+                      httpChannel);
     return NS_ERROR_DOM_BAD_URI;
   }
 
@@ -1034,7 +1042,11 @@ nsCORSListenerProxy::CheckPreflightNeeded(nsIChannel* aChannel, UpdateType aUpda
   bool doPreflight = loadInfo->GetForcePreflight();
 
   nsCOMPtr<nsIHttpChannel> http = do_QueryInterface(aChannel);
-  NS_ENSURE_TRUE(http, NS_ERROR_DOM_BAD_URI);
+  if (!http) {
+    LogBlockedRequest(aChannel, "CORSRequestNotHttp", nullptr, mHttpChannel);
+    return NS_ERROR_DOM_BAD_URI;
+  }
+
   nsAutoCString method;
   Unused << http->GetRequestMethod(method);
   if (!method.LowerCaseEqualsLiteral("get") &&
@@ -1073,11 +1085,18 @@ nsCORSListenerProxy::CheckPreflightNeeded(nsIChannel* aChannel, UpdateType aUpda
   // we already did a preflight when that happened, and so we're not allowed
   // to do another preflight again.
   if (aUpdateType != UpdateType::InternalOrHSTSRedirect) {
-    NS_ENSURE_FALSE(mHasBeenCrossSite, NS_ERROR_DOM_BAD_URI);
+    if (mHasBeenCrossSite) {
+      LogBlockedRequest(aChannel, "CORSPreflightDidNotSucceed", nullptr,
+                        mHttpChannel);
+      return NS_ERROR_DOM_BAD_URI;
+    }
   }
 
   nsCOMPtr<nsIHttpChannelInternal> internal = do_QueryInterface(http);
-  NS_ENSURE_TRUE(internal, NS_ERROR_DOM_BAD_URI);
+  if (!internal) {
+    LogBlockedRequest(aChannel, "CORSDidNotSucceed", nullptr, mHttpChannel);
+    return NS_ERROR_DOM_BAD_URI;
+  }
 
   internal->SetCorsPreflightParameters(
     headers.IsEmpty() ? loadInfoHeaders : headers);
@@ -1312,8 +1331,12 @@ nsCORSPreflightListener::AsyncOnChannelRedirect(nsIChannel *aOldChannel,
 {
   // Only internal redirects allowed for now.
   if (!NS_IsInternalSameURIRedirect(aOldChannel, aNewChannel, aFlags) &&
-      !NS_IsHSTSUpgradeRedirect(aOldChannel, aNewChannel, aFlags))
+      !NS_IsHSTSUpgradeRedirect(aOldChannel, aNewChannel, aFlags)) {
+    nsCOMPtr<nsIHttpChannel> httpChannel = do_QueryInterface(aOldChannel);
+    LogBlockedRequest(aOldChannel, "CORSExternalRedirectNotAllowed", nullptr,
+                      httpChannel);
     return NS_ERROR_DOM_BAD_URI;
+  }
 
   callback->OnRedirectVerifyCallback(NS_OK);
   return NS_OK;