Regression: Credit card logos no longer displayed
Categories
(Toolkit :: Form Autofill, defect, P1)
Tracking
()
Tracking | Status | |
---|---|---|
firefox-esr68 | --- | unaffected |
firefox-esr78 | --- | unaffected |
firefox78 | --- | unaffected |
firefox79 | --- | unaffected |
firefox80 | --- | fixed |
People
(Reporter: abr, Assigned: ckerschb)
References
(Regression)
Details
(Keywords: regression)
The patch for Bug 1145314 makes it impossible for resource://
-loaded files to access chrome://
-loaded files, which breaks access to credit card logos from our .css files. As a consequence, credit card logos no longer appear in the popup.
The fix should look similar to this: https://phabricator.services.mozilla.com/D78896
The potentially impacted files are: https://searchfox.org/mozilla-central/search?q=chrome%3A%2F%2Fformautofill%2F&path=
Chris -- can you take a look at the potentially impacted files above and let us know whether there are any other gotchas we need to look out for here?
Reporter | ||
Updated•4 years ago
|
Assignee | ||
Comment 1•4 years ago
|
||
(In reply to Adam Roach [:abr] from comment #0)
Chris -- can you take a look at the potentially impacted files above and let us know whether there are any other gotchas we need to look out for here?
The quick fix is to backout Bug 1145314, which is on the way as of this writing. Then I'll instrument the code to get some more verbose logging which we can audit using TRY server. I'll do all that within Bug 1145314. Sorry for the breakage and thanks for filing.
Comment 2•4 years ago
|
||
So can this be marked fixed now? What sort of security rating would this get, anyway -- is it a security issue to not show those logos? Should this be MoCo confidential instead if we're trying to lay low on the CC thing?
Reporter | ||
Comment 3•4 years ago
|
||
(In reply to Daniel Veditz [:dveditz] from comment #2)
So can this be marked fixed now? What sort of security rating would this get, anyway -- is it a security issue to not show those logos? Should this be MoCo confidential instead if we're trying to lay low on the CC thing?
Yeah, I'm not sure about the transitivity of the use of the security sensitive flag. As I don't fully understand the underlying security issue being addressed here, I'm trying not to shine a spotlight on the nature of the fix, and a patch to fix this would have probably done that. Feel free to pull the security markings off this bug if you don't think that's a concern.
Comment 4•4 years ago
|
||
Fixed by backout of bug 1145314
Updated•4 years ago
|
Updated•4 years ago
|
Updated•3 years ago
|
Updated•3 years ago
|
Description
•