Allow Save-as links to FTP files on HTTP pages.

VERIFIED FIXED in Firefox 61

Status

()

P1
normal
VERIFIED FIXED
9 months ago
9 months ago

People

(Reporter: evilpie, Assigned: evilpie)

Tracking

({regression})

unspecified
mozilla62
regression
Points:
---

Firefox Tracking Flags

(firefox61+ verified, firefox62 verified, firefox63 verified)

Details

(Whiteboard: [domsecurity-active])

Attachments

(3 attachments)

(Assignee)

Updated

9 months ago
Attachment #8986918 - Flags: review?(ckerschb)
Comment on attachment 8986918 [details] [diff] [review]
Allow save-as download of FTP files on HTTP pages. r?

Review of attachment 8986918 [details] [diff] [review]:
-----------------------------------------------------------------

Thanks, r=me

::: dom/security/nsContentSecurityManager.cpp
@@ +182,5 @@
>  
> +  // Allow save-as download of FTP files on HTTP pages.
> +  if (type == nsIContentPolicy::TYPE_SAVEAS_DOWNLOAD) {
> +    return NS_OK;
> +  }

Maybe bundle that check with the TYPE_DOC check, something like:

// Allow top-level FTP documents and
// save-as download of FTP files on HTTP pages.
if (type == nsIContentPolicy::TYPE_DOCUMENT ||
    type == nsIContentPolicy::TYPE_SAVEAS_DOWNLOAD) {
  return NS_OK;
}
Attachment #8986918 - Flags: review?(ckerschb) → review+
Status: NEW → ASSIGNED
Priority: -- → P1
Whiteboard: [domsecurity-active]

Comment 3

9 months ago
Pushed by evilpies@gmail.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/54b5db87eb7e
Allow save-as download of FTP files on HTTP pages. r=ckerschb

Comment 4

9 months ago
bugherder
https://hg.mozilla.org/mozilla-central/rev/54b5db87eb7e
Status: ASSIGNED → RESOLVED
Last Resolved: 9 months ago
status-firefox62: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla62
(Assignee)

Comment 5

9 months ago
Approval Request Comment
[Feature/Bug causing the regression]: bug bug 1404744
[User impact if declined]: From an HTML page, right clicking on a FTP link 'Save Link as' doesn't work
[Is this code covered by automated tests?]: No
[Has the fix been verified in Nightly?]: Yes
[Needs manual test from QE? If yes, steps to reproduce]: 1) Create HTML page with a link to an FTP file
2) Right click link and click 'Save Link As...'
3) File should download
[List of other uplifts needed for the feature/fix]: None
[Is the change risky?]: No
[Why is the change risky/not risky?]: Allows some limited old behavior
[String changes made/needed]: None
Attachment #8987341 - Flags: approval-mozilla-release?
Keywords: regression
I could not reproduce the issue using an HTML page with an FTP link created by me or using the link provided in bug 1469536 comment 19 with Nightly 62.0a1 (2018-06-21) or using the latest Nightly 62.0a1(2018-06-26).

Xu Zhen, could you please confirm the fix on the latest Nightly?
Flags: needinfo?(xuzhen)

Comment 7

9 months ago
Tested with 62.0b3 and 63.0a1(209180627), the save-as function was working.
And I found another regression: visiting undisplayable file on FTP server makes Firefox hang.
Click ftp://ftp.mirror.nl/pub/Museum/atari/files/stnet110.tos , Firefox 62b/63a will hang and consume 100% CPU. Haven't tested with 61.
Flags: needinfo?(xuzhen)
Based on comment 7 I'm marking this bug as Verified fixed.

Xu Zhen, thanks for the report, I can confirm the issue described in comment 7 and I will file another bug for this.
Status: RESOLVED → VERIFIED
status-firefox62: fixed → verified
status-firefox63: --- → verified
(Assignee)

Comment 9

9 months ago
(In reply to roxana.leitan@softvision.ro from comment #8)
> Based on comment 7 I'm marking this bug as Verified fixed.
> 
> Xu Zhen, thanks for the report, I can confirm the issue described in comment
> 7 and I will file another bug for this.

Which bug number is this? This is quite a serious issue.
(In reply to Tom Schuster [:evilpie] from comment #9)
> Which bug number is this? This is quite a serious issue.

bug 1471594 / bug 1467102
(Assignee)

Comment 11

9 months ago
Thank you Jan!

Did we decide not to uplift this bug?
[Tracking Requested - why for this release]:
See comment 5 + comment 11.
status-firefox61: --- → affected
tracking-firefox61: --- → ?
Comment on attachment 8987341 [details] [diff] [review]
Patch to uplift

Approved for 61.0.1.
Attachment #8987341 - Flags: approval-mozilla-release? → approval-mozilla-release+
tracking-firefox61: ? → +

Comment 14

9 months ago
bugherderuplift
https://hg.mozilla.org/releases/mozilla-release/rev/2f2e89cae162
status-firefox61: affected → fixed
I was able to reproduce this bug using the attached testcase on an affected Nightly build 62.0a1 (2018-06-21).

I can confirm that the bug is no longer reproducible on 61.0.1 (20180704003137) under the following OSes: Windows 10 x64, macOS 10.12 and Ubuntu 16.04 x64.
status-firefox61: fixed → verified
Flags: qe-verify+
You need to log in before you can comment on or make changes to this bug.