commit 962975 broke the ability for extensions to pass blobs to content scripts
Reported by
echovo...@gmail.com,
Mar 23 2018
|
|||||||||||||
Issue description
UserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.45 Safari/537.36
Steps to reproduce the problem:
1. generate a blob URL in background
2. pass it to a content script
3. try to retrieve the blob, it gets canceled with no console errors
// assuming that you've got a valid blob:chrome-extension-URL...
var blobchromeextensionurlhere = 'blob:chrome-extension....';
var x = new XMLHttpRequest();
x.open('GET', blobchromeextensionurlhere);
x.responseType = 'blob';
x.onload = function() {
// whatever
};
x.send();
What is the expected behavior?
it should work, background should be able to send blob urls to a content script, its the only way to pass large files between each other
What went wrong?
https://chromium-review.googlesource.com/c/chromium/src/+/962975
Did this work before? Yes 65.0.3325.181
Chrome version: 66.0.3359.45 Channel: beta
OS Version: 10.0
Flash Version:
,
Mar 23 2018
,
Mar 23 2018
This bug has broken Tampermonkey extension when "inject mode" is set to "instant" in its options.
,
Mar 23 2018
Using the attached extension my bisect confirms the suspected CL: r543142 = a6102ee28b50372c8cf67ee3040c929e86b1eb07 = https://crrev.com/c/961126 by nick@chromium.org "Stricter blob/filesystem check in CanRequestURL." 1. click the extension icon (it'll open www.example.com in a new tab) Expected: "SUCCESS" is displayed Observed: "TypeError: Failed to fetch" is displayed
,
Mar 23 2018
Thanks for this report. This is a case that my CL did not anticipate; I'll look into what we can do to support this.
,
Mar 25 2018
Bug 825296 reports the same issue: > Chrome Beta (66) and Canary (67.0.3380.0) refuses to load blob:chrome-extension:-URLs from a content script. This is a regression caused by d30633d9051ff97eed229cab019f75eaaa16144 ( bug 821596 ). > > Extensions should be able to load blob:chrome-extension:-URLs. These URLs are not predictable, so allowing the renderer to load the URL (at least with fetch/XHR) if it knows about the URL is a reasonably safe operation. > > If that is not feasible, then consider using structured cloning instead of JSON-serializing for the extension messaging API (bug 112163) (like Firefox). Otherwise extensions have no efficient means to send a huge Blob to the content script.
,
Mar 25 2018
,
Mar 25 2018
Another reason this must be fixed is there's no alternative method of sending data *synchronously* (via the deprecated sync XHR) from the background page in run_at:document_start content scripts. This bug has broken the whole class of extensions that extend/modify various web API before web pages start running their scripts.
,
Mar 30 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/d2e4acff8e95d6ff7794dbda0ae74cb49bb2b180 commit d2e4acff8e95d6ff7794dbda0ae74cb49bb2b180 Author: Nick Carter <nick@chromium.org> Date: Fri Mar 30 22:13:29 2018 Fix bug 825111 : Restore ability to request blob URLs from extension content scripts. This is effectively a revert of the active ingredients of r543142, except that it also adds a test, and the tests added in r543142 still pass due to enforcement that occurs via ShouldAllowOpenURL (added in r547218). Bug: 825111 , 821596 Change-Id: I6e53bfc70cf3cf67221de9cd51dee00077153643 Reviewed-on: https://chromium-review.googlesource.com/982645 Commit-Queue: Nick Carter <nick@chromium.org> Reviewed-by: Charlie Reis <creis@chromium.org> Reviewed-by: Devlin <rdevlin.cronin@chromium.org> Cr-Commit-Position: refs/heads/master@{#547283} [modify] https://crrev.com/d2e4acff8e95d6ff7794dbda0ae74cb49bb2b180/chrome/browser/extensions/content_script_apitest.cc [modify] https://crrev.com/d2e4acff8e95d6ff7794dbda0ae74cb49bb2b180/chrome/browser/extensions/process_manager_browsertest.cc [add] https://crrev.com/d2e4acff8e95d6ff7794dbda0ae74cb49bb2b180/chrome/test/data/extensions/api_test/content_scripts/blob_fetch/content_script.js [add] https://crrev.com/d2e4acff8e95d6ff7794dbda0ae74cb49bb2b180/chrome/test/data/extensions/api_test/content_scripts/blob_fetch/manifest.json [add] https://crrev.com/d2e4acff8e95d6ff7794dbda0ae74cb49bb2b180/chrome/test/data/extensions/api_test/content_scripts/blob_fetch/test.html [add] https://crrev.com/d2e4acff8e95d6ff7794dbda0ae74cb49bb2b180/chrome/test/data/extensions/api_test/content_scripts/blob_fetch/test.js [modify] https://crrev.com/d2e4acff8e95d6ff7794dbda0ae74cb49bb2b180/content/browser/child_process_security_policy_impl.cc
,
Apr 2 2018
Requesting merge to M66 to fix extension API functional regression. Merge will land along with the alternate fix for bug 821586 . Tests will confirm that fix.
