Closed Bug 1218998 (newtab-web-apis) Opened 9 years ago Closed 9 years ago

[Meta] Replace message communication to remote newtab by API's

Categories

(Firefox :: New Tab Page, defect)

Product:
Firefox
Component:
New Tab Page
Version:
40 Branch
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WONTFIX
Iteration:
44.3 - Nov 2

People

(Reporter: oyiptong, Unassigned)

References

Details

Messages will be replaced by Web API's. These API's will allow us to decrease the amount of code used to prepare and send messages. This also reduces our security surface. We need to ensure that the Web API's are only injected for specific hostnames: localhost and newtab.cdn.mozilla.net
Dan, does putting localhost in the whitelist for the web API present a big risk? The data exposed will be the top 100 frecent sites for the profile. The API will also enable the ability to generate screenshots for urls and allow writes to 2 boolean prefs to be flipped (2 states of enablement for the newtab page) and 1 list of pinned links. We want to put localhost on a whitelist for development and test automation purposes If this proves to be too sensitive, we can keep sending messages.
Flags: needinfo?(dveditz)
Marc, perhaps we can enable localhost conditionally, under a pref? Would that work?
Flags: needinfo?(mschifer)
using prefs is fine from a test perspective, but any pref I can set via a test, could also be set via an add-on
Flags: needinfo?(mschifer)
I suppose if you can set that pref, you have enough privileges to do all the web API's offer. However, if we don't hide the API behind a pref, pages that run on localhost would have more privileges than they did before.
I don't mind localhost behind a pref, but unhappy exposing it by default. I'm not worried about add-ons flipping the pref to re-expose it because a malicious add-on can do a lot worse.
Flags: needinfo?(dveditz)
Bobby, I saw your recommendations for RemotePageManager from bug 1221728. What are your thoughts for an API to return promises?
Flags: needinfo?(bobbyholley)
Given we are taking on this bug now, let's also remove the code that won't be used anymore by messaging. This includes: * RemoteNewTabUtils.jsm * Messages in RemoteAboutNewTab.jsm and perhaps more.
(In reply to Olivier Yiptong [:oyiptong] from comment #6) > Bobby, I saw your recommendations for RemotePageManager from bug 1221728. > > What are your thoughts for an API to return promises? If it's implemented with WebIDL, it should be fine. Boris has been doing a lot of work to improve promise support with WebIDL. Boris, do you have any specific suggestions of caveat for the about:newtab team? They want to expose special APIs to CDN content implementing about:newtab.
Flags: needinfo?(bobbyholley) → needinfo?(bzbarsky)
Shouldn't be a problem. Just make sure Promise.jsm doesn't get involved in web content.
Flags: needinfo?(bzbarsky)
(In reply to Boris Zbarsky [:bz] from comment #10) > Shouldn't be a problem. Just make sure Promise.jsm doesn't get involved in > web content. Argh, Promise.jsm is evil. Hope we can kill that soon.
Alias: newtab-web-apis
Summary: Replace message communication to remote newtab by API's → [Meta] Replace message communication to remote newtab by API's
Seems that the remote about:newtab project is going to use WebChannel.jsm instead.
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.