Closed Bug 1157810 Opened 6 years ago Closed 6 years ago

Enforce that tile images are loaded from


(Firefox :: New Tab Page, defect)

Not set



Firefox 41
41.1 - May 25
Tracking Status
firefox41 --- fixed


(Reporter: benjamin, Assigned: Mardak)



(Whiteboard: .?)


(1 file)

During doc review in bug 1156876, we noted that tile image URLs are from Mozilla servers, but this is not enforced in the code. We should enforce that these are always from or so that we don't accidentally leak information to other servers about a user's behavior.
Points: --- → 3
Whiteboard: .?
When testing in stage we use the * domain. If we start enforcing that one should be white listed as well.
mostlygeek, do we expect to be on for the foreseeable future? When we initially launched, the images were hosted so it happened to be nice we didn't need to change Firefox code to support switching to
Yes, we should be at the domain for a long time. If we were to change we'll do it with a new subdomain, ie:
erg... that is if we were to change CDN providers.
Blocks: 1158230
mostlygeek, I noticed when testing in stage, it resulted in urls from instead of Is it just a configuration change somewhere to make the images be mozaws instead of amazonaws?

Alternatively, we could tie the check to a pref: a boolean for check or not or a string for allowed domains defaulting to but can be overridden to or anything else.
My bad. Yes, in stage it actually comes from S3 directly and not from a domain.
Assignee: nobody → edilee
Iteration: --- → 41.1 - May 25
Component: Tiles → New Tab Page
Product: Content Services → Firefox
Summary: Enforce that tile images are loaded from or → Enforce that tile images are loaded from
Attached patch v1Splinter Review
f? per

There's no additional data being collected. Firefox is enforcing images are from (or data URI), so updating .rst.
Attachment #8606049 - Flags: review?(adw)
Attachment #8606049 - Flags: feedback?(benjamin)
Attachment #8606049 - Flags: review?(adw) → review+
Attachment #8606049 - Flags: feedback?(benjamin) → feedback+
Closed: 6 years ago
Resolution: --- → FIXED
Target Milestone: --- → Firefox 41
You need to log in before you can comment on or make changes to this bug.