Closed Bug 1570062 Opened 1 year ago Closed 1 year ago

Whitelist what's new "moments" pages

Categories

(Firefox :: Messaging System, enhancement, P1)

enhancement

Tracking

()

RESOLVED FIXED
Firefox 70
Tracking Status
firefox69 --- fixed
firefox70 --- fixed

People

(Reporter: k88hudson, Assigned: Mardak)

References

Details

Attachments

(1 file)

In Bug 1568692 we landed some code to trigger a moments page based on a pref value. We might want to consider whitelisting the domains that are allowed to be shown if we think that's necessary.

Following up with sec.

Assignee: nobody → andrei.br92

If its easy to whitelist mozilla.org, firefox.com etc. domains, I'd recommend just doing that. Alternatively, I suggest you ask for a security review meeting with Dan Veditz and team using the secreview@mozilla.com email address.

See Also: → 1571843

I'll have it allow https: mozilla.org and firefox.com base domains

Assignee: andrei.br92 → edilee
Priority: -- → P1

Use URL to parse and eTLD to extract allowed domains

Pushed by elee@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/d95d741d5b75
Whitelist what's new "moments" pages r=k88hudson
Status: NEW → RESOLVED
Closed: 1 year ago
Resolution: --- → FIXED
Target Milestone: --- → Firefox 70

Comment on attachment 9083866 [details]
Bug 1570062 - Whitelist what's new "moments" pages

Beta/Release Uplift Approval Request

  • User impact if declined: Undesired urls could be shown at startup
  • Is this code covered by automated tests?: Yes
  • Has the fix been verified in Nightly?: No
  • Needs manual test from QE?: Yes
  • If yes, steps to reproduce: 1) create new string pref browser.startup.homepage_override.once set to {"url":"https://example.com/|https://www.mozilla.org/%LOCALE%/etc/firefox/retention/thank-you-a/"}
  1. restart firefox
  2. see both a thank you page (https://www.mozilla.org/en-US/etc/firefox/retention/thank-you-a/) and home page tabs but not https://example.com/
  • List of other uplifts needed: Bug 1568692
  • Risk to taking this patch: Low
  • Why is the change risky/not risky? (and alternatives if risky): Slight modification to the behavior from bug 1568692 which is default off.
  • String changes made/needed: none
Attachment #9083866 - Flags: approval-mozilla-beta?
Flags: qe-verify+
QA Whiteboard: [qa-triaged]

Comment on attachment 9083866 [details]
Bug 1570062 - Whitelist what's new "moments" pages

Work in support of the approved relationship scoping projects targeting Fx69. Approved for 69.0b14.

Attachment #9083866 - Flags: approval-mozilla-beta? → approval-mozilla-beta+
You need to log in before you can comment on or make changes to this bug.