Closed
Bug 877268
Opened 11 years ago
Closed 7 years ago
Having a http url redirect to an add-on's resource:// uri is forbidden
Categories
(Add-on SDK Graveyard :: General, defect, P2)
Add-on SDK Graveyard
General
Tracking
(Not tracked)
RESOLVED
INCOMPLETE
People
(Reporter: evold, Unassigned)
References
Details
I was chatting with vladikoff on irc about implementing oauth with dropbox with a jetpack. In chrome this is what happens: 1. A tab is opened to https://www.dropbox.com/login?cont=https%3A//www.dropbox.com/1/oauth/authorize%3Foauth_callback%3Dchrome-extension%253A%252F%252Feilfcoobfbpeopacdeglplgabcadjf%252Ftest%252Fhtml%252Fchrome_oauth_receiver.html%253F_dropboxjs_scope%253Dhelper-chrome%2526dboauth_token%253Da3A5bAtyyfpXD0o%26oauth_token%3Da3Ax5btyyfpXD0o&signup_tag=oauth&signup_data=92719 2. Once approved this page redirects to the `oauth_callback` param provided in 1 On Firefox however if one provides a resource:// uri (whereas in chrome a chrome-extension:// is used) then there is a security error.
Reporter | ||
Comment 1•11 years ago
|
||
BTW the work around that vladikoff ended up using was have the page redirect to about:blank (which really ends up being about:blank#?params) and then stripping the params and open a tab for the resource:// uri document with the stripped params.
Comment 2•11 years ago
|
||
Probably the same issue as bug 820213, hoping to get a patch up this week.
Depends on: 820213
Priority: -- → P2
Comment 3•7 years ago
|
||
https://bugzilla.mozilla.org/show_bug.cgi?id=1399562
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → INCOMPLETE
You need to log in
before you can comment on or make changes to this bug.
Description
•