allow http auth delegation callbacks based on environmental variable

RESOLVED FIXED

Status

()

bugzilla.mozilla.org
General
P1
normal
RESOLVED FIXED
a year ago
5 months ago

People

(Reporter: glob, Assigned: dylan)

Tracking

Production

Details

Attachments

(1 attachment)

(Reporter)

Description

a year ago
bug 1310747 blocks all non-https authentication delegation callback urls, which is problematic in non-https development environments.

please allow http callback urls to addresses in the private address ranges.


thanks!
(Assignee)

Updated

a year ago
Assignee: nobody → dylan
(Reporter)

Updated

a year ago
Summary: allow https auth delegation callbacks to private addresses → allow http auth delegation callbacks to private addresses
(Assignee)

Comment 1

6 months ago
We can allow http:// BUGZILLA_UNSAFE_AUTH_DELEGATION is set.

Allowing link-local addresses has security implications, so I'd rather just make this something that can work in a dev env.
Summary: allow http auth delegation callbacks to private addresses → allow http auth delegation callbacks based on environmental variable
(Assignee)

Updated

6 months ago
Priority: -- → P1
(Assignee)

Comment 2

6 months ago
Created attachment 8862901 [details] [diff] [review]
1312735_1.patch
Attachment #8862901 - Flags: review?(dkl)

Comment 3

6 months ago
Comment on attachment 8862901 [details] [diff] [review]
1312735_1.patch

Review of attachment 8862901 [details] [diff] [review]:
-----------------------------------------------------------------

r=dkl
Attachment #8862901 - Flags: review?(dkl) → review+
(Assignee)

Comment 4

6 months ago
To git@github.com:mozilla-bteam/bmo.git
   dd4b912..e6423e2  master -> master
Status: NEW → RESOLVED
Last Resolved: 6 months ago
Resolution: --- → FIXED
(Assignee)

Updated

5 months ago
Duplicate of this bug: 1311165
You need to log in before you can comment on or make changes to this bug.