Closed
Bug 526649
Opened 16 years ago
Closed 16 years ago
update whitelist service to support arbitrary add-on id's as long as they come from firefoxgear.com
Categories
(addons.mozilla.org Graveyard :: Public Pages, defect, P2)
addons.mozilla.org Graveyard
Public Pages
Tracking
(Not tracked)
VERIFIED
FIXED
5.4
People
(Reporter: osunick, Assigned: jbalogh)
Details
Attachments
(3 files, 1 obsolete file)
Post-fix screenshot, TamperData setup
To make the install experience better for Firefox Gear visitors, we need to enhance the whitelist service so that we can pass in an add-on id and it will serve an add-on without showing the yellow bar. This should only work when firefoxgear.com is the referrer- but if users copy this link they still get the file, just with a yellow bar.
|
||
Comment 1•16 years ago
|
||
What is this whitelist service that you speak of?
|
||
Comment 2•16 years ago
|
||
services/install.php
|
Reporter | |
Updated•16 years ago
|
Assignee: nobody → jbalogh
Priority: -- → P2
|
Assignee | |
Comment 3•16 years ago
|
||
For this to work, firefoxgear.com has to set addon_id *and* addon_name in the query string. /services doesn't have a database or l10n, so all the dynamic stuff has to come from outside. Isn't that awesome?
This is at the top of install.php:
@todo if this is going to become widely used or expanded it should have some l10n work done
Attachment #413486 -
Flags: review?(clouserw)
|
|
Assignee | |
Comment 4•16 years ago
|
||
fligtar suggests that this may not play nice with caching. There's no explicit caching right now, but we could add that. And I could add a Vary header, which should (in theory) take care of proper caching.
|
||
Comment 5•16 years ago
|
||
Comment on attachment 413486 [details] [diff] [review]
let firefoxgear.com install any add-on it wants
Fligtar is right. On the current page all referrer stuff is done in JS because of the caching.
Vary is a nice idea, but just doing it in js is consistent and quick.
Attachment #413486 -
Flags: review?(clouserw) → review-
|
|
Assignee | |
Comment 6•16 years ago
|
||
Attachment #413647 -
Flags: review?(clouserw)
|
|
Assignee | |
Updated•16 years ago
|
Attachment #413486 -
Attachment is obsolete: true
|
|
||
Comment 7•16 years ago
|
||
Comment on attachment 413647 [details] [diff] [review]
special-case referrals from firefoxgear.com
I think that'll work
Attachment #413647 -
Flags: review?(clouserw) → review+
|
|
Assignee | |
Comment 8•16 years ago
|
||
|
||
Comment 9•15 years ago
|
||
Is this possible to verify without firefoxgear.com live yet? If so, a succinct testcase would be most appreciated :-)
|
|
Assignee | |
Comment 10•15 years ago
|
||
Here goes:
The url: https://preview.addons.mozilla.org/services/install.php?addon_id=2848&addon_name=Hi+Stephen
Using tamperdata, add this header: 'Referer: http://firefoxgear.com'.
See what happens. I didn't actually try this. And "Referer" is not a typo.
Verified FIXED; thanks, Jeff!
Status: RESOLVED → VERIFIED
|
|
||
Updated•15 years ago
|
Keywords: push-needed
|
||
Updated•9 years ago
|
Product: addons.mozilla.org → addons.mozilla.org Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•