Remove accounts.firefox.com from the whitelist of domains allowed to send objects over webchannels.

RESOLVED FIXED in Firefox 59

Status

()

P3
normal
RESOLVED FIXED
2 years ago
a year ago

People

(Reporter: markh, Assigned: leakey94, Mentored)

Tracking

(Blocks: 1 bug)

unspecified
Firefox 59
Points:
---

Firefox Tracking Flags

(firefox59 fixed)

Details

Attachments

(1 attachment)

(Reporter)

Description

2 years ago
In bug 1275616, Firefox accounts no longer sends objects over web channels. This means we can remove this server from the whitelist maintained in Firefox for servers allowed to send objects.

I believe the work here is:

* change the |webchannel.allowObject.urlWhitelist| preference's default value to no longer include accounts.firefox.com

* change services/fxaccounts/FxAccountsConfig.jsm to no longer attempt to maintain that preference value.

* test that all browser interaction with that domain continues to work correctly.

This might well be a "good second bug", so adding myself as mentor (but not marking as good-first-bug, as that's probably a stretch).
(Reporter)

Updated

2 years ago
Blocks: 1275612
Priority: -- → P3

Updated

a year ago
Product: Core → Firefox
(Assignee)

Comment 1

a year ago
Hi Mark! I'd like to take this bug on. Looking at FxAccountsConfig.jsm I'm unsure what changes are required, any tips?
Flags: needinfo?(markh)
(Assignee)

Comment 3

a year ago
Thanks Mark! I've made the changes to the code, can you tell me more about the required tests (I'm unfamiliar with the try server)?
Flags: needinfo?(markh)
(Reporter)

Comment 4

a year ago
Thanks for contributing!

If you put a patch up following the instructions at https://developer.mozilla.org/en-US/docs/Mozilla/Developer_guide/How_to_Submit_a_Patch, I'm happy to help running it though the try server. If you are able to push it via mozreview, then it will be trivial and you can probably do it yourself, but even if you just attach a patch directly to bugzilla I'll help with the next steps.

Thanks!
Assignee: nobody → leakey94
Flags: needinfo?(markh)
Comment hidden (mozreview-request)
(Reporter)

Comment 6

a year ago
mozreview-review
Comment on attachment 8931777 [details]
Bug 1346072 - Remove accounts.firefox.com from the whitelist of domains allowed to send objects over webchannels.

https://reviewboard.mozilla.org/r/202906/#review208374

Looks great, thanks! Can you please fixup the trivial whitespace issue and push a new version, then I'll r+ and land it (assuming the try push looks good)

::: services/fxaccounts/FxAccountsConfig.jsm:70
(Diff revision 1)
>      // will have initialized, which will leave them pointing at production.
>      for (let pref of CONFIG_PREFS) {
>        Services.prefs.clearUserPref(pref);
>      }
>      // Reset the webchannel.
> -    EnsureFxAccountsWebChannel();
> +    EnsureFxAccountsWebChannel();  

it looks like you accidentally introduced whitespace at the end of this line.
Comment hidden (mozreview-request)
(Reporter)

Comment 8

a year ago
mozreview-review
Comment on attachment 8931777 [details]
Bug 1346072 - Remove accounts.firefox.com from the whitelist of domains allowed to send objects over webchannels.

https://reviewboard.mozilla.org/r/202906/#review208468

Awesome, thanks!
Attachment #8931777 - Flags: review?(markh) → review+

Comment 9

a year ago
Pushed by mhammond@skippinet.com.au:
https://hg.mozilla.org/integration/autoland/rev/db88252d490f
Remove accounts.firefox.com from the whitelist of domains allowed to send objects over webchannels. r=markh

Comment 10

a year ago
bugherder
https://hg.mozilla.org/mozilla-central/rev/db88252d490f
Status: NEW → RESOLVED
Last Resolved: a year ago
status-firefox59: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → Firefox 59
You need to log in before you can comment on or make changes to this bug.