Closed Bug 1445106 Opened 7 years ago Closed 7 years ago

Prevent feed reader from being framed

Categories

(Firefox Graveyard :: RSS Discovery and Preview, enhancement, P3)

Product:
Firefox Graveyard
Component:
RSS Discovery and Preview
Type:
enhancement

Tracking

(firefox61 fixed)

Status:
RESOLVED FIXED
Milestone:
Firefox 61
Tracking Flags:
Tracking Status
firefox61 --- fixed

People

(Reporter: pauljt, Assigned: Gijs)

References

Details

Attachments

(1 file)

Bug 1445106 - don't try to have a feed reader in a frame,
59 bytes, text/x-review-board-request
mak
: review+
Details
We show a custom page (about:feeds) when encountering RSS feed, so the user is presented with something nicer than raw XML. While this looks like web content, it isn't and it probably should be able to be framed, since there is some browser UI there. While the UI in the page isn't security sensitive (all decisions are handled in the parent, usually via pop-up subscription confirmations etc) websites probably shouldn't' frame these pages as this might confuse users. Should be simple fix to prevent framing, so filing this bug to enforce this.
A discussion is ongoing regarding the future of this component, I'm setting P3 because it's something that ideally should be fixed by the frontend team, but hopefully it will become a non-issue soon.
Priority: -- → P3
(In reply to Marco Bonardo [::mak] from comment #1) > A discussion is ongoing regarding the future of this component, I'm setting > P3 because it's something that ideally should be fixed by the frontend team, > but hopefully it will become a non-issue soon. FWIW, I think we should probably still do this for 60, because the removal definitely won't happen for then. I'll take this.
Assignee: nobody → gijskruitbosch+bugs
Status: NEW → ASSIGNED
Sounds good, I'm available to review your patch.
Doing it in 3 different places is probably a bit over the top, but better safe than sorry...
Comment on attachment 8958929 [details] Bug 1445106 - don't try to have a feed reader in a frame, https://reviewboard.mozilla.org/r/227792/#review233824 I assume you tested the expected basic functionality works properly
Attachment #8958929 - Flags: review?(mak77) → review+
Realized that a bunch of tests break now because they frame the rss reader (because that's what mochitest do with everything). Added a pref to fix. https://treeherder.mozilla.org/#/jobs?repo=try&revision=8e7c237081dd34d216e28c4d8bf5f70fb8b8f546 Hopefully this is green. Marco, if you want to have another look you can. :-) (I didn't change the feed sniffing thing to read a pref... in my local testing that wasn't necessary, but let's see what automation says...)
Flags: needinfo?(mak77)
The try still looks broken?
Flags: needinfo?(mak77)
(In reply to Marco Bonardo [::mak] from comment #9) > The try still looks broken? Ugh, I think I forgot to rebuild the native part, which is why I thought this should pass. I guess that needs a pref check, too. :-(
Flags: needinfo?(gijskruitbosch+bugs)
https://treeherder.mozilla.org/#/jobs?repo=try&revision=bc1cca9da0afec48daef3b343c1075c14ae863b6&selectedJob=169296266 looks better. Marco, can you doublecheck the changes look OK to you?
Flags: needinfo?(gijskruitbosch+bugs) → needinfo?(mak77)
it looks ok, and thank you for moving around the tests.
Flags: needinfo?(mak77)
Pushed by gijskruitbosch@gmail.com: https://hg.mozilla.org/integration/autoland/rev/a10873c09672 don't try to have a feed reader in a frame, r=mak
https://hg.mozilla.org/mozilla-central/rev/a10873c09672
Status: ASSIGNED → RESOLVED
Closed: 7 years ago
status-firefox61: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → Firefox 61
Product: Firefox → Firefox Graveyard
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: