Closed Bug 1031554 Opened 10 years ago Closed 10 years ago

All "Security Exception" buttons broken when using a SDK Panel

Categories

(Add-on SDK Graveyard :: General, defect)

Product:
Add-on SDK Graveyard
Component:
General
Platform:
x86
macOS
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX

People

(Reporter: jvanasco, Unassigned)

Details

User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.59.10 (KHTML, like Gecko) Version/5.1.9 Safari/534.59.10

Steps to reproduce:

I am developing a Firefox plugin and noticed this in a `cfx run` test.

I am attempting to open a SDK panel on an untrusted HTTPS connection.  The "Confirm Security Exception" button does nothing.  The "Take me out of here" button does nothing.

	var panel = require('sdk/panel').Panel({
		width: 700,
		height: 700,
		contentURL : "https://127.0.0.1" /* or other https server without an acceptable signature */
	});
	panel.show();  

If I add a security exception in another window (still in the instance spawned by `cfx run`) , the buttons work correctly.



Actual results:

Nothing happened when clicking buttons.




Expected results:

I should be able to add an exception or exit the dialog by clicking the appropriate button.
Component: Untriaged → General
Product: Firefox → Add-on SDK
Version: 30 Branch → unspecified
You shouldn't be loading insecure content in a panel.
Status: UNCONFIRMED → RESOLVED
Closed: 10 years ago
Resolution: --- → WONTFIX
'You shouldn't be loading insecure content in a panel.'

1. That message doesn't appear anywhere on the SDK docs.  If that is a rule, then the docs need to be updated.  See here -- https://developer.mozilla.org/en-US/Add-ons/SDK/High-Level_APIs/panel

2. The content isn't insecure.  It's on a HTTPS connection, but using a self-signed certificate ( which hasn't been accepted yet by the user yet ).
hi Jonathan,

this isn't exactly a rule, but a recommendation to you. lots of stuff doesn't work when loaded into a panel, and is (mostly) out of our hands, because it's a platform bug, not an sdk issue.

what you could do is, upon installing your addon, you can open a "welcome" page for the user inside a tab, where you can instruct them to accept the certificate, and provide a link to do so.
This only affects me on development (which is a pain).  I have full certs for production usage.

Rule/recommendation/etc -- something needs to be officially noted in the docs.  If this is a known platform feature to the core devs, a note about it in the SDK docs would seem proper.
you are right, i filed bug 1035327..
oh wow, thanks.  Panels are WAY more limited than I thought, and it looks like I should not be using them!

Your other bug-report just saved me a ton of probable headaches!
You need to log in before you can comment on or make changes to this bug.