Open
Bug 1328036
Opened 8 years ago
Updated 2 years ago
Firefox doesn't allow installing extension by direct url. It doesn't explain why (and what should I do to install)
Categories
(Toolkit :: Add-ons Manager, defect, P5)
Toolkit
Add-ons Manager
Tracking
()
REOPENED
People
(Reporter: arni2033, Unassigned)
Details
(Whiteboard: triaged)
>>> My Info: Win7_64, Nightly 49, 32bit, ID 20160526082509
STR_1:
0. In about:config set pref "xpinstall.signatures.required" to false
1. Copy "https://addons.mozilla.org/firefox/downloads/file/231602/user_agent_overrider-0.2.2b1-fx.xpi"
2. Open new tab
3. Paste url from Step 1 to urlbar, press Enter
AR:
Firefox doesn't allow me to install the extension. In Step 3 it shows me tooltip
"Nightly prevented this site from asking you to install software on your computer."
ER: Either X or Y or Z
X) Firefox should show a normal tooltip with buttons "Cancel" and "Install", like it did before
Y) Tooltip should tell exactly why installation FROM TRUSTED SITE failed and how do I install
Z) Browser should just (suggest to) download the file since it can't do anything with it
Component: Untriaged → Add-ons Manager
Product: Firefox → Toolkit
|
||
Comment 1•8 years ago
|
||
User Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:53.0) Gecko/20100101 Firefox/53.0
Build ID 20170102030204
I was able to reproduce this issue on the latest Nightly (53.0a1) and Dev Edition (52.0a2).
However, I haven't been able to find a single Firefox build where this issue is NOT reproducible, as such it is not a regression.
Side note: dragging an .xpi file inside a browser window works as expected. The doorhanger appears and I can install the add-on just fine.
Keywords: regression,
regressionwindow-wanted
|
||
Comment 2•8 years ago
|
||
The specific reason this install fails is that the requesting principal at http://searchfox.org/mozilla-central/rev/22be34bcc4d5c56b62482a537bba77a6cdce117b/toolkit/mozapps/extensions/amContentHandler.js#49 is the null principal. Since the browser is at about:home, this ends up looking like a cross-origin install request here:
http://searchfox.org/mozilla-central/rev/22be34bcc4d5c56b62482a537bba77a6cdce117b/toolkit/mozapps/extensions/AddonManager.jsm#2126
Dave, any thought about whether this scenario should be changed and if so, how?
|
||
Comment 3•8 years ago
|
||
adding needinfo to Dave for Comment 2.
depending on Dave's response, this may need to go to Markus for UX needed (NI for shell to watch and request if needed)
Flags: needinfo?(sescalante)
Flags: needinfo?(dtownsend)
|
||
Comment 4•8 years ago
|
||
Right, we broke this case when we fixed bug 1042699 because we don't have a way to tell the difference between certain cross-origin attacks and direct entry in the url bar. See also bug 1202271. I think it would be nice to fix but it is difficult to do so safely.
Flags: needinfo?(dtownsend)
|
|
||
Comment 5•8 years ago
|
||
we'd like to put a good message - but it's very edge to get to and identify when it's been hit. For now we are P5 unless it comes up as a higher priority issue after we are all done with all Permissions notification changes.
Flags: needinfo?(sescalante)
Priority: -- → P5
Whiteboard: triaged
|
||
Comment 6•7 years ago
|
||
Per policy at https://wiki.mozilla.org/Bug_Triage/Projects/Bug_Handling/Bug_Husbandry#Inactive_Bugs. If this bug is not an enhancement request or a bug not present in a supported release of Firefox, then it may be reopened.
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → INACTIVE
|
||
Updated•7 years ago
|
Status: RESOLVED → REOPENED
Resolution: INACTIVE → ---
|
|
||
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•