Usage of HTTP for update_url causes misleading error
Categories
(Toolkit :: Add-ons Manager, enhancement, P3)
Tracking
()
People
(Reporter: werner.robitza, Unassigned)
Details
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.100 Safari/537.36
Steps to reproduce:
I have an add-on using the following "application" part of the manifest:
"applications": {
"gecko": {
"update_url": "http://example.com/updates.json",
"strict_min_version": "65.0"
}
}
Actual results:
When I try to install this as a temporary add-on in Firefox (67.0.4, macOS), I get:
installTemporaryAddon: Error: unknownError: Could not install add-on at '…': Error: Add-on 861f82235c5edb0732308b0d55b9333ef5b43330@temporary-addon is not compatible with application version. add-on minVersion: 65.0
When I change the update_url from HTTP to HTTPS, everything works fine.
Expected results:
I would have expected a more meaningful error message. The minVersion check is irrelevant here, as I am using a valid Firefox version.
So, instead, it could have thrown an error like:
temporary-addon is not compatible with application version. update_url must use HTTPS.
|
||
Comment 1•6 years ago
|
||
Hi Werner,
Thanks for the details. I was able to reproduce the bug on the following versions:
nightly 69.0a1 (2019-06-28) (64-bit)
release 67.0.4 (64-bit)
Beta 68.0b13 (64-bit)
The error I got was slightly different but it amounts to the same, I believe. There was an error during installation: Add-on 4830d7c14b4ad7792aa7efb7b7b250e775f7f894@temporary-addon is not compatible with application version. add-on minVersion: 65.0.
So I've chosen a component. If you consider that there's another component that's more proper for this case you may change it.
Best regards, Flor.
|
||
Updated•6 years ago
|
|
|
||
Comment 2•6 years ago
|
||
sorry we don't support non-https update urls.
|
Reporter | |
Comment 3•6 years ago
|
||
I think you misunderstood this report. I know you do not support non-HTTPS update URLs. This is clear from the documentation. However, this bug report is about the fact the error message says:
temporary-addon is not compatible with application version. add-on minVersion: 65.0
… which is not the correct error, and in fact very misleading when the application version requirement is fulfilled. This was confirmed by Florencia.
So please consider re-opening this.
|
||
Comment 4•6 years ago
•
|
||
The error is mentioning a compatibility issue because technically the add-on is incompatible with the target application, because the application requires secure updates urls (which can only be disabled in Nightly, from an about:config preference).
A more verbose error message is actually logged in the browser console:
addons.xpi-utils WARN Updates for add-on [EXTENSION_ID] must be provided over HTTPS.
The fact that the most visible error message doesn't mention the insecure update url at all, but it does mention the add-on min (and max) version even if it is actually compatible with the target application can be a bit misleading (e.g. when installing a temporary add-on in the about:debugging page the "Updates for add-on ... must be provided over HTTPS" is not visible as the related error, and the more generic ... is not compatible with application version. add-on minVersion: ... is what the developer is presented with).
I'm moving this bug to "Toolkit::Add-ons Manager", because this is not a behavior implemented in the WebExtensions internals (and also marking it as an enhancement, because the actual reason for the install failure is logged in the Browser Console)
|
||
Comment 5•6 years ago
|
||
The product::component has been changed since the backlog priority was decided, so we're resetting it.
For more information, please visit auto_nag documentation.
|
|
||
Updated•6 years ago
|
|
||
Updated•3 years ago
|
Description
•