Open
Bug 1450865
Opened 7 years ago
Updated 2 years ago
Sign snippet content and verify in the browser prior to loading
Categories
(Firefox :: Messaging System, enhancement, P3)
Firefox
Messaging System
Tracking
()
NEW
People
(Reporter: pauljt, Unassigned)
References
(Blocks 2 open bugs)
Details
This is a follow-up from https://bugzilla.mozilla.org/show_bug.cgi?id=1430980#c6
I have a vague memory of discussing snippet signing in the past, but I can't recall the outcome. Given the current re-architecture work, now might be a good time to consider signing snippet content, in the same way that we sign SHIELD recipes.
|
Reporter | |
Comment 1•7 years ago
|
||
Julien, have you ever looked at snippets, and do you know if signing has been discussed? If not, can you provide some insight into what work would be need on the signing side?
Flags: needinfo?(jvehent)
|
||
Comment 2•7 years ago
|
||
See also bug 1437671, which is about signing of top sites.
See Also: → 1437671
|
||
Comment 3•7 years ago
|
||
As Freddy mentioned, we discussed this with Nan in the context of Tippytop and activity stream in general. This will require changes to both the code in Firefox (to verify signatures) and to the backend Snippets service to request signatures from Autograph.
Flags: needinfo?(jvehent)
|
||
Updated•7 years ago
|
|
||
Updated•6 years ago
|
Severity: normal → enhancement
|
||
Updated•5 years ago
|
Component: Activity Streams: Newtab → Messaging System
|
||
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•