Closed
Bug 542603
Opened 14 years ago
Closed 14 years ago
Add Firebug and getfirebug.com to install service
Categories
(addons.mozilla.org Graveyard :: Administration, enhancement, P4)
addons.mozilla.org Graveyard
Administration
Tracking
(Not tracked)
VERIFIED
FIXED
5.6
People
(Reporter: neilio, Assigned: fligtar)
Details
Attachments
(1 file)
4.57 KB,
patch
|
clouserw
:
review+
|
Details | Diff | Splinter Review |
The firebug folks would like to be able to install the firebug extension directly from getfirebug.com, so that'll need to be added to the whitelist. Please and thanks!
Reporter | ||
Updated•14 years ago
|
Assignee: nobody → clouserw
Updated•14 years ago
|
Severity: normal → enhancement
Priority: -- → P4
Target Milestone: --- → 5.7
Assignee | ||
Comment 1•14 years ago
|
||
I probably need to add a couple other add-ons to the install service this week, so might be able to get it in sooner than 5.7. btw, is getfirebug.com an official Mozilla site now?
Component: API → Administration
QA Contact: api → administration
Summary: Add getfirebug.com to add-on whitelist → Add Firebug and getfirebug.com to install service
Reporter | ||
Comment 2•14 years ago
|
||
fligtar: I... don't know?
Assignee | ||
Comment 3•14 years ago
|
||
Okay, I'll check on that as well. If it's not a Mozilla site, I'll need to make sure folks are comfortable with us doing this, but I don't think it will be a problem.
Comment 4•14 years ago
|
||
As a curiosity question... does the whitelist include a definition of whether SSL is supposed to be used from the whitelisted page? AMO defaults to SSL, and I'm wondering if we should request the same from getfirebug.com, or if it's MITM'able anyway.
Comment 5•14 years ago
|
||
(In reply to comment #4) > As a curiosity question... does the whitelist include a definition of whether > SSL is supposed to be used from the whitelisted page? AMO defaults to SSL, and > I'm wondering if we should request the same from getfirebug.com, or if it's > MITM'able anyway. Since we bounce off the install service (i.e., the install is just a link to the install service, which in turn is going to trigger the add-on install: http://viewvc.svn.mozilla.org/vc/addons/trunk/site/app/webroot/services/install.php?view=markup), I don't think there's a risk for an MITM attack there.* * (other than a DNS attack in which case the attacker needs a known CA to get them an SSL cert for the attacked domain).
Assignee | ||
Updated•14 years ago
|
Assignee: clouserw → fligtar
Status: NEW → ASSIGNED
Target Milestone: 5.7 → 5.6
Assignee | ||
Comment 6•14 years ago
|
||
Okay, this patch takes care of a number of things I needed to do with the install service in addition to this bug: * Changes firefoxgear.com to rockyourfirefox.com * Lets any add-on hosted on AMO use the service from the default referrers (mozilla.(com|org), rockyourfirefox.com, and localhost) instead of just RYF. This means in the future we only need to add items that need their own referrers. * Adds getfirebug.com for Firebug * Adds eBay sites for the eBay companion as requested by Kev * Adds a special Labs version of StumbleUpon that will be used on the Firefox firstrun page
Attachment #423911 -
Flags: review?(clouserw)
Comment 7•14 years ago
|
||
Comment on attachment 423911 [details] [diff] [review] patch, v1 This looks fine to me, but unless QA has given you the thumbs up it needs to land in 5.7.
Attachment #423911 -
Flags: review?(clouserw) → review+
Assignee | ||
Comment 8•14 years ago
|
||
Most of the changes have to go live by next week (I convinced people to wait for 5.6 rather than local patches), so it'll block. r61374 -- QA, once preview updates, to test: 1. go to http://people.mozilla.com/~fligtar/temp/install.html 2. "old stumbleupon" should try to install stumbleupon 3. "new stumbleupon" should try to install the stumbleupon from labs 4. "password exporter" isn't explicitly listed in the install service but should install now that we added mozilla.com/org to install any add-on from this service
Assignee | ||
Updated•14 years ago
|
Comment 9•14 years ago
|
||
Verified FIXED: 1-2: https://addons.mozilla.org/en-US/firefox/downloads/latest/138?src=installservice 3: http://ftp.mozilla.org/pub/labs/1strunpage/stumbleupon.xpi?src=installservice 4. https://addons.mozilla.org/en-US/firefox/downloads/latest/2848?src=installservice
Status: RESOLVED → VERIFIED
Updated•14 years ago
|
Keywords: push-needed
Updated•8 years ago
|
Product: addons.mozilla.org → addons.mozilla.org Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•