Whitelist Heartbeat / Self Repair origin for UITour

RESOLVED FIXED

Status

()

Firefox
Tours
RESOLVED FIXED
3 years ago
3 years ago

People

(Reporter: Gregg Lind (Fx Strategy and Insights - Shield - Heartbeat ), Unassigned)

Tracking

Trunk
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

Given the current plan to implement Heartbeat on a 'tour' privileged thing, the Self-Support url will have to also be viewd by tour as privileged (or we can add a second pref for browser.repair.*).  

Not sure the right solution.

All of this is a temp hack, so choose a poison :)

See:  http://mxr.mozilla.org/mozilla-central/source/browser/components/uitour/UITour.jsm#257
This is done, at the moment, by granting the SelfSupport URL "uitour" privileges when loading the page in bug 1111022!
Component: General → Tours
OS: Mac OS X → All
Hardware: x86 → All
Version: 37 Branch → Trunk
(In reply to Benjamin Smedberg  [:bsmedberg] from comment #2)
> We can add the necessary domain to
> http://mxr.mozilla.org/mozilla-central/source/browser/app/
> default_permissions?force=1

This is the correct solution to prevent the permission from getting cleared by Clear Recent History.
Summary: UITour url preference will need to support multiple targets to support Heartbeat / Self Repair → Whitelist Heartbeat / Self Repair origin for UITour
(it's also unclear to me how to get localhost:8000 or such to get uitour permissions, for dev and testing.  Not sure if this a new bug or not.  Benjamin, ideas?)

tried:

```
let addPerm = function (uri) {
  console.log("ADDING:", uri);
  let pageURI = Services.io.newURI(uri, null, null);
  Services.perms.add(pageURI, "uitour", Services.perms.ALLOW_ACTION);
  let good = Services.perms.testPermission(pageURI, "uitour") ===  Services.perms.ALLOW_ACTION;
  console.log("ADDED:", uri, good);
};

addPerm("http://localhost/");
addPerm("http://localhost:8000");
addPerm("http://127.0.0.1:8000");
```

The perm manager tests 'true' for those same strings, but at localhost the object doesn't work correctly.  At other pages it does.
Flags: needinfo?(benjamin)

Comment 5

3 years ago
I don't know. Similar things have worked in the past for me, but rather than using "localhost" I've used internal computer names like "stravinsky". Maybe localhost is special somehow.
Flags: needinfo?(benjamin)
The problem is likely that we don't allow http unless you set browser.uitour.requireSecure = false.
Similarly, you can use the browser.uitour.testingOrigins pref to whitelist a domain for testing/dev (it's used as a comma separated list; no restart needed).
Blair, MattN, thanks for the suggestions here. I think once we have the url, it should all fall into place just fine!
Status: NEW → RESOLVED
Last Resolved: 3 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.