Closed Bug 1267493 Opened 4 years ago Closed 4 years ago

Remove `nsIContentSecurityManager.isURIPotentiallyTrustworthy` usage from Push

Categories

(Core :: DOM: Push Notifications, defect)

defect
Not set

Tracking

()

RESOLVED FIXED
mozilla49
Tracking Status
firefox49 --- fixed

People

(Reporter: Lina, Assigned: Lina)

References

Details

(Whiteboard: btpp-active)

Attachments

(1 file)

:jwatt is currently converting nsIContentSecurityManager.isURIPotentiallyTrustworthy to take an nsIPrincipal instead of a URI. This won't work with Push, but I don't think it really needs this check.

Instead, we can require "wss" and "https" by default (as before), and add a `dom.push.testing.allowInsecureServer` pref that can be overridden for testing. As a bonus, this would make it easier to test with custom Push servers that aren't running on localhost.
Blocks: 1267509
Attachment #8745177 - Flags: review?(dd.mozilla)
Status: NEW → ASSIGNED
Whiteboard: btpp-active
Comment on attachment 8745177 [details] [diff] [review]
noContentSecurityMgr.patch

Review of attachment 8745177 [details] [diff] [review]:
-----------------------------------------------------------------

::: dom/push/PushServiceAndroidGCM.jsm
@@ +75,1 @@
>        // Accept HTTP endpoints when debugging.

please change the comment.
Attachment #8745177 - Flags: review?(dd.mozilla) → review+
https://hg.mozilla.org/mozilla-central/rev/4f401a7aee98
Status: ASSIGNED → RESOLVED
Closed: 4 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla48
Target Milestone: mozilla48 → mozilla49
You need to log in before you can comment on or make changes to this bug.