Open Bug 1553105 Opened 2 years ago Updated 10 months ago

Only return an origin for schemes that are allowed in the URL spec

Categories

(Core :: Networking, task, P2)

task

Tracking

()

People

(Reporter: valentin, Assigned: valentin)

References

(Blocks 2 open bugs)

Details

(Whiteboard: [necko-triaged])

Attachments

(1 file)

It seems we have a bunch of tests that rely on chrome:// and moz-extension:// schemes having a non-null origin.
We should either fix the tests, or make sure that we properly address these exceptions.

There's a web-platform-test expecting the origin for a ssh URI to be null

Depends on D30711

In Thunderbird we're using a chrome:// origin to be able to store permissions for an email address. https://searchfox.org/comm-central/rev/f759b2f94ff3ef9057f58b9b2dc36fea7994bb9d/mailnews/base/util/mailnewsMigrator.js#155
It's of course a hack...

(In reply to Magnus Melin [:mkmelin] from comment #2)

In Thunderbird we're using a chrome:// origin to be able to store permissions for an email address.

Thanks for letting me know. We could ifdef the exceptions for Thunderbird, but I expect we'll have the same exceptions in m-c for a while ☺

Valentin,

We have an ongoing effort to bring new protocols like ipfs, dat, ssb, ... into Firefox via WebExtensions (tracked by bug 1271553). This change implies that all of them will get origin "null" which in turn would disable important web capabilities.

Any chance we could figure out a solution that would enable such new protocols to continue having origin ?

No longer regressions: libdweb-protocol
See Also: → libdweb-protocol

Hi Irakli,

Would it be OK if we just allow origins for dweb,dat,ipfs,ipns,ssb,wtp or do we need something more extensible?
I intend to land this along with bug 1603699

Flags: needinfo?(rFobic)

Hi Valentin,

I apologize for the delay in response. I have discussed this with @bz in the past and I believe we came to conclusion that ideally we’ll have a static list of protocols and RWLock protected dynamic list as a last resort for unknown protocol schemes. That should allow add-ons to experiment with different protocols without having to patch the Firefox.

More details can be found in Bug 1569733.

Flags: needinfo?(rFobic)
You need to log in before you can comment on or make changes to this bug.