Closed
Bug 1061136
Opened 10 years ago
Closed 10 years ago
local (file://) links don't work if capability.policy.localfilelinks.sites without protocol and if only domain/only protocol
Categories
(Core :: Security: CAPS, defect)
Tracking
()
RESOLVED
FIXED
mozilla35
People
(Reporter: alice0775, Assigned: bholley)
References
Details
Attachments
(7 files, 2 obsolete files)
69 bytes,
text/html
|
Details | |
239 bytes,
application/x-javascript
|
Details | |
231 bytes,
application/x-javascript
|
Details | |
220 bytes,
application/x-javascript
|
Details | |
212 bytes,
application/x-javascript
|
Details | |
3.41 KB,
patch
|
bzbarsky
:
review+
Sylvestre
:
approval-mozilla-aurora+
Sylvestre
:
approval-mozilla-beta+
Sylvestre
:
approval-mozilla-esr31+
|
Details | Diff | Splinter Review |
1.17 KB,
patch
|
bzbarsky
:
review+
|
Details | Diff | Splinter Review |
No description provided.
Reporter | ||
Comment 1•10 years ago
|
||
Reporter | ||
Comment 2•10 years ago
|
||
Reporter | ||
Comment 3•10 years ago
|
||
+++ This bug was initially created as a clone of Bug #995943 +++ Build Identifier: https://hg.mozilla.org/mozilla-central/rev/1db35d2c9a2f Mozilla/5.0 (Windows NT 6.1; WOW64; rv:34.0) Gecko/20100101 Firefox/34.0 ID:20140831030206 Firefox 28 works as expected. This bug exist since Firefox 31. Steps to reproduce: 1. Create a new profile and copy "user.js" attachment 8482203 [details] to the profile folder 2. Start browser 3. Open attachment 8482197 [details] 4. Click a link "file:///c:/windows/win.ini" --- nothing happens in Nightly34. It works as expected in Filrefox28. It works if a protocol is specified(see attachment 8482198 [details]). Actual Results: No thing happen Expected results: File c:/windows/win.ini contents should display.
Blocks: 913734
Status: UNCONFIRMED → NEW
Ever confirmed: true
Summary: local (file://) links don't work even when configured for company's internal system → local (file://) links don't work if capability.policy.localfilelinks.sites without protocol
Reporter | ||
Updated•10 years ago
|
status-firefox31:
--- → affected
status-firefox32:
--- → affected
status-firefox33:
--- → affected
status-firefox34:
--- → affected
status-firefox35:
--- → affected
status-firefox-esr24:
--- → unaffected
status-firefox-esr31:
--- → affected
Reporter | ||
Comment 4•10 years ago
|
||
This also works in Firefox28. However, this dose not work in Firefox31 and later.
Reporter | ||
Updated•10 years ago
|
Summary: local (file://) links don't work if capability.policy.localfilelinks.sites without protocol → local (file://) links don't work if capability.policy.localfilelinks.sites without protocol or if only domain
Reporter | ||
Comment 5•10 years ago
|
||
This also works in Firefox28. However, this dose not work in Firefox31 and later.
Reporter | ||
Updated•10 years ago
|
Summary: local (file://) links don't work if capability.policy.localfilelinks.sites without protocol or if only domain → local (file://) links don't work if capability.policy.localfilelinks.sites without protocol and if only domain/only protocol
Updated•10 years ago
|
Flags: needinfo?(bobbyholley)
Assignee | ||
Comment 6•10 years ago
|
||
Protocol-only is WONTFIX for the reasons outlined in bug 1028321 comment 2. The "without protocol" case does seem like a potential pain-point. I think we can fix 95% of that pain by just assuming http:// there. I'll attach a patch.
Flags: needinfo?(bobbyholley)
Assignee | ||
Comment 7•10 years ago
|
||
Attachment #8483014 -
Flags: review?(bzbarsky)
Assignee | ||
Comment 8•10 years ago
|
||
[Tracking Requested - why for this release]: We'll want this on esr31, since this is currently the last overlap cycle of esr31, and this has the potential to reduce pain when large organizations make the switch in 6 weeks.
tracking-firefox-esr31:
--- → ?
Comment 9•10 years ago
|
||
Comment on attachment 8483014 [details] [diff] [review] Assume http:// for schemeless URIs in CAPS prefs. v1 r=me
Attachment #8483014 -
Flags: review?(bzbarsky) → review+
Reporter | ||
Comment 11•10 years ago
|
||
So, after the above patch landing, Open local file from http://host.domain and https://host_ssl.domain_ssl (ssl site), Not supported format: https: http: --- was rejected by bug 1061128 comment#2? host_ssl.domain_ssl [1] domain domain_ssl [2] Supported format: http://host.domain https://host_ssl.domain_ssl --- was added by bug 1061128 host.domain --- will be added by this bug 1061136 What about [1] and [2]?
