Closed
Bug 1157810
Opened 9 years ago
Closed 9 years ago
Enforce that tile images are loaded from mozilla.net
Categories
(Firefox :: New Tab Page, defect)
Firefox
New Tab Page
Tracking
()
Tracking | Status | |
---|---|---|
firefox41 | --- | fixed |
People
(Reporter: benjamin, Assigned: Mardak)
References
Details
(Whiteboard: .?)
Attachments
(1 file)
7.75 KB,
patch
|
adw
:
review+
benjamin
:
feedback+
|
Details | Diff | Splinter Review |
During doc review in bug 1156876, we noted that tile image URLs are from Mozilla servers, but this is not enforced in the code. We should enforce that these are always from mozilla.com or mozilla.net so that we don't accidentally leak information to other servers about a user's behavior.
Assignee | ||
Updated•9 years ago
|
Points: --- → 3
Whiteboard: .?
Comment 1•9 years ago
|
||
When testing in stage we use the *.mozaws.net domain. If we start enforcing that one should be white listed as well.
Assignee | ||
Comment 2•9 years ago
|
||
mostlygeek, do we expect to be on mozilla.net for the foreseeable future? When we initially launched, the images were hosted cloudfront.net so it happened to be nice we didn't need to change Firefox code to support switching to mozilla.net.
Comment 3•9 years ago
|
||
Yes, we should be at the tiles.cdn.mozilla.net domain for a long time. If we were to change we'll do it with a new subdomain, ie: tiles2.cdn.mozilla.net.
Comment 4•9 years ago
|
||
erg... that is if we were to change CDN providers.
Assignee | ||
Comment 5•9 years ago
|
||
mostlygeek, I noticed when testing in stage, it resulted in urls from s3.amazonaws.com instead of mozaws.net. Is it just a configuration change somewhere to make the images be mozaws instead of amazonaws? Alternatively, we could tie the check to a pref: a boolean for check or not or a string for allowed domains defaulting to mozilla.net but can be overridden to mozaws.net or anything else.
Comment 6•9 years ago
|
||
My bad. Yes, in stage it actually comes from S3 directly and not from a mozaws.net domain.
Assignee | ||
Updated•9 years ago
|
Assignee: nobody → edilee
Iteration: --- → 41.1 - May 25
Component: Tiles → New Tab Page
Product: Content Services → Firefox
Summary: Enforce that tile images are loaded from mozilla.com or mozilla.net → Enforce that tile images are loaded from mozilla.net
Assignee | ||
Comment 7•9 years ago
|
||
f? per https://wiki.mozilla.org/Firefox/Data_Collection There's no additional data being collected. Firefox is enforcing images are from mozilla.net (or data URI), so updating .rst.
Attachment #8606049 -
Flags: review?(adw)
Attachment #8606049 -
Flags: feedback?(benjamin)
Updated•9 years ago
|
Attachment #8606049 -
Flags: review?(adw) → review+
Reporter | ||
Updated•9 years ago
|
Attachment #8606049 -
Flags: feedback?(benjamin) → feedback+
Comment 9•9 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/a93f59b2e222
Status: NEW → RESOLVED
Closed: 9 years ago
status-firefox41:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → Firefox 41
You need to log in
before you can comment on or make changes to this bug.
Description
•