Closed Bug 1851143 Opened 1 year ago Closed 1 year ago

Enable ORB by default

Categories

(Core :: DOM: Networking, task, P1)

Product:
Core
Component:
DOM: Networking
Type:
task

Tracking

()

Status:
RESOLVED FIXED
Milestone:
119 Branch
Tracking Flags:
Tracking Status
relnote-firefox --- 118+
firefox118 --- fixed
firefox119 --- fixed

People

(Reporter: hsinyi, Assigned: sefeng)

References

(Blocks 1 open bug)

Details

(Whiteboard: [necko-triaged])

Attachments

(1 file)

Bug 1851143 - Enable OpaqueResponseBlocking in all channels r=farre,smaug
48 bytes, text/x-phabricator-request
pascalc
: approval-mozilla-beta+
Details | Review

ORB has been enabled in nightly/early-beta for several versions.
This bug is to turn ORB on by default in all channels.

Blocks: orb
Priority: -- → P1
Blocks: 1851162
Assignee: nobody → sefeng
Status: NEW → ASSIGNED
Severity: -- → S3
Whiteboard: [necko-triaged]
Blocks: 1851467
Pushed by sefeng@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/b080cc5e0239 Enable OpaqueResponseBlocking in all channels r=smaug

https://hg.mozilla.org/mozilla-central/rev/b080cc5e0239

Status: ASSIGNED → RESOLVED
Closed: 1 year ago
status-firefox119: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 119 Branch

Comment on attachment 9351217 [details]
Bug 1851143 - Enable OpaqueResponseBlocking in all channels r=farre,smaug

Beta/Release Uplift Approval Request

  • User impact if declined: Release of ORB will miss its target
  • Is this code covered by automated tests?: Yes
  • Has the fix been verified in Nightly?: No
  • Needs manual test from QE?: No
  • If yes, steps to reproduce:
  • List of other uplifts needed: None
  • Risk to taking this patch: Low
  • Why is the change risky/not risky? (and alternatives if risky): This patch enables ORB in everywhere. We have been experimenting ORB for a while, even with a fraction of Release users, so we think it's ready to be shipped.
  • String changes made/needed:
  • Is Android affected?: No
Attachment #9351217 - Flags: approval-mozilla-beta?

Comment on attachment 9351217 [details]
Bug 1851143 - Enable OpaqueResponseBlocking in all channels r=farre,smaug

Approved for 118.0b6, thanks.

Attachment #9351217 - Flags: approval-mozilla-beta? → approval-mozilla-beta+

Release Note Request (optional, but appreciated)
[Why is this notable]: This is a rather big change that has potential web compatibility risks
[Affects Firefox for Android]: No
[Suggested wording]: OpaqueResponseBlocking is now enabled by default.
[Links (documentation, blog post, etc)]: https://github.com/annevk/orb

The Intent to Ship email might be helpful for drafting the wording: https://groups.google.com/a/mozilla.org/g/dev-platform/c/ROU9eDb8alY

I guess if we want the wording to be more specific and descriptive, we could say "The responses of no-cors cross origin requests might be block to prevent attackers from reading them"?

This should goes to 118 release note.

relnote-firefox: --- → ?

Note Added 10 118 beta

Depends on: 1909202
No longer depends on: 1909202
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: