Closed Bug 542603 Opened 14 years ago Closed 14 years ago

Add Firebug and getfirebug.com to install service

Categories

(addons.mozilla.org Graveyard :: Administration, enhancement, P4)

Product:
addons.mozilla.org Graveyard
Component:
Administration
Type:
enhancement

Tracking

(Not tracked)

Status:
VERIFIED FIXED

People

(Reporter: neilio, Assigned: fligtar)

Details

Attachments

(1 file)

patch, v1
4.57 KB, patch
clouserw
: review+
Details | Diff | Splinter Review 
The firebug folks would like to be able to install the firebug extension directly from getfirebug.com, so that'll need to be added to the whitelist. Please and thanks!
Assignee: nobody → clouserw
Severity: normal → enhancement
Priority: -- → P4
Target Milestone: --- → 5.7
I probably need to add a couple other add-ons to the install service this week, so might be able to get it in sooner than 5.7.

btw, is getfirebug.com an official Mozilla site now?
Component: API → Administration
QA Contact: api → administration
Summary: Add getfirebug.com to add-on whitelist → Add Firebug and getfirebug.com to install service
fligtar: I... don't know?
Okay, I'll check on that as well. If it's not a Mozilla site, I'll need to make sure folks are comfortable with us doing this, but I don't think it will be a problem.
As a curiosity question... does the whitelist include a definition of whether SSL is supposed to be used from the whitelisted page? AMO defaults to SSL, and I'm wondering if we should request the same from getfirebug.com, or if it's MITM'able anyway.
(In reply to comment #4)
> As a curiosity question... does the whitelist include a definition of whether
> SSL is supposed to be used from the whitelisted page? AMO defaults to SSL, and
> I'm wondering if we should request the same from getfirebug.com, or if it's
> MITM'able anyway.

Since we bounce off the install service (i.e., the install is just a link to the install service, which in turn is going to trigger the add-on install: http://viewvc.svn.mozilla.org/vc/addons/trunk/site/app/webroot/services/install.php?view=markup), I don't think there's a risk for an MITM attack there.*

* (other than a DNS attack in which case the attacker needs a known CA to get them an SSL cert for the attacked domain).
Assignee: clouserw → fligtar
Status: NEW → ASSIGNED
Target Milestone: 5.7 → 5.6
Attached patch patch, v1Splinter Review 
Okay, this patch takes care of a number of things I needed to do with the install service in addition to this bug:

* Changes firefoxgear.com to rockyourfirefox.com

* Lets any add-on hosted on AMO use the service from the default referrers (mozilla.(com|org), rockyourfirefox.com, and localhost) instead of just RYF. This means in the future we only need to add items that need their own referrers.

* Adds getfirebug.com for Firebug

* Adds eBay sites for the eBay companion as requested by Kev

* Adds a special Labs version of StumbleUpon that will be used on the Firefox firstrun page
Attachment #423911 - Flags: review?(clouserw)
Comment on attachment 423911 [details] [diff] [review]
patch, v1

This looks fine to me, but unless QA has given you the thumbs up it needs to land in 5.7.
Attachment #423911 - Flags: review?(clouserw) → review+
Most of the changes have to go live by next week (I convinced people to wait for 5.6 rather than local patches), so it'll block.

r61374 -- QA, once preview updates, to test:

1. go to http://people.mozilla.com/~fligtar/temp/install.html
2. "old stumbleupon" should try to install stumbleupon
3. "new stumbleupon" should try to install the stumbleupon from labs
4. "password exporter" isn't explicitly listed in the install service but should install now that we added mozilla.com/org to install any add-on from this service
Status: ASSIGNED → RESOLVED
Closed: 14 years ago
Keywords: push-needed
Resolution: --- → FIXED
Product: addons.mozilla.org → addons.mozilla.org Graveyard
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: