Closed Bug 1346072 Opened 7 years ago Closed 6 years ago

Remove accounts.firefox.com from the whitelist of domains allowed to send objects over webchannels.

Categories

(Firefox :: Firefox Accounts, enhancement, P3)

enhancement

Tracking

()

RESOLVED FIXED
Firefox 59
Tracking Status
firefox59 --- fixed

People

(Reporter: markh, Assigned: leakey94, Mentored)

References

(Blocks 1 open bug)

Details

Attachments

(1 file)

In bug 1275616, Firefox accounts no longer sends objects over web channels. This means we can remove this server from the whitelist maintained in Firefox for servers allowed to send objects.

I believe the work here is:

* change the |webchannel.allowObject.urlWhitelist| preference's default value to no longer include accounts.firefox.com

* change services/fxaccounts/FxAccountsConfig.jsm to no longer attempt to maintain that preference value.

* test that all browser interaction with that domain continues to work correctly.

This might well be a "good second bug", so adding myself as mentor (but not marking as good-first-bug, as that's probably a stretch).
Blocks: 1275612
Priority: -- → P3
Product: Core → Firefox
Hi Mark! I'd like to take this bug on. Looking at FxAccountsConfig.jsm I'm unsure what changes are required, any tips?
Flags: needinfo?(markh)
Thanks Mark! I've made the changes to the code, can you tell me more about the required tests (I'm unfamiliar with the try server)?
Flags: needinfo?(markh)
Thanks for contributing!

If you put a patch up following the instructions at https://developer.mozilla.org/en-US/docs/Mozilla/Developer_guide/How_to_Submit_a_Patch, I'm happy to help running it though the try server. If you are able to push it via mozreview, then it will be trivial and you can probably do it yourself, but even if you just attach a patch directly to bugzilla I'll help with the next steps.

Thanks!
Assignee: nobody → leakey94
Flags: needinfo?(markh)
Comment on attachment 8931777 [details]
Bug 1346072 - Remove accounts.firefox.com from the whitelist of domains allowed to send objects over webchannels.

https://reviewboard.mozilla.org/r/202906/#review208374

Looks great, thanks! Can you please fixup the trivial whitespace issue and push a new version, then I'll r+ and land it (assuming the try push looks good)

::: services/fxaccounts/FxAccountsConfig.jsm:70
(Diff revision 1)
>      // will have initialized, which will leave them pointing at production.
>      for (let pref of CONFIG_PREFS) {
>        Services.prefs.clearUserPref(pref);
>      }
>      // Reset the webchannel.
> -    EnsureFxAccountsWebChannel();
> +    EnsureFxAccountsWebChannel();  

it looks like you accidentally introduced whitespace at the end of this line.
Comment on attachment 8931777 [details]
Bug 1346072 - Remove accounts.firefox.com from the whitelist of domains allowed to send objects over webchannels.

https://reviewboard.mozilla.org/r/202906/#review208468

Awesome, thanks!
Attachment #8931777 - Flags: review?(markh) → review+
Pushed by mhammond@skippinet.com.au:
https://hg.mozilla.org/integration/autoland/rev/db88252d490f
Remove accounts.firefox.com from the whitelist of domains allowed to send objects over webchannels. r=markh
https://hg.mozilla.org/mozilla-central/rev/db88252d490f
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
Target Milestone: --- → Firefox 59
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: