Closed Bug 1025241 Opened 10 years ago Closed 6 years ago

systemXHR permission: Proposing a domain white list

Categories

(Firefox OS Graveyard :: General, defect)

Product:
Firefox OS Graveyard
Component:
General
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX

People

(Reporter: mklehr, Unassigned)

Details

User Agent: Mozilla/5.0 (Windows NT 6.1; rv:30.0) Gecko/20100101 Firefox/30.0 (Beta/Release)
Build ID: 20140605174243




Expected results:

I would like to propose a more fine-granular way to control access to third-party services via XHR in a firefox app.

Currently, as far as I know, `systemXHR` access can only be allowed or denied. The user is not informed about which services the app would like to access, instead they have to blindly trust the reviewers of said app, that it does what the author says it does.

E.g. a twitter app might want to talk to the twitter API and thus needs permission to use XHR. However, it may also talk to google analytics using that permission, which the user might not be ok with.

I think apps should require a white list of services they'd like to talk to (i.e. domains). Of course, there are use cases where you might want to talk to everyone (potentially), but that shouldn't be the default option.

Thank you for considering this proposal.
Firefox OS is not being worked on
Status: UNCONFIRMED → RESOLVED
Closed: 6 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.