Closed
Bug 1031554
Opened 10 years ago
Closed 10 years ago
All "Security Exception" buttons broken when using a SDK Panel
Categories
(Add-on SDK Graveyard :: General, defect)
Tracking
(Not tracked)
RESOLVED
WONTFIX
People
(Reporter: jvanasco, Unassigned)
Details
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.59.10 (KHTML, like Gecko) Version/5.1.9 Safari/534.59.10 Steps to reproduce: I am developing a Firefox plugin and noticed this in a `cfx run` test. I am attempting to open a SDK panel on an untrusted HTTPS connection. The "Confirm Security Exception" button does nothing. The "Take me out of here" button does nothing. var panel = require('sdk/panel').Panel({ width: 700, height: 700, contentURL : "https://127.0.0.1" /* or other https server without an acceptable signature */ }); panel.show(); If I add a security exception in another window (still in the instance spawned by `cfx run`) , the buttons work correctly. Actual results: Nothing happened when clicking buttons. Expected results: I should be able to add an exception or exit the dialog by clicking the appropriate button.
Updated•10 years ago
|
Component: Untriaged → General
Product: Firefox → Add-on SDK
Version: 30 Branch → unspecified
You shouldn't be loading insecure content in a panel.
Status: UNCONFIRMED → RESOLVED
Closed: 10 years ago
Resolution: --- → WONTFIX
Reporter | ||
Comment 2•10 years ago
|
||
'You shouldn't be loading insecure content in a panel.' 1. That message doesn't appear anywhere on the SDK docs. If that is a rule, then the docs need to be updated. See here -- https://developer.mozilla.org/en-US/Add-ons/SDK/High-Level_APIs/panel 2. The content isn't insecure. It's on a HTTPS connection, but using a self-signed certificate ( which hasn't been accepted yet by the user yet ).
Comment 3•10 years ago
|
||
hi Jonathan, this isn't exactly a rule, but a recommendation to you. lots of stuff doesn't work when loaded into a panel, and is (mostly) out of our hands, because it's a platform bug, not an sdk issue. what you could do is, upon installing your addon, you can open a "welcome" page for the user inside a tab, where you can instruct them to accept the certificate, and provide a link to do so.
Reporter | ||
Comment 4•10 years ago
|
||
This only affects me on development (which is a pain). I have full certs for production usage. Rule/recommendation/etc -- something needs to be officially noted in the docs. If this is a known platform feature to the core devs, a note about it in the SDK docs would seem proper.
Comment 5•10 years ago
|
||
you are right, i filed bug 1035327..
Reporter | ||
Comment 6•10 years ago
|
||
oh wow, thanks. Panels are WAY more limited than I thought, and it looks like I should not be using them! Your other bug-report just saved me a ton of probable headaches!
You need to log in
before you can comment on or make changes to this bug.
Description
•