[BinAST] Add a pref to restrict BinAST file support to specific host

RESOLVED FIXED in Firefox 66

Status

()

enhancement
RESOLVED FIXED
6 months ago
6 months ago

People

(Reporter: arai, Assigned: arai)

Tracking

(Blocks 1 bug)

Trunk
mozilla66
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(firefox66 fixed)

Details

Attachments

(1 attachment)

for early test, having a pref to restrict BinAST support to specific domain should reduce the attack surface.

To reduce the attack surface in early test for BinAST, add a preference to
restrict the hosts that Firefox accepts BinAST file from.
The preference is turned on by default (BinAST itself is turned off by
default for now), and the list contains hosts which is going to be used in
early test.
For hosts not listed in the list, Firefox doesn't send BinAST MIME-Type in
Accept field, and doesn't handle BinAST file in case the server returns
BinAST file.

I updated the hosts list in all.js, can you review that part?
(I'm not sure how I can ask review again there)

Flags: needinfo?(amarchesini)
Flags: needinfo?(amarchesini)

Done. See my comments in phabricator.

Pushed by arai_a@mac.com:
https://hg.mozilla.org/integration/autoland/rev/8c88a33dc39f
Add pref to restrict BinAST feature to specific hosts. r=baku
See Also: → 1520534

forgot that tests that don't execute BinAST files pass even we don't enable it.
will fix shortly.

Flags: needinfo?(arai.unmht)
Pushed by arai_a@mac.com:
https://hg.mozilla.org/integration/autoland/rev/671054606438
Add pref to restrict BinAST feature to specific hosts. r=baku
Status: ASSIGNED → RESOLVED
Closed: 6 months ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla66
You need to log in before you can comment on or make changes to this bug.