Closed Bug 265356 Opened 20 years ago Closed 1 month ago

XPI whitelist should support protocol restrictions

Categories

(Core Graveyard :: Installer: XPInstall Engine, enhancement)

Product:
Core Graveyard
Component:
Installer: XPInstall Engine
Platform:
x86
Windows XP
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED INCOMPLETE

People

(Reporter: jruderman, Unassigned)

References

Details

(Keywords: sec-want, Whiteboard: [sg:want P4]) 

I'd like to whitelist https://update.mozilla.org/ but not
http://update.mozilla.org/.  I don't see a way to do this.  If I try to add
"https://update.mozilla.org/" to the whitelist, only "update.mozilla.org"
appears in the whitelist, and http://update.mozilla.org/ is able to show the
extension install dialog.

For bonus points, if I have https://update.mozilla.org/ whitelisted and try to
install something from http://update.mozilla.org/, show a strong warning in the
"add this site to the whitelist" dialog.
Blocks: 265358
The whitelisting happens at the backend. Currently this uses the permission
manager shared with cookies, image blocking, popup whitelisting, etc and is
incapable of protocol distinctions.
Assignee: bugs → xpi-engine
Component: Extension/Theme Manager → Installer: XPInstall Engine
Product: Firefox → Core
QA Contact: bugs
Version: 1.0 Branch → Trunk
Whiteboard: [sg:want P4]
Assignee: xpi-engine → nobody
QA Contact: xpi-engine
Product: Core → Core Graveyard
Status: NEW → RESOLVED
Closed: 1 month ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.