Closed Bug 1582229 Opened 5 years ago Closed 5 years ago

Enable eval security and let it ride the trains

Categories

(Core :: DOM: Security, task)

Product:
Core
Component:
DOM: Security
Type:
task
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla71
Tracking Flags:
Tracking Status
firefox70 ? fixed
firefox71 --- fixed

People

(Reporter: tjr, Assigned: tjr)

References

Details

(Whiteboard: [domsecurity-active])

Attachments

(1 file)

Bug 1582229 - Unrestrict the eval() preferences from Nightly r?ckerschb
47 bytes, text/x-phabricator-request
pascalc
: approval-mozilla-beta+
Details | Review

The intent here was to collect telemetry from 70 (with no enforcement) and then 71 would enforce it and it would ride up the trains one behind the other.

But in Bug 1579495 I forgot we had Nightly guards on the function call so we were not calling the function on Beta or sending in Telemetry. That got fixed and uplifted.

But then I discovered/remembered that we had also guarded the pref with a Nightly guard. So I'm removing that in Nightly and requesting it be uplifted to Beta so we can really get the Telemetry.

Comment on attachment 9093666 [details]
Bug 1582229 - Unrestrict the eval() preferences from Nightly r?ckerschb

Beta/Release Uplift Approval Request

  • User impact if declined: We will need to wait another cycle before enforcing security defense in depth restrictions.
  • Is this code covered by automated tests?: No
  • Has the fix been verified in Nightly?: Yes
  • Needs manual test from QE?: No
  • If yes, steps to reproduce:
  • List of other uplifts needed: None
  • Risk to taking this patch: Low
  • Why is the change risky/not risky? (and alternatives if risky): As from Bug 1579495 we're calling a new codepath that submits telemetry events. It's possible an unexpected environment difference between beta and Nightly could lead to getting flooded with telemetry.
  • String changes made/needed:
Attachment #9093666 - Flags: approval-mozilla-beta?
Status: NEW → ASSIGNED
Whiteboard: [domsecurity-active]
Type: defect → task
Summary: Enable eval security on beta → Enable eval security and let it ride the trains
Pushed by tritter@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/ccef24674019
Unrestrict the eval() preferences from Nightly r=ckerschb

https://hg.mozilla.org/mozilla-central/rev/ccef24674019

Status: ASSIGNED → RESOLVED
Closed: 5 years ago
status-firefox71: affectedfixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla71

Comment on attachment 9093666 [details]
Bug 1582229 - Unrestrict the eval() preferences from Nightly r?ckerschb

Allow collecting telemetry in beta by removing a Nightly onmy guard, landed on Nightly and looks safe, uplift approved for 70 beta 9, thanks.

Attachment #9093666 - Flags: approval-mozilla-beta? → approval-mozilla-beta+
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: