Closed
Bug 397553
Opened 17 years ago
Closed 17 years ago
no secure update on exception? it is a local directory!
Categories
(Toolkit :: Add-ons Manager, defect)
Tracking
()
RESOLVED
INVALID
People
(Reporter: ray, Unassigned)
Details
I have an extension I am developing. It will not load in these nightlies: Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.9a9pre) Gecko/2007092204 Minefield/3.0a9pre Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.9a8pre) Gecko/2007090804 Minefield/3.0a8pre There is a big "!" and it says: "Does not provide secure updates." Is this really preventing load? This is a directory-based extension. In other words, there is a file in the extensions directory that has text in it that specifies a local path. It does not need a secure update method. It certainly does not need one while it is being developed. FF is being a bit too helpful here, to put it mildly....
Comment 1•17 years ago
|
||
If you have specified an insecure update method (most likely a http url in the updateURL entry in install.rdf) then it doesn't matter whether it is a directory based extension or not, you have still told Firefox to update it insecurely.
Component: Extension Compatibility → Extension/Theme Manager
Version: 2.0 Branch → Trunk
Well, on the positive side, if I put in a https url, it loads the extension. Of course, if there is something wrong with the update URL, maybe it should not update. As opposed to not load at all.... Or if it cares that it is a https URL, should it not check that the URL points to a server with a valid certificate? If not, why require the https? Requiring a https URL, taking an action based on that, but then not actually checking that the https URL seems bogus.
Comment 3•17 years ago
|
||
Just don't include an updateURL. If you are in development Im sure you don't want update checking anyway. And we do check the https update, on update, yes it'd be nice to do it on extension install, maybe I should file a bug to do that. But as stands this bug is invalid, i.e. expected behaviour.
Status: NEW → RESOLVED
Closed: 17 years ago
Resolution: --- → INVALID
Assignee | ||
Updated•16 years ago
|
Product: Firefox → Toolkit
You need to log in
before you can comment on or make changes to this bug.
Description
•