Closed Bug 1049087 Opened 5 years ago Closed 5 years ago

pre-populate the whitelist for screensharing in Fx33

Categories

(Core :: WebRTC, defect)

defect
Not set

Tracking

()

RESOLVED FIXED
mozilla35
Tracking Status
firefox33 --- fixed
firefox34 --- fixed
firefox35 --- fixed
b2g-v2.1 --- fixed
b2g-v2.2 --- fixed

People

(Reporter: mreavy, Assigned: ehugg)

References

Details

(Whiteboard: [screensharing-uplift])

Attachments

(2 files)

For Fx33, we should pre-populate the whitelist with certain domains so that the feature is more useful "out of the box" for users.

The user retains the ability to update the whitelist at any time by going into about:config.
Blocks: 1040061
See Also: → 1049090
I'd like to point out that the implementation does not support wildcards.  Each domain in the list must be an exact match.  Code is here:
http://mxr.mozilla.org/mozilla-central/source/dom/media/MediaManager.cpp#137
I don't have a list of domains yet but I'm pretty sure we'll need wildcards for subdomains so we can add "*.webex.com" for example.

This is mentioned on bug 1037424 here as a "possible part 2":
https://bugzilla.mozilla.org/show_bug.cgi?id=1037424#c18
Depends on: 1049583
Assignee: nobody → gpiper
OS: Windows 7 → All
Hardware: x86_64 → All
Whiteboard: [sceensharing-uplift] → [sceensharing-uplift][leave-open]
Comment on attachment 8481304 [details] [diff] [review]
set temporary allowed screensharing domain of mozilla.github.io - replace for release

Approval Request Comment
[Feature/regressing bug #]: screensharing

[User impact if declined]: harder for people to test in beta

[Describe test coverage new/current, TBPL]: screensharing tests in tbpl use this

[Risks and why]: Provide a temporary value for the whitelist to allow testers to use http://mozilla.github.io/webrtc-landing/gum_test.html to verify screensharing.  Should be replaced by mid-beta with whatever we decide will be the initial release whitelist.

[String/UUID change made/needed]: none
Attachment #8481304 - Flags: review?(gpascutto)
Attachment #8481304 - Flags: approval-mozilla-aurora?
Comment on attachment 8481304 [details] [diff] [review]
set temporary allowed screensharing domain of mozilla.github.io - replace for release

Review of attachment 8481304 [details] [diff] [review]:
-----------------------------------------------------------------

::: modules/libpref/init/all.js
@@ +371,5 @@
>  #endif
>  
>  pref("media.getusermedia.screensharing.enabled", true);
> + // temporary value, not intended for release - bug 1049087
> +pref("media.getusermedia.screensharing.allowed_domains", "mozilla.github.io");

If it's not meant for release you should protect it with !defined(RELEASE_BUILD).
Attachment #8481304 - Flags: review?(gpascutto) → review+
Whiteboard: [sceensharing-uplift][leave-open] → [screensharing-uplift][leave-open]
Attachment #8481304 - Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
Assignee: gpiper → ethanhugg
Status: NEW → ASSIGNED
Attachment #8484458 - Flags: review?(rjesup)
Comment on attachment 8484458 [details] [diff] [review]
pre-populate the whitelist for screensharing in Fx33

Review of attachment 8484458 [details] [diff] [review]:
-----------------------------------------------------------------

::: modules/libpref/init/all.js
@@ +380,5 @@
>  #endif
>  
>  pref("media.getusermedia.screensharing.enabled", true);
>  #ifdef RELEASE_BUILD
> +pref("media.getusermedia.screensharing.allowed_domains", "webex.com,*.webex.com,collaborate.com,*.collaborate.com");

I see it as problematic that none of these domains use HTTPS+HSTS, because that means this protection is really trivial to circumvent in many cases.
Comment on attachment 8484458 [details] [diff] [review]
pre-populate the whitelist for screensharing in Fx33

Review of attachment 8484458 [details] [diff] [review]:
-----------------------------------------------------------------

Note: we've restricted screen/windowsharing to https: in a different bug
Attachment #8484458 - Flags: review?(rjesup) → review+
https://hg.mozilla.org/integration/mozilla-inbound/rev/efb085f286fd
Whiteboard: [screensharing-uplift][leave-open] → [screensharing-uplift]
Target Milestone: --- → mozilla35
https://hg.mozilla.org/mozilla-central/rev/efb085f286fd
Status: ASSIGNED → RESOLVED
Closed: 5 years ago
Resolution: --- → FIXED
Comment on attachment 8484458 [details] [diff] [review]
pre-populate the whitelist for screensharing in Fx33

Approval Request Comment
[Feature/regressing bug #]: screensharing

[User impact if declined]: inability to access approved sites

[Describe test coverage new/current, TBPL]: nightly, externally tested by Cisco

[Risks and why]: virtually none

[String/UUID change made/needed]: none
Attachment #8484458 - Flags: approval-mozilla-beta?
Attachment #8484458 - Flags: approval-mozilla-aurora?
Attachment #8484458 - Flags: approval-mozilla-beta?
Attachment #8484458 - Flags: approval-mozilla-beta+
Attachment #8484458 - Flags: approval-mozilla-aurora?
Attachment #8484458 - Flags: approval-mozilla-aurora+
You need to log in before you can comment on or make changes to this bug.