Closed Bug 1822703 Opened 2 years ago Closed 2 years ago

Remove Google's cross-origin AppID exceptions

Categories

(Core :: DOM: Web Authentication, enhancement, P5)

Product:
Core
Component:
DOM: Web Authentication
Type:
enhancement

Tracking

()

Status:
RESOLVED INACTIVE

People

(Reporter: jschanck, Assigned: jschanck)

References

Details

Attachments

(1 obsolete file)

The cross-origin exception for U2F credentials with an AppId of https://www.gstatic.com/securitykey/origins.json or https://www.gstatic.com/securitykey/a/google.com/origins.json expired in January 2023. We removed some constants related to these exceptions in Bug 1436085, but the exceptions are still present in our WebAuthn implementation. We can remove them now.

Pushed by jschanck@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/2f8883507c91 Remove Google's cross-origin AppID exceptions. r=dveditz

https://hg.mozilla.org/mozilla-central/rev/2f8883507c91

Status: NEW → RESOLVED
Closed: 2 years ago
status-firefox113: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 113 Branch

Backed out as requested by jschanck for causing WebAuthn login issues with Google Accounts

Backout link: https://hg.mozilla.org/integration/autoland/rev/499bc4d69280ad7753ed00be658ad3c3737b96d4

Status: RESOLVED → REOPENED
status-firefox113: fixed → ---
Flags: needinfo?(jschanck)
Resolution: FIXED → ---
Target Milestone: 113 Branch → ---
Flags: needinfo?(jschanck)

I asked a contact at Google, and they believe that we'll need to keep these exceptions "pretty much indefinitely".

Priority: P2 → P5

Should we resolve this bug "wontfix"? "inactive" would also work.

Flags: needinfo?(jschanck)
Status: REOPENED → RESOLVED
Closed: 2 years ago2 years ago
Flags: needinfo?(jschanck)
Resolution: --- → INACTIVE
Attachment #9323363 - Attachment is obsolete: true
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: