Closed
Bug 653307
Opened 13 years ago
Closed 13 years ago
Adjust reCAPTCHA NoScript hack in Sync
Categories
(Firefox :: Sync, defect)
Firefox
Sync
Tracking
()
RESOLVED
FIXED
mozilla5
| Tracking | Status | |
|---|---|---|
| firefox5 | --- | fixed |
People
(Reporter: rnewman, Assigned: rnewman)
References
Details
(Whiteboard: [verified in services])
Attachments
(4 files)
|
82.10 KB,
image/png
|
Details | |
|
65.09 KB,
image/png
|
Details | |
|
63.50 KB,
image/png
|
Details | |
|
1.62 KB,
patch
|
philikon
:
review+
jpr
:
approval-mozilla-aurora+
dveditz
:
approval2.0-
|
Details | Diff | Splinter Review |
Screenshot.
Sync currently adds recaptcha.net to the NoScript whitelist during setup. That URL is no longer valid (they're using google.com now), and NoScript has appropriate entries in its own whitelist. Furthermore, we already have a fallback for disabled JS, so our workaround code is unnecessary. KILL THE HEATHEN CODE!
|
Assignee | |
Updated•13 years ago
|
Assignee: nobody → rnewman
Status: NEW → ASSIGNED
Summary: Remove redundant NoScript hack from Sync → Remove redundant reCAPTCHA NoScript hack from Sync
|
|
Assignee | |
Comment 1•13 years ago
|
||
Let's just say that the user experience with NoScript is less than ideal.
|
|
Assignee | |
Comment 2•13 years ago
|
||
Taking a look at this scrollbar annoyance.
|
|
Assignee | |
Updated•13 years ago
|
Summary: Remove redundant reCAPTCHA NoScript hack from Sync → Adjust reCAPTCHA NoScript hack in Sync
|
|
Assignee | |
Comment 3•13 years ago
|
||
Have to force a minwidth of 700 on the wizard as whole. Let's hope this looks OK on Windows and Linux…
|
|
Assignee | |
Comment 4•13 years ago
|
||
This temporarily adds google.com to the whitelist.
Attachment #528945 -
Flags: review?(philipp)
|
|
Assignee | |
Comment 5•13 years ago
|
||
STR: * New profile. * Install NoScript: https://addons.mozilla.org/en-US/firefox/addon/noscript/ * Restart as required. * Set up Sync. Captcha page in the wizard should look like Attachment 528915 [details], not Attachment 528899 [details].
|
||
Comment 6•13 years ago
|
||
Comment on attachment 528945 [details] [diff] [review] Alter URL for whitelist. v1 >+// Broader than we'd like, but after this changed from api-secure.recaptcha.net >+// we had no choice. At least we only do this for the duration of setup. >+const RECAPTCHA_DOMAIN = "https://www.google.com"; >+ This makes me sad, but apparently NoScript does indeed not allow us to restrict it further as Giorgio writes in bug 508112 comment 14: Yes it does. A "site" for NoScript must be either a prePath (in nsIURI terms) or a host. >- _remoteSites: [Weave.Service.serverURL, "https://api-secure.recaptcha.net"], >+ _remoteSites: [Weave.Service.serverURL, RECAPTCHA_DOMAIN], Interesting (pre-existing) bug here: We will always whitelist only auth.s.m.c. If the user changes 'serverURL' by typing in a custom server URL and that custom server also requires a captcha (the minimal server doesn't, but conceivably others could), we never whitelist it. Fix would be to make this a dynamic getter always: get _remoteSites(): [Weave.Service.serverURL, RECAPTCHA_DOMAIN], r=me with that. Please request approval for aurora and 2.0 for the updated patch.
Attachment #528945 -
Flags: review?(philipp) → review+
|
|
Assignee | |
Comment 7•13 years ago
|
||
Pushed to services: https://hg.mozilla.org/services/services-central/rev/c01dba4456f9
Whiteboard: [fixed in services]
|
|
Assignee | |
Comment 8•13 years ago
|
||
Comment on attachment 528945 [details] [diff] [review] Alter URL for whitelist. v1 Requesting approval for Aurora and 4.0.2 for this patch: https://hg.mozilla.org/services/services-central/rev/c01dba4456f9 Justification: without this updated URL, NoScript users will have a degraded Sync signup experience, as shown in Attachment 528899 [details].
Attachment #528945 -
Flags: approval2.0?
Attachment #528945 -
Flags: approval-mozilla-aurora?
|
||
Comment 9•13 years ago
|
||
Verified with s-c builds of 20110502 and NoScript 2.1.0.3 installed
Whiteboard: [fixed in services] → [verified in services]
|
|
||
Comment 10•13 years ago
|
||
http://hg.mozilla.org/mozilla-central/rev/c01dba4456f9
Status: ASSIGNED → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla6
|
||
Updated•13 years ago
|
Attachment #528945 -
Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
|
|
Assignee | |
Comment 11•13 years ago
|
||
Pushed to Aurora: http://hg.mozilla.org/mozilla-aurora/rev/2b6445bfa3e9
status-firefox5:
--- → fixed
Target Milestone: mozilla6 → mozilla5
|
||
Comment 12•13 years ago
|
||
Comment on attachment 528945 [details] [diff] [review] Alter URL for whitelist. v1 Not planning any more 2.0 releases, no point in landing this there.
Attachment #528945 -
Flags: approval2.0? → approval2.0-
|
||
Updated•6 years ago
|
Component: Firefox Sync: Backend → Sync
Product: Cloud Services → Firefox
You need to log in
before you can comment on or make changes to this bug.
Description
•