Closed
Bug 1147940
Opened 9 years ago
Closed 9 years ago
Remove the dom.webcrypto.enabled pref
Categories
(Core :: DOM: Security, defect)
Tracking
()
RESOLVED
FIXED
mozilla40
| Tracking | Status | |
|---|---|---|
| firefox40 | --- | fixed |
People
(Reporter: standard8, Assigned: standard8)
Details
Attachments
(1 file, 2 obsolete files)
|
5.36 KB,
patch
|
smaug
:
review+
rbarnes
:
review+
|
Details | Diff | Splinter Review |
In Hello, we're working on a feature that requires encryption. For our content side parts we're using WebCrypto. We need to do some work in privileged chrome code (javascript module) as well, but unfortunately it appears like WebCrypto isn't available there. Is it possible to have it made available? I started a patch based on what I saw elsewhere with webidl, and although Crypto seems to be a function, it doesn't seem possible to do anything with it. Am I missing something?
Attachment #8583887 -
Flags: feedback?
Flags: needinfo?(bugs)
|
||
Comment 1•9 years ago
|
||
There is Window implements GlobalCrypto; which makes .crypto available in window object. Perhaps you could make Crypto and SubtleCrypto to have ChromeConstructor and expose those interfaces in Window and System context as your patch already does. Then one could access a crypto object using new Crypto() in chrome.
Flags: needinfo?(bugs)
|
Assignee | |
Comment 2•9 years ago
|
||
Thanks for the pointer. Adding the chrome constructor worked great. I've also removed the dom.webcrypto.enabled pref - I'm assuming that isn't really required now. Also the webidl doesn't allow Pref to be specified if the Exposed attribute is more than just "Window". There's a try push here: https://treeherder.mozilla.org/#/jobs?repo=try&revision=157f241608d7
Attachment #8583887 -
Attachment is obsolete: true
Attachment #8583887 -
Flags: feedback?
Attachment #8583944 -
Flags: review?(bugs)
|
|
||
Comment 3•9 years ago
|
||
Comment on attachment 8583944 [details] [diff] [review] Enable WebCrypto for use in chrome; Remove old dom.webcrypto.enabled pref. ttaubert, ok to remove the pref?
Attachment #8583944 -
Flags: review?(bugs)
Attachment #8583944 -
Flags: review+
Attachment #8583944 -
Flags: feedback?(ttaubert)
|
||
Comment 4•9 years ago
|
||
Comment on attachment 8583944 [details] [diff] [review] Enable WebCrypto for use in chrome; Remove old dom.webcrypto.enabled pref. Richard as the owner of WebCrypto should decide here. I think he liked to keep the pref in the beginning in case we landed something that would leave millions vulnerable to some possible security flaw. IMO we don't really need this anymore.
Attachment #8583944 -
Flags: feedback?(ttaubert) → feedback?(rlb)
|
|
Assignee | |
Updated•9 years ago
|
Assignee: nobody → standard8
|
||
Comment 5•9 years ago
|
||
Comment on attachment 8583944 [details] [diff] [review] Enable WebCrypto for use in chrome; Remove old dom.webcrypto.enabled pref. Review of attachment 8583944 [details] [diff] [review]: ----------------------------------------------------------------- This looks fine to me, though I don't have enough WebIDL clue to know why you need the Constructor() method as opposed to a normal ctor + Init(). I'm fine getting rid of the pref. You'll need review from a DOM peer for the changes to test_interfaces.html. :bz has helped out on WebCrypto stuff before, so he's probably a good candidate.
Attachment #8583944 -
Flags: feedback?(rlb) → feedback+
|
|
Assignee | |
Comment 6•9 years ago
|
||
So earlier today, I discovered that crypto is available via Cu.importGlobalProperties - it was added in bug 1116269. Does that mean we still want to land this bug, or should we just resolve this as invalid?
Flags: needinfo?(ttaubert)
Flags: needinfo?(rlb)
|
|
||
Comment 7•9 years ago
|
||
Maybe we should just rename it to "remove dom.crypto.enabled", and land that part?
Flags: needinfo?(rlb)
|
|
||
Comment 8•9 years ago
|
||
(In reply to Richard Barnes [:rbarnes] from comment #7) > Maybe we should just rename it to "remove dom.crypto.enabled", and land that > part? +1
Flags: needinfo?(ttaubert)
|
|
Assignee | |
Comment 9•9 years ago
|
||
Updated to just remove the old pref.
Attachment #8583944 -
Attachment is obsolete: true
Attachment #8589076 -
Flags: review?(rlb)
Attachment #8589076 -
Flags: review?(bugs)
|
|
Assignee | |
Updated•9 years ago
|
Summary: Enable WebCrypto for use in javascript in gecko → Remove the dom.webcrypto.enabled pref
|
|
||
Updated•9 years ago
|
Attachment #8589076 -
Flags: review?(bugs) → review+
|
|
||
Comment 10•9 years ago
|
||
Comment on attachment 8589076 [details] [diff] [review] Remove the dom.webcrypto.enabled pref as it is no longer necessary. Review of attachment 8589076 [details] [diff] [review]: ----------------------------------------------------------------- LGTM, with one nit. ::: dom/crypto/test/test-array.js @@ +175,5 @@ > if (MOCHITEST) { > SimpleTest.waitForExplicitFinish(); > window.addEventListener("load", function() { > SimpleTest.waitForFocus(function() { > + start(); Could this just be SimpleTest.waitForFocus(start) ?
Attachment #8589076 -
Flags: review?(rlb) → review+
|
|
Assignee | |
Comment 11•9 years ago
|
||
Landed with the test simplified: https://hg.mozilla.org/integration/mozilla-inbound/rev/dde176616801
Target Milestone: --- → mozilla40
|
||
Comment 12•9 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/dde176616801
Status: NEW → RESOLVED
Closed: 9 years ago
status-firefox40:
--- → fixed
Flags: in-testsuite+
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•