Closed Bug 1346072 Opened 8 years ago Closed 7 years ago

Remove accounts.firefox.com from the whitelist of domains allowed to send objects over webchannels.

Categories

(Firefox :: Firefox Accounts, enhancement, P3)

Product:
Firefox
Component:
Firefox Accounts
Type:
enhancement

Tracking

()

Status:
RESOLVED FIXED
Milestone:
Firefox 59
Tracking Flags:
Tracking Status
firefox59 --- fixed

People

(Reporter: markh, Assigned: leakey94, Mentored)

References

Details

Attachments

(1 file)

Bug 1346072 - Remove accounts.firefox.com from the whitelist of domains allowed to send objects over webchannels.
59 bytes, text/x-review-board-request
markh
: review+
Details
In bug 1275616, Firefox accounts no longer sends objects over web channels. This means we can remove this server from the whitelist maintained in Firefox for servers allowed to send objects. I believe the work here is: * change the |webchannel.allowObject.urlWhitelist| preference's default value to no longer include accounts.firefox.com * change services/fxaccounts/FxAccountsConfig.jsm to no longer attempt to maintain that preference value. * test that all browser interaction with that domain continues to work correctly. This might well be a "good second bug", so adding myself as mentor (but not marking as good-first-bug, as that's probably a stretch).
Blocks: 1275612
Priority: -- → P3
Product: Core → Firefox
Hi Mark! I'd like to take this bug on. Looking at FxAccountsConfig.jsm I'm unsure what changes are required, any tips?
Flags: needinfo?(markh)
Thanks Mark! I've made the changes to the code, can you tell me more about the required tests (I'm unfamiliar with the try server)?
Flags: needinfo?(markh)
Thanks for contributing! If you put a patch up following the instructions at https://developer.mozilla.org/en-US/docs/Mozilla/Developer_guide/How_to_Submit_a_Patch, I'm happy to help running it though the try server. If you are able to push it via mozreview, then it will be trivial and you can probably do it yourself, but even if you just attach a patch directly to bugzilla I'll help with the next steps. Thanks!
Assignee: nobody → leakey94
Flags: needinfo?(markh)
Comment on attachment 8931777 [details] Bug 1346072 - Remove accounts.firefox.com from the whitelist of domains allowed to send objects over webchannels. https://reviewboard.mozilla.org/r/202906/#review208374 Looks great, thanks! Can you please fixup the trivial whitespace issue and push a new version, then I'll r+ and land it (assuming the try push looks good) ::: services/fxaccounts/FxAccountsConfig.jsm:70 (Diff revision 1) > // will have initialized, which will leave them pointing at production. > for (let pref of CONFIG_PREFS) { > Services.prefs.clearUserPref(pref); > } > // Reset the webchannel. > - EnsureFxAccountsWebChannel(); > + EnsureFxAccountsWebChannel(); it looks like you accidentally introduced whitespace at the end of this line.
Comment on attachment 8931777 [details] Bug 1346072 - Remove accounts.firefox.com from the whitelist of domains allowed to send objects over webchannels. https://reviewboard.mozilla.org/r/202906/#review208468 Awesome, thanks!
Attachment #8931777 - Flags: review?(markh) → review+
Pushed by mhammond@skippinet.com.au: https://hg.mozilla.org/integration/autoland/rev/db88252d490f Remove accounts.firefox.com from the whitelist of domains allowed to send objects over webchannels. r=markh
https://hg.mozilla.org/mozilla-central/rev/db88252d490f
Status: NEW → RESOLVED
Closed: 7 years ago
status-firefox59: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → Firefox 59
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: