Addons can be installed from any site

RESOLVED INVALID

Status

()

Toolkit
Add-ons Manager
RESOLVED INVALID
6 years ago
2 years ago

People

(Reporter: roc, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

In a new profile, load http://people.mozilla.org/~roc/fontinfo-0.1-fx.xpi. I get a doorhanger download notification followed by the "Install add-ons only from authors you trust" dialog. It's exactly the same experience as downloading an add-on from addons.mozilla.org. I thought only whitelisted sites such as addons.mozilla.org could trigger that dialog.
Actually no this is correct. The whitelist stops sites from starting add-on installs from JS or by the user clicking on links. If the user copies a URL to an XPI into the address bar manually then it is meant to download and install.

If you have a page on people.mozilla.org that links to that XPI do you still see the same thing?
Keywords: regressionwindow-wanted
No. Thanks for the clarification, sorry for the distraction.
Status: NEW → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → INVALID
Keywords: regressionwindow-wanted
You need to log in before you can comment on or make changes to this bug.