Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

GM.xmlHttpRequest may return invalid responseHeaders #2320

Open
jxn-30 opened this issue Jan 9, 2025 · 1 comment
Open

GM.xmlHttpRequest may return invalid responseHeaders #2320

jxn-30 opened this issue Jan 9, 2025 · 1 comment
Labels
bug firefox
Milestone
5.4

Comments

@jxn-30
Copy link

jxn-30 commented Jan 9, 2025

When doing a Web-Request via GM.xmlHttpRequest or GM_xmlhttpRequest, responseHeaders may have an invalid value. Some Header keys (set-cookie) are removed which causes the returned string not to be a valid headers string anymore, which cannot be parsed.

Tested on latest TM Stable and Beta for Firefox.

Expected Behavior

responseHeaders to be a valid response headers string, similar to

server: nginx
date: Thu, 09 Jan 2025 18:00:21 GMT
content-type: text/html;charset=utf-8
vary: Accept-Encoding
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
set-cookie: cms_cookie=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=.studentenwerk.sh; secure; SameSite=None
set-cookie: cms_cookie=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; secure; SameSite=None
set-cookie: cms_cookie=1; expires=Thu, 09-Jan-2025 18:00:21 GMT; Max-Age=0; path=/; domain=.studentenwerk.sh; secure; SameSite=None
strict-transport-security: max-age=63072000; includeSubDomains; preload; always
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-encoding: br
X-Firefox-Spdy: h2

Actual Behavior

cache-control: no-store, no-cache, must-revalidate
content-encoding: br
content-type: text/html;charset=utf-8
date: Thu, 09 Jan 2025 18:00:21 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
server: nginx
strict-transport-security: max-age=63072000; includeSubDomains; preload; always
set-cookie: cms_cookie=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=.studentenwerk.sh; secure; SameSite=None
cms_cookie=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; secure; SameSite=None
cms_cookie=1; expires=Thu, 09-Jan-2025 18:00:21 GMT; Max-Age=0; path=/; domain=.studentenwerk.sh; secure; SameSite=None
vary: Accept-Encoding
x-content-type-options: nosniff
x-firefox-spdy: h2
x-xss-protection: 1; mode=block

Specifications

  • Firefox: 136.0a1
  • TM: 5.3.6221 (Beta) and 5.3.3 (Stable)
  • OS: TuxedoOS based on KDE Neon 24.04.1

Script

// ==UserScript==
// @name         🧪 GM.xmlHttpRequest Headers?
// @namespace    http://tampermonkey.net/
// @version      2025-01-09
// @description  try to take over the world!
// @author       You
// @match        https://studentenwerk.sh/*
// @grant        GM.xmlHttpRequest
// @grant        GM_xmlhttpRequest
// ==/UserScript==

GM.xmlHttpRequest({url: '/', onload(res) {
    console.log('GM.xmlHttpRequest', res.responseHeaders);
}})
GM_xmlhttpRequest({url: '/', onload(res) {
    console.log('GM_xmlhttpRequest', res.responseHeaders);
}})
@derjanb
Copy link
Member

derjanb commented Jan 10, 2025

Good catch! This is working fine in Chrome. Investigating...

@derjanb derjanb added this to the 5.4 milestone Jan 16, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug firefox
Projects
None yet
Milestone
5.4
Development

No branches or pull requests
2 participants
@derjanb @jxn-30