Enable mozBrowser for desktop app runtime

RESOLVED WONTFIX

Status

Firefox Graveyard
Webapp Runtime
--
major
RESOLVED WONTFIX
3 years ago
2 years ago

People

(Reporter: Harald, Unassigned)

Tracking

34 Branch
x86
All

Details

(Reporter)

Description

3 years ago
Several apps use it to wrap their site in a packaged app. Developers expect it to work cross-platform.
Hi Kan-Ru,

Can you give us any idea about what it would take to allow the mozBrowser permission for a privileged open web app runnning on desktop Firefox?

thanks,
-Bill
Flags: needinfo?(kchen)
(In reply to Bill Walker [:bwalker] [@wfwalker] from comment #1)
> Hi Kan-Ru,
> 
> Can you give us any idea about what it would take to allow the mozBrowser
> permission for a privileged open web app runnning on desktop Firefox?
> 
> thanks,
> -Bill

While I'm not sure what you mean |privileged open web app running on desktop Firefox|, there is a single pref dom.mozBrowserFramesEnabled to control the exposure of this feature. If you are going to do that, we should carefully analyze the risk of exposing this to wider audience.
Flags: needinfo?(kchen)
(In reply to Kan-Ru Chen [:kanru] from comment #2)
> (In reply to Bill Walker [:bwalker] [@wfwalker] from comment #1)
> > Hi Kan-Ru,
> > 
> > Can you give us any idea about what it would take to allow the mozBrowser
> > permission for a privileged open web app runnning on desktop Firefox?
> > 
> > thanks,
> > -Bill
> 
> While I'm not sure what you mean |privileged open web app running on desktop
> Firefox|, there is a single pref dom.mozBrowserFramesEnabled to control the
> exposure of this feature. If you are going to do that, we should carefully
> analyze the risk of exposing this to wider audience.

Hi Kan-Ru,

Here's what I mean: On a Firefox OS phone, I can create an app whose app manifest requests the "browser" permission. We install that app from Firefox Marketplace by calling mozApps.installPackage(). Upon launch, if that app is properly signed, it can use iframes with the browser attribute, as described at 

https://developer.mozilla.org/en-US/docs/Web/API/Using_the_Browser_API

I'd like to be able to do the exact same thing on Firefox for Windows or Mac OS X. I've got the same mozApps.installPackage() API present there, but currently browser frames don't work.

It sounds like all I'd need to do is enable that pref and work through the security implications?

thanks,
-Bill
(In reply to Bill Walker [:bwalker] [@wfwalker] from comment #3)
> (In reply to Kan-Ru Chen [:kanru] from comment #2)
> > (In reply to Bill Walker [:bwalker] [@wfwalker] from comment #1)
> > > Hi Kan-Ru,
> > > 
> > > Can you give us any idea about what it would take to allow the mozBrowser
> > > permission for a privileged open web app runnning on desktop Firefox?
> > > 
> > > thanks,
> > > -Bill
> > 
> > While I'm not sure what you mean |privileged open web app running on desktop
> > Firefox|, there is a single pref dom.mozBrowserFramesEnabled to control the
> > exposure of this feature. If you are going to do that, we should carefully
> > analyze the risk of exposing this to wider audience.
> 
> Hi Kan-Ru,
> 
> Here's what I mean: On a Firefox OS phone, I can create an app whose app
> manifest requests the "browser" permission. We install that app from Firefox
> Marketplace by calling mozApps.installPackage(). Upon launch, if that app is
> properly signed, it can use iframes with the browser attribute, as described
> at 
> 
> https://developer.mozilla.org/en-US/docs/Web/API/Using_the_Browser_API
> 
> I'd like to be able to do the exact same thing on Firefox for Windows or Mac
> OS X. I've got the same mozApps.installPackage() API present there, but
> currently browser frames don't work.

I see, thanks for the explanation.

> It sounds like all I'd need to do is enable that pref and work through the
> security implications?

Correct. And I think this should follow the "Intent to ship" process. https://wiki.mozilla.org/WebAPI/ExposureGuidelines
The current list of apps in Firefox Marketplace that use this permission:

https://thecount.paas.allizom.org/#/listing/permission/browser
Per bug 1238079, we're going to disable the desktop web runtime and remove it from the codebase, so we won't fix these bugs in it.
Status: NEW → RESOLVED
Last Resolved: 2 years ago
Resolution: --- → WONTFIX
(Assignee)

Updated

2 years ago
Product: Firefox → Firefox Graveyard
You need to log in before you can comment on or make changes to this bug.