Add ability to filter by "about:config" preference directly from address bar in new "about:config" page

RESOLVED WONTFIX

Status

()

RESOLVED WONTFIX
4 months ago
2 days ago

People

(Reporter: lschwalf, Unassigned, Mentored)

Tracking

(Blocks: 1 bug, {regression})

Trunk
Unspecified
All
regression
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(firefox67 affected)

Details

Attachments

(1 obsolete attachment)

(Reporter)

Description

4 months ago
Add ability to type "about:config?filter=some_filter" into address bar. This can then be saved as a bookmark in Firefox. As seen in this post: https://www.ghacks.net/2017/07/07/access-firefox-aboutconfig-preferences-directly/

Updated

4 months ago
Priority: P3 → P5

Comment 1

a month ago

I'm tentatively assuming that continuing to allow deep linking into the "about:config" page might not be a good idea, and risky in some regard. This page is meant for advanced users anyways, and copying and pasting the preference name in the search box wouldn't be a problem. I don't think this feature is used very much anyways.

Status: NEW → RESOLVED
Last Resolved: a month ago
Resolution: --- → WONTFIX

Updated

23 days ago
Duplicate of this bug: 1522804

Comment 3

12 days ago

If you define "advanced user" as someone who uses this screen, then several prefer it the old way- as evidenced by the numerous bug reports you're closing.

For support reasons it's helpful to direct a user to the relevant pref. Regression is now present in product.

Status: RESOLVED → REOPENED
status-firefox65: affected → ---
status-firefox67: --- → affected
Keywords: regression
OS: Unspecified → All
Priority: P5 → --
Resolution: WONTFIX → ---

Updated

11 days ago
Assignee: nobody → ntim.bugs

Comment 5

11 days ago

Created attachment 9041718 [details]
Bug 1501450 - Add support for filter URL parameter to the new about:config. r=bgrins

Comment 6

11 days ago

The deep linking concern doesn't really apply here considering webpages have never been allowed to directly link to any about: pages for security reasons.

This feature remains useful however for bookmarking, and for support instructions like "Visit about:config?filter=..." which are pretty common on SUMO.

Updated

11 days ago
Priority: -- → P2

Comment 7

10 days ago

(In reply to Tim Nguyen :ntim from comment #6)

The deep linking concern doesn't really apply here considering webpages have never been allowed to directly link to any about: pages for security reasons.

See the duplicate bug 1522804 comment 3 for a way to work around this restriction, and some more considerations about the implications of this feature.

I'd appreciate if you could check with the person that marked a bug as WONTFIX before reopening. In this case, I can run this request past our Product Manager and maybe revert the decision. I'll reopen the bug if that's the case.

As mentioned in the review, the patch definitely needs a regression test.

Status: REOPENED → RESOLVED
Last Resolved: a month ago10 days ago
Priority: P2 → --
Resolution: --- → WONTFIX

Comment 8

10 days ago

Hm, I'll just copy and paste from the other bug:

We explicitly decided to disallow deep linking into internal settings to reduce attack surface, present and potential.

To make a current example, "Open in New Tab" on an "about:config" link on the web works after a reload, even though the first load is disallowed. This probably wasn't foreseen originally, and we may have similar cases in the future.

Less steps for users isn't always better, see for example how the security certificate override dialogs are explicitly designed to slow down such operations. Deep linking into "about:config" to instruct users, for example, to disable those security checks in less steps could make it more attractive for attackers, and the link availability may seem like an official endorsement of the use case.

The fact this mentioned on some websites doesn't change the risk profile.

(In reply to :Paolo Amadini from comment #8)

To make a current example, "Open in New Tab" on an "about:config" link on the web works after a reload, even though the first load is disallowed. This probably wasn't foreseen originally, and we may have similar cases in the future.

The step you mentioned doesn't work, just tried it on the about:config link on https://bugzilla.mozilla.org/show_bug.cgi?id=523508 (the see also field), the reload button is disabled, and the keyboard shortcut doesn't work...

Flags: needinfo?(pamadini)

Comment 10

9 days ago

I reloaded by pressing Enter in the location bar.

To clarify the use case, there seems to be a claim that these links are used on support.mozilla.org to direct users to specific settings. I can find no evidence of this: a cursory search shows that basically all articles instruct users to type "about:config" in the location bar, then filter for a specific setting.

This makes sense because the links don't work anyways unless there is a security flaw, so there's no point in using them, and it's more difficult to type "?filter=" than typing in the filter box directly.

Flags: needinfo?(pamadini)
Attachment #9041718 - Attachment is obsolete: true

Updated

2 days ago
Assignee: ntim.bugs → nobody
You need to log in before you can comment on or make changes to this bug.