Open Bug 727255 Opened 12 years ago Updated 12 years ago

Revisit testing privileges for 127.0.0.1 in add-on

Categories

(Web Apps :: Extension, defect)

Product:
Web Apps
Component:
Extension
Platform:
x86
macOS
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

People

(Reporter: anant, Unassigned)

Details

We've added a special case for .install() calls from 127.0.0.1, which allows the test suite to bypass the doorhanger (this is required for automated testing). We need to evaluate the security implications of this, and perhaps figure out if there's a better way to do this.

Some ideas:
- detect if we are in 'cfx run' mode to bypass doorhanger instead of using origin
- correctly implement setMockResponse and only make it available to test scripts when the add-on is in 'test mode', which should also be implemented
Could this issue also apply to the mozilla-central version of the implementation? Specifically with the test infrastructure? Anant what do you think?
You need to log in before you can comment on or make changes to this bug.