Closed
Bug 1460506
Opened 7 years ago
Closed 7 years ago
registerProtocolHandler require SecureContext in stable
Categories
(Core :: DOM: Security, enhancement, P2)
Tracking
()
RESOLVED
FIXED
mozilla62
Tracking | Status | |
---|---|---|
firefox62 | --- | fixed |
People
(Reporter: jkt, Assigned: jkt)
References
Details
(Keywords: dev-doc-complete, site-compat, Whiteboard: [domsecurity-active])
Attachments
(1 file)
Add restriction to stable releases as outlined in the intent to unship (https://groups.google.com/forum/#!topic/mozilla.dev.platform/zzBWOPMPPs0/discussion) 62 was the timeline.
Comment hidden (mozreview-request) |
Assignee | ||
Updated•7 years ago
|
Keywords: site-compat
Comment 2•7 years ago
|
||
mozreview-review |
Comment on attachment 8974617 [details]
Bug 1460506 - Restrict registerProtocolHandler over insecure connections in stable releases.
https://reviewboard.mozilla.org/r/242990/#review249302
Attachment #8974617 -
Flags: review?(dao+bmo) → review+
Updated•7 years ago
|
Status: NEW → ASSIGNED
Priority: -- → P2
Whiteboard: [domsecurity-active]
Pushed by jkingston@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/7ff220eb5453
Restrict registerProtocolHandler over insecure connections in stable releases. r=dao
Comment 4•7 years ago
|
||
Posted the site compatibility note: https://www.fxsitecompat.com/en-CA/docs/2018/navigator-registerprotocolhandler-can-no-longer-be-used-on-insecure-sites/
Comment 5•7 years ago
|
||
bugherder |
Status: ASSIGNED → RESOLVED
Closed: 7 years ago
status-firefox62:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla62
Comment 6•7 years ago
|
||
(In reply to Kohei Yoshino [:kohei] from comment #4)
> Posted the site compatibility note:
> https://www.fxsitecompat.com/en-CA/docs/2018/navigator-
> registerprotocolhandler-can-no-longer-be-used-on-insecure-sites/
I don't think the presentation here is appropriate. While it's technically correct that this patch means it can no longer be used on non-HTTPS sites, the patch from bug 1460481 means it can't be used on HTTPS sites either, as described in your other site compatibility note (https://www.fxsitecompat.com/en-CA/docs/2018/navigator-registercontenthandler-has-been-removed/).
It might be better to merge the notes together, describing which pref change controls what restriction, or just drop this note entirely as superfluous to the other.
Comment 7•7 years ago
|
||
I guess you are confusing registerProtocolHandler with registerContentHandler :)
Comment 8•7 years ago
|
||
Oh, you're absolutely right, I just saw registerFooHandler and assumed. My apologies!
Updated•7 years ago
|
Keywords: dev-doc-needed
Comment 9•7 years ago
|
||
Updated https://developer.mozilla.org/en-US/docs/Web/API/Navigator/registerProtocolHandler a bit to note generally the kinds of security restrictions that may occur, and submitted PR #2440 to note that Firefox started requiring a secure context in 62.
Also added a mention to Firefox 62 for developers.
Keywords: dev-doc-needed → dev-doc-complete
You need to log in
before you can comment on or make changes to this bug.
Description
•