bugzilla.mozilla.org has resumed normal operation. Attachments prior to 2014 will be unavailable for a few days. This is tracked in Bug 1475801.
Please report any other irregularities here.

no secure update on exception? it is a local directory!

RESOLVED INVALID

Status

()

Toolkit
Add-ons Manager
RESOLVED INVALID
11 years ago
10 years ago

People

(Reporter: Ray Kiddy, Unassigned)

Tracking

Trunk
x86
Mac OS X
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

11 years ago
I have an extension I am developing. It will not load in these nightlies:

Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.9a9pre) Gecko/2007092204 Minefield/3.0a9pre

Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.9a8pre) Gecko/2007090804 Minefield/3.0a8pre

There is a big "!" and it says: "Does not provide secure updates." Is this really preventing load?

This is a directory-based extension. In other words, there is a file in the extensions directory that has text in it that specifies a local path.

It does not need a secure update method. It certainly does not need one while it is being developed. FF is being a bit too helpful here, to put it mildly....
If you have specified an insecure update method (most likely a http url in the updateURL entry in install.rdf) then it doesn't matter whether it is a directory based extension or not, you have still told Firefox to update it insecurely.
Component: Extension Compatibility → Extension/Theme Manager
Version: 2.0 Branch → Trunk
(Reporter)

Comment 2

11 years ago
Well, on the positive side, if I put in a https url, it loads the extension.

Of course, if there is something wrong with the update URL, maybe it should not update. As opposed to not load at all....

Or if it cares that it is a https URL, should it not check that the URL points to a server with a valid certificate? If not, why require the https?

Requiring a https URL, taking an action based on that, but then not actually checking that the https URL seems bogus.
Just don't include an updateURL. If you are in development Im sure you don't want update checking anyway. And we do check the https update, on update, yes it'd be nice to do it on extension install, maybe I should file a bug to do that. But as stands this bug is invalid, i.e. expected behaviour.
Status: NEW → RESOLVED
Last Resolved: 11 years ago
Resolution: --- → INVALID
(Assignee)

Updated

10 years ago
Product: Firefox → Toolkit
You need to log in before you can comment on or make changes to this bug.