,
Apr 2 2018
This bug requires manual review: M66 has already been promoted to the beta branch, so this requires manual review Please contact the milestone owner if you have questions. Owners: cmasso@(Android), cmasso@(iOS), josafat@(ChromeOS), abdulsyed@(Desktop) For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Apr 3 2018
Approving merge to M66. branch:3359
,
Apr 3 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/d1f247f93d555705098223582ad2ef06419e0299 commit d1f247f93d555705098223582ad2ef06419e0299 Author: Nick Carter <nick@chromium.org> Date: Tue Apr 03 22:26:31 2018 Fix bug 825111 : Restore ability to request blob URLs from extension content scripts. This is effectively a revert of the active ingredients of r543142, except that it also adds a test, and the tests added in r543142 still pass due to enforcement that occurs via ShouldAllowOpenURL (added in r547218). Bug: 825111 , 821596 Change-Id: I6e53bfc70cf3cf67221de9cd51dee00077153643 Reviewed-on: https://chromium-review.googlesource.com/982645 Commit-Queue: Nick Carter <nick@chromium.org> Reviewed-by: Charlie Reis <creis@chromium.org> Reviewed-by: Devlin <rdevlin.cronin@chromium.org> Cr-Original-Commit-Position: refs/heads/master@{#547283}(cherry picked from commit d2e4acff8e95d6ff7794dbda0ae74cb49bb2b180) Reviewed-on: https://chromium-review.googlesource.com/994272 Reviewed-by: Nick Carter <nick@chromium.org> Cr-Commit-Position: refs/branch-heads/3359@{#568} Cr-Branched-From: 66afc5e5d10127546cc4b98b9117aff588b5e66b-refs/heads/master@{#540276} [modify] https://crrev.com/d1f247f93d555705098223582ad2ef06419e0299/chrome/browser/extensions/content_script_apitest.cc [modify] https://crrev.com/d1f247f93d555705098223582ad2ef06419e0299/chrome/browser/extensions/process_manager_browsertest.cc [add] https://crrev.com/d1f247f93d555705098223582ad2ef06419e0299/chrome/test/data/extensions/api_test/content_scripts/blob_fetch/content_script.js [add] https://crrev.com/d1f247f93d555705098223582ad2ef06419e0299/chrome/test/data/extensions/api_test/content_scripts/blob_fetch/manifest.json [add] https://crrev.com/d1f247f93d555705098223582ad2ef06419e0299/chrome/test/data/extensions/api_test/content_scripts/blob_fetch/test.html [add] https://crrev.com/d1f247f93d555705098223582ad2ef06419e0299/chrome/test/data/extensions/api_test/content_scripts/blob_fetch/test.js [modify] https://crrev.com/d1f247f93d555705098223582ad2ef06419e0299/content/browser/child_process_security_policy_impl.cc
,
Apr 3 2018
Fixed and merged to M66. |
|||||||||||||
►
Sign in to add a comment |
|||||||||||||
Comment 1 by echovo...@gmail.com
, Mar 23 2018