Closed
Bug 1395820
Opened 7 years ago
Closed 6 years ago
Acitivity Stream doesn't work on about:Home (note capitalization - not about:home)
Categories
(Firefox :: New Tab Page, defect, P5)
Tracking
()
RESOLVED
WONTFIX
Tracking | Status | |
---|---|---|
firefox55 | --- | wontfix |
firefox56 | --- | wontfix |
firefox57 | --- | fix-optional |
firefox58 | --- | wontfix |
firefox59 | --- | wontfix |
People
(Reporter: philip10khor, Unassigned)
References
Details
User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0 Build ID: 20170831220208 Steps to reproduce: When I type in about:Home (by mistake, not about:home) into URL bar, I am prompted whether to allow the site to store data on my computer. I presume this should not happen as I am not prompted to do so when opening about:home Actual results: User is asked "Will you allow Home to store data on your computer? with options "Allow Storing Data" and "Don't allow" Expected results: This prompt should not pop up.
Updated•7 years ago
|
Component: Untriaged → General
Comment 1•7 years ago
|
||
Interesting. I can reproduce this, all the way to release. From a quick glance this could be related to the checks we're doing here: https://searchfox.org/mozilla-central/rev/f2a1911ad310bf8651f342d719e4f4ca0a7b9bfb/dom/quota/ActorsParent.cpp#5429 But I might be wrong. janv probably knows.
Status: UNCONFIRMED → NEW
status-firefox55:
--- → wontfix
status-firefox56:
--- → fix-optional
status-firefox57:
--- → affected
Ever confirmed: true
Flags: qe-verify+
Flags: needinfo?(jvarga)
Comment 2•7 years ago
|
||
(In reply to Johann Hofmann [:johannh] from comment #1) > Interesting. I can reproduce this, all the way to release. From a quick > glance this could be related to the checks we're doing here: > https://searchfox.org/mozilla-central/rev/ > f2a1911ad310bf8651f342d719e4f4ca0a7b9bfb/dom/quota/ActorsParent.cpp#5429 > > But I might be wrong. janv probably knows. You are right, but I would assume that about:Home or any other variant gets normalized to about:home before passed to quota manager, etc.
Updated•7 years ago
|
Summary: about:Home asks to store data on computer → about:Home (note capitalization - not about:home) asks to store data on computer
With the New Tab page in 57 onwards, about:Home does not ask for permissions, but Top Sites and Highlights do not show up. This happens on 57 (developer edition) and 58. I presume this bug should be closed then?
Comment 4•7 years ago
|
||
Hm, not sure. I'll leave that to the activity stream people.
status-firefox58:
--- → affected
Component: General → Activity Streams: Newtab
Flags: needinfo?(jvarga)
Summary: about:Home (note capitalization - not about:home) asks to store data on computer → Acitivity Stream doesn't work on about:Home (note capitalization - not about:home)
Comment 5•7 years ago
|
||
Looks like the page isn't getting messages. (No `addMessageListener` or `sendAsyncMessage`.) Probably because `RemotePageManager` does a case sensitive check `registeredURLs.has(url)`: https://searchfox.org/mozilla-central/source/toolkit/modules/RemotePageManager.jsm#546-549 It does do some fuzzy url matching with `window.document.documentURI.replace(/[\#|\?].*$/, "");` so making it case insensitive might be acceptable. A potential security issue if someone were expecting a case sensitive match for some reason… (although it would be limited to the non-domain portion of the URL as domains, e.g., https://LOCALHOST/foo == https://localhost/foo but https://localhost/FOO != https://localhost/foo) A related question of if we do support case insensitive matching, what do we report to listeners? The originally requested RemotePage url (about:home) or the actual current location (about:Home#foo) ?
Flags: needinfo?(dtownsend)
Updated•7 years ago
|
Comment 6•7 years ago
|
||
(In reply to Ed Lee :Mardak from comment #5) > Looks like the page isn't getting messages. (No `addMessageListener` or > `sendAsyncMessage`.) > > Probably because `RemotePageManager` does a case sensitive check > `registeredURLs.has(url)`: > https://searchfox.org/mozilla-central/source/toolkit/modules/ > RemotePageManager.jsm#546-549 > > It does do some fuzzy url matching with > `window.document.documentURI.replace(/[\#|\?].*$/, "");` so making it case > insensitive might be acceptable. A potential security issue if someone were > expecting a case sensitive match for some reason… (although it would be > limited to the non-domain portion of the URL as domains, e.g., > https://LOCALHOST/foo == https://localhost/foo but https://localhost/FOO != > https://localhost/foo) I guess it's reasonable to do case insensitive matching on the hostname. > A related question of if we do support case insensitive matching, what do we > report to listeners? The originally requested RemotePage url (about:home) or > the actual current location (about:Home#foo) ? I'd normalize the hostname to lower-case, that way the caller doesn't need to think about it.
Flags: needinfo?(dtownsend)
Comment 7•7 years ago
|
||
Ha ha. Meh. At least with `nsIURI`, "about:Home" `prePath` is "about:" while "https://LOCALHOST/foo"'s is "https://localhost" (because about URIs technically don't have `host`s.) If we're fixing this, I think it might make sense to just special case loaded about: urls as lower case as special logic is needed to handle about: vs http/s: protocols anyway instead of some common `nsIURI.*` usage.
Comment 8•7 years ago
|
||
How does nsIURI come into play here?
Comment 9•7 years ago
|
||
It's better security-wise if we aren't manually parsing urls and splitting them as slightly differing behaviors can lead to unexpected exploits. Although I suppose the code is already doing a regex match for # and ? to chop off the query and ref.
Updated•7 years ago
|
Updated•7 years ago
|
Priority: -- → P5
Comment 11•6 years ago
|
||
https://wiki.mozilla.org/Bug_Triage/Projects/Bug_Handling/Bug_Husbandry#Move_fix-optionals
status-firefox59:
--- → ?
Updated•6 years ago
|
Updated•6 years ago
|
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → INVALID
Comment 12•6 years ago
|
||
I can still reproduce this. Did you mean to set WONTFIX instead?
Status: RESOLVED → REOPENED
Flags: needinfo?(tspurway)
Resolution: INVALID → ---
Updated•6 years ago
|
Status: REOPENED → RESOLVED
Closed: 6 years ago → 6 years ago
Flags: needinfo?(tspurway)
Resolution: --- → WONTFIX
Assignee | ||
Updated•5 years ago
|
Component: Activity Streams: Newtab → New Tab Page
You need to log in
before you can comment on or make changes to this bug.
Description
•