Closed Bug 877268 Opened 11 years ago Closed 7 years ago

Having a http url redirect to an add-on's resource:// uri is forbidden

Categories

(Add-on SDK Graveyard :: General, defect, P2)

Product:
Add-on SDK Graveyard
Component:
General
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED INCOMPLETE

People

(Reporter: evold, Unassigned)

References

Details

I was chatting with vladikoff on irc about implementing oauth with dropbox with a jetpack.  In chrome this is what happens:

1. A tab is opened to https://www.dropbox.com/login?cont=https%3A//www.dropbox.com/1/oauth/authorize%3Foauth_callback%3Dchrome-extension%253A%252F%252Feilfcoobfbpeopacdeglplgabcadjf%252Ftest%252Fhtml%252Fchrome_oauth_receiver.html%253F_dropboxjs_scope%253Dhelper-chrome%2526dboauth_token%253Da3A5bAtyyfpXD0o%26oauth_token%3Da3Ax5btyyfpXD0o&signup_tag=oauth&signup_data=92719

2. Once approved this page redirects to the `oauth_callback` param provided in 1

On Firefox however if one provides a resource:// uri (whereas in chrome a chrome-extension:// is used) then there is a security error.
BTW the work around that vladikoff ended up using was have the page redirect to about:blank (which really ends up being about:blank#?params) and then stripping the params and open a tab for the resource:// uri document with the stripped params.
Probably the same issue as bug 820213, hoping to get a patch up this week.
Depends on: 820213
https://bugzilla.mozilla.org/show_bug.cgi?id=1399562
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.