Tooter broken on Firefox ?

[ghost]

Hi,

Tooter do not work anymore since this morning on Firefox.
I tested on Firefox 60, Beta 61 and Nightly 62 and same result.
But it works on Chromium.
The error is : " An error occurred: Error: No Reason Phrase "

[er-vin]

I can confirm it's broken for me now since Firefox upgrade.

[ineffyble]

I've found the problem, but it's annoyingly tricky to fix.

When calling fetch from a content script, Firefox explicitly sets the Origin header on the request to null... which causes Rails to reject the request with a 422. It was fixed a few months ago in Rails, but I'm guessing Mastodon is using an older version.

Firefox recommend using content.fetch instead, to keep the original referrer (e.g. twitter.com), which is what Chrome does. However, this fails because the page has set policies preventing requests to non-whitelisted domains.

The only options I can find are:

• Give Tooter additional permissions, and have it intercept all HTTP requests and strip this header where it occurs.

• Changing from using fetch to good old XMLHttpRequest will apparently fix, but requires extensive refactoring, and ugh.

[ineffyble]

Digging further, what's actually changed is Mastodon's handling of the Origin header - Mastodon 2.2.0 and older handle it fine. I've filed a bug here: mastodon/mastodon#7738

I've also discovered this bug effects Chrome too - but only for logging in. So new Chrome users cannot use Tooter, but existing ones can.

Hopefully there'll be a Mastodon-end fix (might try and work on this if I can find the time).