Closed
Bug 1082049
Opened 10 years ago
Closed 10 years ago
Mozilla-developed app is denied from using `*.mozilla.com` as origin
Categories
(Marketplace Graveyard :: Validation, defect, P1)
Tracking
(Not tracked)
VERIFIED
FIXED
2014-10-14
People
(Reporter: Harald, Assigned: cvan)
References
Details
This blocks Hello submission. The specific origin is required in this case for FxAccounts/Mobile ID validation
|
Reporter | |
Comment 1•10 years ago
|
||
ni? on eng manager and product for fast escalation.
Flags: needinfo?(dbialer)
Flags: needinfo?(clouserw)
|
|
Reporter | |
Updated•10 years ago
|
Summary: Mozilla-developer app is denied from using `*.mozilla.com` as origin → Mozilla-developed app is denied from using `*.mozilla.com` as origin
|
|
Reporter | |
Updated•10 years ago
|
Blocks: Loopmov_1_1
|
||
Comment 2•10 years ago
|
||
Why is it blocked? are you literally using "*.mozilla.com" - if so, don't think this is a valid origin.
|
||
Updated•10 years ago
|
Assignee: nobody → mstriemer
Flags: needinfo?(clouserw)
Priority: -- → P1
Target Milestone: --- → 2014-10-14
|
|
Reporter | |
Comment 3•10 years ago
|
||
(In reply to David Bialer [:dbialer] from comment #2) > Why is it blocked? are you literally using "*.mozilla.com" - if so, don't > think this is a valid origin. It is using an origin like `hello.services.mozilla.com`.
Flags: needinfo?(dbialer)
|
Assignee | |
Comment 4•10 years ago
|
||
Where do you see an error saying it's blocked? STR? Because we/I lifted this restriction so the Marketplace could submit its own packaged app to the Marketplace.
|
||
Comment 5•10 years ago
|
||
(In reply to Christopher Van Wiemeersch [:cvan] from comment #4) > Where do you see an error saying it's blocked? STR? When the zip file with the app is validated: "Origin cannot use `mozilla.com` origin. Error: App origins may not reference `mozilla.com`. Found origin: app://loop.services.mozilla.com You can find more information at https://developer.mozilla.org/docs/Web/Apps/Manifest Node: root > origin manifest.webapp" > Because we/I lifted this restriction so the Marketplace could submit its own > packaged app to the Marketplace.
|
|
Assignee | |
Comment 6•10 years ago
|
||
Ah, I removed only "firefox.com" from the blacklist:
https://github.com/mozilla/app-validator/commit/3e7127
I've removed the others from the blacklist:
https://github.com/mozilla/app-validator/commit/1c076f8
https://github.com/mozilla/app-validator/commit/2995f73
I've also updated Zamboni to use the updated validator and retagged our release to include this cherrypick:
https://github.com/mozilla/zamboni/commit/c18edfe
This will go live tomorrow (10/14 @ 11 AM PDT) and you can test it on -dev right now: https://marketplace-dev.allizom.org/developers/submit/
––
Going forward, we will rely on the review process to catch people attempting to submit rogue apps masquerading as Mozilla origins.
To my knowledge, we haven't had any attempts of people submitting apps with a "\.?firefox\.com" origin. So I think this all should be fine.Assignee: mstriemer → cvan
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
|
||
Comment 7•10 years ago
|
||
Verified as fixed in FF36(Win7) in marketplace-dev.allizom.org I have successfully submitted an app with the origin "origin": "app://test.services.mozilla.com" The error Origin cannot use `mozilla.com` origin. was no longer displayed and the submission worked fine. The app is here: https://marketplace-dev.allizom.org/app/testorigin/ Closing.
Status: RESOLVED → VERIFIED
|
||
Updated•10 years ago
|
Blocks: MP_Loop1.1
|
|
||
Updated•10 years ago
|
No longer blocks: Loopmov_1_1
You need to log in
before you can comment on or make changes to this bug.
Description
•