Closed
Bug 1127522
Opened 10 years ago
Closed 8 years ago
Removal of screensharing whitelist
Categories
(Firefox Graveyard :: Screen Sharing Whitelist, defect)
Firefox Graveyard
Screen Sharing Whitelist
Tracking
(Not tracked)
RESOLVED
FIXED
Firefox 52
People
(Reporter: mt, Unassigned)
References
(Depends on 1 open bug)
Details
(Keywords: DevAdvocacy, Whiteboard: [ux][DevRel:P1][fxprivacy][tracking] )
This reason the screensharing whitelist exists is the risk to the integrity of unrelated sites. In many ways, it gives a site access to something that only an add-on can get. So sharing Firefox is the baby brother of installing an add-on. The risk of sharing other applications is far more manageable.
What I would like to see from the Firefox screensharing UX is the following:
1 - Firefox doesn't appear in the list by default
2 - Whole-desktop sharing doesn't appear in the list by default (it might contain a Firefox window)
3 - There is some special process for users to signal to Firefox that they want to share Firefox
4 - There is some way for a user to discover the above process when they are presented with the screen sharing doorhanger; the same discovery process is probably necessary to explain why Firefox isn't on the list
Platform needs to help here by providing a way to filter Firefox from the list of windows based on whether this special signal has been created by the user.
Doing just 1&2 alone removes a lot of the incentive to use the whitelist, but until we have 3&4, there is probably a case for retaining the list, solely for access to sharing Firefox.
|
Reporter | |
Updated•10 years ago
|
Whiteboard: [ux]
|
||
Updated•10 years ago
|
Component: General → Screen Sharing Whitelist
|
||
Comment 3•9 years ago
|
||
Trying to understand: a whitelist would still required to allow users to share their browser? What would be the flow for an informed user who wishes to share their entire desktop?
|
|
||
Updated•9 years ago
|
Keywords: DevAdvocacy
|
|
||
Comment 4•9 years ago
|
||
It's been 8 months without resolution here. I understand the security risks, but I worry we're seeing a closed whitelist as "good enough" for the time being.
|
|
Reporter | |
Comment 5•9 years ago
|
||
I share that concern. I believe that the resolution is blocked on UX resources. I will re-raise this with the security team, who are working with UX on new permissions flows.
|
||
Comment 6•9 years ago
|
||
In the mean time is it possible for you guys to approve some of the white listing requests that are currently requested? I raised Bug 1201832 for whitelisting of our service www.circuit.com about a month ago. I don't want to have to delay firefox support because we don't have this in place.
|
||
Comment 7•9 years ago
|
||
Does anyone own the Screen Sharing Whitelist component? There are about 20 unconfirmed bugs [1], all of which appear to have come from the Bugzilla template [2] provided on the Mozilla wiki [3] (and possibly elsewhere).
[1] https://bugzilla.mozilla.org/buglist.cgi?component=Screen%20Sharing%20Whitelist&product=Firefox&bug_status=__open__
[2] https://bugzilla.mozilla.org/form.screen.share.whitelist
[3] https://wiki.mozilla.org/Screensharing
Since this is still open, could someone take a look a our whitelisting request, too? We're eager to get FF support implemented, and happy to answer any questions you may have. Here's the ticket: https://bugzilla.mozilla.org/show_bug.cgi?id=1240199.
Hi there -- bumping this thread again to see if someone can review our whitelist request? Would be much appreciated!
https://bugzilla.mozilla.org/show_bug.cgi?id=1240199
|
||
Updated•9 years ago
|
Whiteboard: [ux] → [ux][DevRel:P1]
|
||
Comment 10•9 years ago
|
||
I strongly urge you to not approve any more whitelist-addition requests. Every single entry in the whitelist is a punch in the face of the open web and creates the next walled garden after privileged app in Firefox OS.
|
||
Updated•8 years ago
|
Whiteboard: [ux][DevRel:P1] → [ux][DevRel:P1][fxprivacy][triage]
|
||
Comment 11•8 years ago
|
||
(In reply to paul.leo.steinberg from comment #10)
> I strongly urge you to not approve any more whitelist-addition requests.
> Every single entry in the whitelist is a punch in the face of the open web
> and creates the next walled garden after privileged app in Firefox OS.
As much as I'd prefer not to have a whitelist, right now it is the only method available to us (having users edit about:config isn't really practical for the average user). We reported bug 1244765 over 5 months ago to whitelist www.groupworld.net, but it is still UNCONFIRMED.
|
||
Updated•8 years ago
|
Whiteboard: [ux][DevRel:P1][fxprivacy][triage] → [ux][DevRel:P1][fxprivacy][tracking]
|
||
Comment 12•8 years ago
|
||
FIXED for 52 by the work that went into bugs this depends on.
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
Target Milestone: --- → Firefox 52
|
||
Updated•6 years ago
|
Product: Firefox → Firefox Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•