Closed
Bug 265356
Opened 20 years ago
Closed 1 month ago
XPI whitelist should support protocol restrictions
Categories
(Core Graveyard :: Installer: XPInstall Engine, enhancement)
Tracking
(Not tracked)
RESOLVED
INCOMPLETE
People
(Reporter: jruderman, Unassigned)
References
Details
(Keywords: sec-want, Whiteboard: [sg:want P4])
I'd like to whitelist https://update.mozilla.org/ but not http://update.mozilla.org/. I don't see a way to do this. If I try to add "https://update.mozilla.org/" to the whitelist, only "update.mozilla.org" appears in the whitelist, and http://update.mozilla.org/ is able to show the extension install dialog. For bonus points, if I have https://update.mozilla.org/ whitelisted and try to install something from http://update.mozilla.org/, show a strong warning in the "add this site to the whitelist" dialog.
Comment 1•19 years ago
|
||
The whitelisting happens at the backend. Currently this uses the permission manager shared with cookies, image blocking, popup whitelisting, etc and is incapable of protocol distinctions.
Assignee: bugs → xpi-engine
Component: Extension/Theme Manager → Installer: XPInstall Engine
Product: Firefox → Core
QA Contact: bugs
Version: 1.0 Branch → Trunk
Reporter | ||
Updated•17 years ago
|
Whiteboard: [sg:want P4]
Updated•15 years ago
|
Assignee: xpi-engine → nobody
QA Contact: xpi-engine
Assignee | ||
Updated•9 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•