Open Bug 1797822 Opened 2 years ago Updated 8 days ago

Site permission prompts show the full origin like https://permission.site:443 instead of just the hostname like permission.site

Categories

(Fenix :: Browser Engine, enhancement, P3)

Product:
Fenix
Component:
Browser Engine
Platform:
All
Android
Type:
enhancement

Tracking

(Not tracked)

People

(Reporter: cpeterson, Assigned: cpeterson)

References

Details

Attachments

(3 files)

permission_prompt_origin.png
148.28 KB, image/png
Details
Bug 1797822 - Only show URL scheme and port in site permission prompts for protocols other than HTTPS. r?tthibaud
48 bytes, text/x-phabricator-request
Details | Review
Bug 1797822 - Rename some SitePermissions variables from host to origin. r?tthibaud
48 bytes, text/x-phabricator-request
Details | Review

Steps to reproduce

  1. Load https://permission.site/
  2. Tap the "Camera" button.
  3. You will see a permission prompt: "Allow https://permission.site:443 to use your camera and microphone?"

Actual result

Fenix's permission prompt shows: Allow https://permission.site:443 to use your camera and microphone?.

Expected result

Desktop's permission prompt shows: Allow permission.site to use your camera and microphone? without the https:// scheme or :443 port. Fenix should use desktop's shorter string, especially since Fenix has less space to show the string.

Severity: -- → S3

i have a similar issue while i using firfox browser my dowloadhub movie site https://downloadhubmovie.com/ not working properly and Allow permission always whenever i refresh it.

Enhancements should have severity N/A.

Severity: S3 → N/A
Assignee: nobody → cpeterson
Component: General → Browser Engine
Priority: -- → P3
Summary: Fenix's site permission prompt includes the https:// scheme and :443 port, but desktop doesn't → Site permission prompts show the full origin like https://permission.site:443 instead of just the hostname like permission.site

Screenshot of a permission prompt with origin

Firefox Android's site permission prompts currently show the site's origin (which incudes the URL's protocol scheme and port number) like "Allow https://permission.site:443 to use your camera and microphone?". With this change, Firefox Android will only show the host, like Firefox desktop does: "Allow permission.site to use your camera and microphone?".

Firefox Android's site permission prompts used to show just the host, but switched to origin in this 2021 commit:

https://github.com/mozilla/gecko-dev/commit/497d1d2c35aa551a8c35c115d1fe6e4f1d4756b7

See Also: → CVE-2021-29971

Since Gecko scopes permissions to origins (like "https://www.example.com:443"), we want all permission checks to use origins, not just hostnames like "www.example.com". Some SitePermissions code was incorrectly naming some variables "host" when they actually stored an origin.

Attachment #9423397 - Attachment description: Bug 1797822 - Change site permission prompts to show just the host, not the full origin. r?amejiamarmol → Bug 1797822 - Only show URL scheme and port in site permission prompts for protocols other than HTTPS. r?tthibaud
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: