Raw exception object exposed to $http responseError interceptor on CSP violation

[echa]

When using $http/$resource to send XHR requests to a server not listed as CSP connect-src the $http response interceptor gets called with the raw exception object as thrown by the browser instead of the $http call context.

Expected behavior would be to call responseError with an object similar to the one passed on HTTP 4xx/5xx or offline errors. Otherwise it is impossible to track the call context.

The issue is a bit hard to debug/reproduce because one needs a server that sends CSP headers. Firefox does not log the CSP violation and throws an empty/cryptic exception. At least FF sends the expected CSP report. Chrome is much nicer here, logging the error as

Refused to connect to 'https://other.example.com/1/route' because it violates the following Content Security Policy directive: "connect-src https://api.example.com".

and throwing

DOMException: Failed to execute 'open' on 'XMLHttpRequest': Refused to connect to 'https://other.example.com/1/route' because it violates the document's Content Security Policy.

JS call stack at time of the exception is (shortened)

createHttpBackend
sendReq
$http/serverRequest
processQueue
scheduleProcessQueue

Observed with

Angular 1.4.6
Chrome 45.0.2454.93
Firefox 41.0.1
OSX 10.10.5

This bug may be similar to #10263.

[petebacondarwin]

So I guess we need to put a try-catch around the xhr.open and call requestError in the case that it throws?