Closed Bug 1416967 Opened 2 years ago Closed 2 years ago

Support payment request development over file: with CSP and a debugging console

Categories

(Firefox :: WebPayments UI, enhancement, P1)

enhancement

Tracking

()

RESOLVED FIXED
Firefox 59
Tracking Status
firefox59 --- fixed

People

(Reporter: MattN, Assigned: MattN)

Details

Attachments

(1 file)

* Switch to relative URLs for the unprivileged dialog content so that development can be done on a local server or over file://…
* Add a default CSP rule as defense-in-depth against XSS
* Add a debugging console to make it easier to refresh dialog contents when loaded in the browser chrome. This will also be useful to dump/manipulate the dialog state more easily like in https://reviewboard.mozilla.org/r/196014/diff/4#file5723916
Comment on attachment 8928062 [details]
Bug 1416967 - Support payment request development over file: with CSP and a debugging console.

https://reviewboard.mozilla.org/r/199294/#review205098

::: toolkit/components/payments/.eslintrc.js:1
(Diff revision 1)
>  "use strict";
>  
>  module.exports = {
>    rules: {

This should just be using /tools/lint/eslint/eslint-plugin-mozilla/lib/configs/recommended.js instead of defining its own .eslintrc.js.

::: toolkit/components/payments/docs/index.rst:17
(Diff revision 1)
>  Debugging
>  =========
>  
>  Set the pref ``dom.payments.loglevel`` to "Debug".
>  
> -To open a debugger in the context of the remote payment frame, run the following while the dialog is the most recent window:
> +To open a debugger in the context of the remote payment frame, run the following while the dialog is the most recent window::

This extra colon doesn't seem necessary.

::: toolkit/components/payments/res/paymentRequest.css:9
(Diff revision 1)
>  
>  html {
>    background: -moz-dialog;
>  }
>  
> +#debugging-console {

We ought to have something on file to make sure we clean up the debugging bits before this ships.
Attachment #8928062 - Flags: review?(jaws) → review+
Comment on attachment 8928062 [details]
Bug 1416967 - Support payment request development over file: with CSP and a debugging console.

https://reviewboard.mozilla.org/r/199294/#review205098

> This should just be using /tools/lint/eslint/eslint-plugin-mozilla/lib/configs/recommended.js instead of defining its own .eslintrc.js.

Sure, but that's an existing issue so I'll file a follow-up for that. It's not as easy as just deleting everything since it should be the recommended rules plus some stricter things that aren't yet in recommended but our team already follows.

> This extra colon doesn't seem necessary.

Are you sure? I added it to get proper block formatting for rst

http://docutils.sourceforge.net/docs/ref/rst/restructuredtext.html#literal-blocks

> We ought to have something on file to make sure we clean up the debugging bits before this ships.

I'm not sure it's that bad for it to ship, possibly even good… it will be very useful for bug reports with the features that I plan to add and can be seen in attachment 8924777 [details].
Comment on attachment 8928062 [details]
Bug 1416967 - Support payment request development over file: with CSP and a debugging console.

https://reviewboard.mozilla.org/r/199294/#review205098

> Sure, but that's an existing issue so I'll file a follow-up for that. It's not as easy as just deleting everything since it should be the recommended rules plus some stricter things that aren't yet in recommended but our team already follows.

Filed bug 1417698
Pushed by mozilla@noorenberghe.ca:
https://hg.mozilla.org/integration/autoland/rev/882aabb22057
Support payment request development over file: with CSP and a debugging console. r=jaws
https://hg.mozilla.org/mozilla-central/rev/882aabb22057
Status: ASSIGNED → RESOLVED
Closed: 2 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla59
Product: Toolkit → Firefox
Target Milestone: mozilla59 → Firefox 59
You need to log in before you can comment on or make changes to this bug.