Closed Bug 1083637 Opened 10 years ago Closed 10 years ago

Blocking installs for marketplace.firefox.com doesn't work until preferences has been opened

Categories

(Firefox :: Settings UI, defect)

Product:
Firefox
Component:
Settings UI
Version:
34 Branch
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
Firefox 35

People

(Reporter: mkaply, Unassigned)

References

Details

If you try to block installs from marketplace.firefox.com on the first run of Firefox, it doesn't work until preferences is opened.

To recreate:

1. Set devtools.chrome.enabled to true.
2. Open the scratchpad.
3. Set the environment to browser.
4. Paste this line:
Services.perms.add(NetUtil.newURI("http://marketplace.firefox.com"), "install", 2);

Now go to preferences, security, exceptions.

Notice that marketplace.firefox.com still says allow.

Now run the command again.

It works.

It also works on subsequent invocations of Firefox.
Blocks: 506446
And FYI, this is a real world scenario. Because of this problem, blocking marketplace installs via AutoConfig isn't working on firstrun.
I can't repro that.  What I did:

* Created a new profile and started nightly with it.
* Hit about:config and set devtools.chrome.enabled = true
* Open a scratchpad, set as browser environment and execute the code you pasted.
* Options->Security->addons exceptions

I see addons.mozilla.org as "Allow" and marketplace.firefox.com as "Block"
Hardware: x86 → All
Looks like it is 33 only. Argh.
Version: Trunk → 33 Branch
Broken on 34 (aurora) as well.
Version: 33 Branch → 34 Branch
This was "fixed" here:

https://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=5bd6e09f074e&tochange=afc933adf723

Most likely candidate was 

https://bugzilla.mozilla.org/show_bug.cgi?id=1050080

Although it looks like that is going to be backed out. I'm going to go back further and see what actually broke it originally.
(In reply to Mike Kaply (:mkaply) from comment #5)
> https://bugzilla.mozilla.org/show_bug.cgi?id=1050080
> 
> Although it looks like that is going to be backed out. I'm going to go back
> further and see what actually broke it originally.

A partial backout was already done in bug 1073359 to fix non-Firefox applications and no further backout of that bug is planned.
Any idea how to work around this bug since we're stuck with it on the ESR?
I think you are simply seeing the old behaviour WRT default permissions - they are loaded by code as certain modules are loaded.  All the changes in the other bugs you reference were changed in Firefox 35.

In this specific case, the default is loaded via the line in firefox.js:

 pref("xpinstall.whitelist.add.180", "marketplace.firefox.com");

and I can only assume that the code which acts on this pref (XPIProvider.jsm) is lazily loaded as prefs open, and they override the permission you added before this load.  Note that only the very first run of that module will change the permissions, which explains why executing your example code after it's been loaded once sticks.

So in the ESR the solution is to change those prefs, and in the following ESR you will be able to do it in the same way as your example.
Fixed by bug 506446, then.

Likely wontfix for older ESRs since bug 506446 is not backportable there. We could potentially mitigate this with a more specific fix (e.g. add a notification for when PermissionUtils completes its lazy import of permissions), but since there are alternative ways of doing this, and this behavior has been around for a long time, not sure that's worth it.
No longer blocks: 506446
Status: NEW → RESOLVED
Closed: 10 years ago
Depends on: 506446
Resolution: --- → FIXED
Target Milestone: --- → Firefox 35
Agreed. I just put in a workaround.
You need to log in before you can comment on or make changes to this bug.