Assignee | ||
Comment 12•10 years ago
|
||
Hm, I guess it makes sense to add _both_ http:// and https:// to the whitelist in the case of schemeless domains. I'll attach an updated patch.
Assignee | ||
Comment 13•10 years ago
|
||
Attachment #8483014 -
Attachment is obsolete: true
Attachment #8485320 -
Flags: review?(bzbarsky)
Comment 14•10 years ago
|
||
Comment on attachment 8485320 [details] [diff] [review] Assume both http:// and https:// for schemeless URIs in CAPS prefs. v2 Yeah, makes sense.
Attachment #8485320 -
Flags: review?(bzbarsky) → review+
Assignee | ||
Comment 15•10 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/2092f7bd26d2
Comment 16•10 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/2092f7bd26d2
Assignee: nobody → bobbyholley
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla35
Assignee | ||
Comment 17•10 years ago
|
||
This was a stupid error I introduced in this bug, whereby schemeless hosts cause subsequent sites to be ignored. I discovered it in bug 1053725, and incidentally the test changes made in that bug serve as test coverage for this patch. I know that serial landings in a single bug aren't all that kosher, but I think it's probably fine in this case, and simplifies things a bit when we uplift all this to esr.
Attachment #8486098 -
Flags: review?(bzbarsky)
Comment 18•10 years ago
|
||
Comment on attachment 8486098 [details] [diff] [review] Followup bugfix. v1 Ouch. I should have caught that! r=me
Attachment #8486098 -
Flags: review?(bzbarsky) → review+
Assignee | ||
Comment 19•10 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/6db078d61361
Assignee | ||
Comment 21•10 years ago
|
||
Comment on attachment 8485320 [details] [diff] [review] Assume both http:// and https:// for schemeless URIs in CAPS prefs. v2 This request applies to both patches in this bug. It makes the enterprise pref configurations for local file:// links more backwards compatible. [Approval Request Comment] If this is not a sec:{high,crit} bug, please state case for ESR consideration: User impact if declined: When large organizations switch over to esr31, they're more likely to find that their old pref files don't work, wasting time both in diagnosis and in deploying a fix. Fix Landed on Version: 35 Risk to taking this patch (and alternatives if risky): Very low risk String or UUID changes made by this patch: None See https://wiki.mozilla.org/Release_Management/ESR_Landing_Process for more info.
Attachment #8485320 -
Flags: approval-mozilla-esr31?
Assignee | ||
Comment 22•10 years ago
|
||
Comment on attachment 8485320 [details] [diff] [review] Assume both http:// and https:// for schemeless URIs in CAPS prefs. v2 See bug 1053725 comment 11. Don't forget the followup bugfix.
Attachment #8485320 -
Flags: approval-mozilla-beta?
Attachment #8485320 -
Flags: approval-mozilla-aurora?
Updated•10 years ago
|
Attachment #8485320 -
Flags: approval-mozilla-esr31?
Attachment #8485320 -
Flags: approval-mozilla-esr31+
Attachment #8485320 -
Flags: approval-mozilla-beta?
Attachment #8485320 -
Flags: approval-mozilla-beta+
Attachment #8485320 -
Flags: approval-mozilla-aurora?
Attachment #8485320 -
Flags: approval-mozilla-aurora+
Comment 23•10 years ago
|
||
https://hg.mozilla.org/releases/mozilla-aurora/rev/1cf9afc1f606 https://hg.mozilla.org/releases/mozilla-beta/rev/e608db37bafb https://hg.mozilla.org/releases/mozilla-esr31/rev/1cfc6d945632 I folded the follow-up fix into the original patch.
Flags: in-testsuite+
Comment 24•10 years ago
|
||
Either this or bug 1053725 appears to have broken Marionette :( https://tbpl.mozilla.org/php/getParsedLog.php?id=48107396&tree=Mozilla-Esr31
Flags: needinfo?(bobbyholley)
Assignee | ||
Comment 26•10 years ago
|
||
Attachment #8489983 -
Flags: review?(bzbarsky)
Assignee | ||
Comment 27•10 years ago
|
||
Comment on attachment 8489983 [details] [diff] [review] Get sIOService before invoking ReadPrefs. v1 Sorry, wrong bug.
Attachment #8489983 -
Attachment is obsolete: true
Attachment #8489983 -
Flags: review?(bzbarsky)
Updated•10 years ago
|
You need to log in
before you can comment on or make changes to this bug.
Description
•