Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

core(driver): assert securityIssues before getPageLoadError #6578

Merged
merged 1 commit into from
Nov 16, 2018
Merged

core(driver): assert securityIssues before getPageLoadError #6578

merged 1 commit into from
Nov 16, 2018

Conversation

paulirish
Copy link
Member

I think we want to throw on security issues before we consider pageLoadError situations. wdyt?

patrickhulce
patrickhulce approved these changes Nov 16, 2018
View reviewed changes
Copy link
Collaborator

@patrickhulce patrickhulce left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Makes sense to me

@connorjclark
Copy link
Collaborator

connorjclark commented Nov 16, 2018
edited
Loading

What's the difference in behavior? Seems that either way, on a security issue an error is thrown that is uncaught, going all the way to runner.js (And beyond).

image

Only difference I see is not logging some page load error + doing some small extra work (that wouldn't be used). is this meant to change something else too?

exterkamp
exterkamp approved these changes Nov 16, 2018
View reviewed changes
Copy link
Member

@exterkamp exterkamp left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM subtle but should expose more security issues as errors instead of ERROR DOC or FAILED DOC requests., right?

brendankenny
brendankenny reviewed Nov 16, 2018
View reviewed changes
Copy link
Member

@brendankenny brendankenny left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would think that the danger would be getting NO or FAILED document requests if there was a security error, so we'd never get to the security check, but clearly we do get security errors, so seems like this won't make a difference?

If it doesn't make a difference, seems fine either way?

@connorjclark
Copy link
Collaborator

connorjclark commented Nov 16, 2018
edited
Loading

The current code pushes the page load error onto the current passContext, but if there is a security error, that will throw an error, exiting the flow of the entire runner. Nothing is done with the passContext no matter the order of things (other than a log.error of the page load error)

... now I see that log.error does more than just log, and it actually does throw an error, so I retract all that I've said :P

@paulirish paulirish merged commit 9910b9b into master Nov 16, 2018
@paulirish paulirish deleted the secissue branch November 16, 2018 21:56
@brendankenny
Copy link
Member

now I see that log.error does more than just log, and it actually does throw an error

I don't think that's right? Log.error

The current code pushed the page load error onto the current passContext, but if there is a security error, that will throw an error, exiting the flow of the entire runner.

ah, right. So if there was a security error, the pageLoadError gets ignored whether the security error check is before or after it.

From the perspective of reading the code it makes sense to have it first (and maybe even earlier), but I don't think this is going to change the error type distribution :)

@connorjclark
Copy link
Collaborator

connorjclark commented Nov 16, 2018
edited
Loading

Ah, I was looking at the render logger. OK, so yeah, no change really in this PR except for avoiding logging a page load error when really it was a security issue. LGTM

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@brendankenny brendankenny brendankenny left review comments

@exterkamp exterkamp exterkamp approved these changes

@connorjclark connorjclark connorjclark approved these changes

@patrickhulce patrickhulce patrickhulce approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@paulirish @connorjclark @brendankenny @patrickhulce @exterkamp