Closed
Bug 1324384
Opened 7 years ago
Closed 5 years ago
Remove ability to override new tab page in private windows (about:privatebrowsing)
Categories
(WebExtensions :: Frontend, defect, P1)
WebExtensions
Frontend
Tracking
(Not tracked)
RESOLVED
DUPLICATE
of bug 1525125
People
(Reporter: ke5trel, Assigned: mixedpuppy)
References
(Blocks 2 open bugs)
Details
(Whiteboard: triaged)
The user may want a custom new tab page in private windows which would require overriding about:privatebrowsing. Chrome allows extensions that override the new tab page to work in incognito windows.
Blocks: webextensions-chrome-gaps
Depends on: 1234150
Updated•7 years ago
|
Whiteboard: [private, new tab] design-decision-needed
Comment 1•7 years ago
|
||
Adding Javaun, as guidance around this would be needed. Third-party overrides would potentially allow info leaks and tracking in PBM, so we'd need to flesh this out from a Private Browsing PoV first.
Flags: needinfo?(jmoradi)
Comment 2•7 years ago
|
||
This has landed in bug 1234150 and currently this works in private browsing mode as well as normal mode by allowing you to override the new tab page. I'm confused by comment 0 which contradicts the documentation "New Tab pages cannot be overridden in incognito windows" https://developer.chrome.com/extensions/override Should we be restricting this in private browsing?
Flags: needinfo?(kev)
Comment 3•7 years ago
|
||
Per comment #1, looking for guidance from private browsing product. My vote is yes. Custom newtabs can leak info to orgs other than mozilla. Users should be required to specifically enable an addon in private browsing mode to effect the changes they make.
Flags: needinfo?(kev)
Comment 4•7 years ago
|
||
(In reply to Kev Needham [:kev] from comment #3) > My vote is yes. Custom newtabs can leak info to orgs other than mozilla. > Users should be required to specifically enable an addon in private browsing > mode to effect the changes they make. And, to be clear, our newtab does not, iirc, leak info by default, where other newtabs can (and frequently do) load resources from third party sites.
Comment 5•7 years ago
|
||
Changing bug title to be clearer that we are planning on removing this ability. This ability was added in Firefox 53, so we'll need to land this patch soon to remove it - based on Javaun's feedback.
Summary: Ability to override new tab page in private windows (about:privatebrowsing) → Remove ability to override new tab page in private windows (about:privatebrowsing)
Updated•7 years ago
|
Priority: -- → P3
Whiteboard: [private, new tab] design-decision-needed → triaged
Comment 6•7 years ago
|
||
Clearing my NI (sorry it took so long) and adding Pdol, who is product owner for PBM
Flags: needinfo?(jmoradi) → needinfo?(pdolanjski)
Comment 7•7 years ago
|
||
(In reply to Andy McKay [:andym] from comment #5) > Changing bug title to be clearer that we are planning on removing this > ability. This ability was added in Firefox 53, so we'll need to land this > patch soon to remove it - based on Javaun's feedback. This seems like the right approach to me given the risk of newtab leaking info, unbeknownst to the user.
Flags: needinfo?(pdolanjski)
Updated•6 years ago
|
Priority: P1 → P2
Updated•6 years ago
|
Product: Toolkit → WebExtensions
Comment 9•6 years ago
|
||
(In reply to Peter Dolanjski [:pdol] from comment #7) > (In reply to Andy McKay [:andym] from comment #5) > > Changing bug title to be clearer that we are planning on removing this > > ability. This ability was added in Firefox 53, so we'll need to land this > > patch soon to remove it - based on Javaun's feedback. > > This seems like the right approach to me given the risk of newtab leaking > info, unbeknownst to the user. :pdol, I'm wondering if you could chime in on this (2-year old) bug again. We are planning to land bug 1457001 in release 66 which will require the user to explicitly opt-in to using any particular extension, including new tab page override, in private browsing windows. Is that sufficient from your point-of-view? Or do we want to go a step further, and actually prohibit new tab page overrides from working in private browsing windows, which is what this bug is suggesting?
Flags: needinfo?(pdolanjski)
Assignee | ||
Updated•5 years ago
|
Assignee: nobody → mixedpuppy
Updated•5 years ago
|
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
Assignee | ||
Comment 11•5 years ago
|
||
I'm closing this down. To long for ni, comments are referencing feedback outside the bug, etc etc.
Bug 1525125 and by extension bug 1380809 take care of user involvement in decided whether these work in pbm.
Status: ASSIGNED → RESOLVED
Closed: 5 years ago
Flags: needinfo?(pdolanjski)
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•