Closed
Bug 685287
Opened 13 years ago
Closed 13 years ago
Create URL redirect for Foundation project Popcorn Maker
Categories
(mozilla.org Graveyard :: Server Operations, task)
Tracking
(Not tracked)
RESOLVED
WONTFIX
People
(Reporter: ryan, Assigned: ashish)
References
Details
The Mozilla Foundation's Popcorn project is ready launch an alpha of the Popcorn Maker app. The app is located at http://butterapp.org/popcorn-maker/. We would like to set up a URL redirect from http://popcornmaker.mozilla.org to that address to allow us to promote the app. The app will be featured at the Mozilla-sponsored Open Video Conference this weekend, so would very much appreciate if this could be set up by EOD Friday. Thank you!
Updated•13 years ago
|
Severity: normal → critical
Updated•13 years ago
|
Assignee: server-ops → ashish
Assignee | ||
Comment 1•13 years ago
|
||
Ryan/Brett - Please change the URL of the webm video [1] from videos-origin.mozilla.org to videos.mozilla.org ASAP. videos-origin is a single server and is behind the CDN and should never be directly linked, especially on public facing websites. Doing that would be bypassing the CDN and possibly bringing the server to a crawl.
Assignee | ||
Comment 2•13 years ago
|
||
Hmm, I missed the URL to the video I was referring to but please do take a look through the webm links, thanks!
Comment 3•13 years ago
|
||
Guys, this should not have been setup, as a general rule we do not setup anything in the .mozilla.org/.com TLD without it being hosted within our infrastructure. We will probably need to remove this quickly, but I will ask mcoates if he would like to override this first.
Comment 4•13 years ago
|
||
To clarify: our intention is certainly to host within the Mozilla IT infrastructure at popcornmaker.mozilla.org - however, while this is being set up, we'd like this simple redirect so that we can announce our alpha at the Open Video Conference, a marquee event for our market (and an event that Mozilla is a primary sponsor of). Hope that clarifies, Brett
Comment 5•13 years ago
|
||
I understand, it still causes risk. If it should be hosted within our infrastructure then we need to go that route, but it needs plenty of time and proper planning to make it happen (and this is too short of notice to make it happen before this weekend)
Comment 6•13 years ago
|
||
I took a look at the website. In terms of potential security risks, this site is pretty high. It looks like there is a fair amount of user submitted dynamic code that is later processed by the site. (I also found an xss in a few minutes of poking) The current redirects work such that url parameters are carried to the final page. This would allow someone to create a mozilla.org url with a malicious payload that would carry through to http://butterapp.org/popcorn-maker/ and then fire the attack. In short, this would look like a vulnerability in Mozilla.org This will require a security review for sure before joining the mozilla.org domain and the production infrastructure. But, to address the issue at hand. Would people agree that this is more of a labs project since the project is: * Experimental * Under rapid iteration * Under constrained timelines We can provide a mozillalabs.com domain name that could be used for this weekend that would redirect to http://butterapp.org/popcorn-maker/ After this weekend we can start the process of getting this application onto allizom.org for security testing and eventually to popcornmaker.mozilla.org
Based upon Mike's comments, I'm OK with disabling the redirect for now. We can purchase and use a non-mozilla domain like popcornmaker.org for now as a temporary measure while we are in alpha, and simultaneously work to get the application on mozilla infrastructure and through the security and QA processes. Brett - you good with that?
Comment 8•13 years ago
|
||
This is reverted..
Comment 9•13 years ago
|
||
If there's a chance you want the domain hosted at Mozilla eventually then you probably ought to have us get it for you. We'll need ownership before we can host it, and you can't transfer a domain for 60 days after it's registered. Domains handled by US registrars (.org/.com/.net/.info/etc) can be obtained and operating almost on a moment's notice. popcornmaker.org is already taken, fwiw. If you'd like us to do that and decide on a domain to get, try not to mention it on a public bug, because domain sharks sometimes watch our bugs and try to snag them first. :)
Comment 10•13 years ago
|
||
"After this weekend we can start the process of getting this application onto allizom.org for security testing and eventually to popcornmaker.mozilla.org". Should we close this bug and start another one to start the process of getting the app ready to move to popcornmaker.mozilla.org or continue on this bug? Thanks.
Assignee | ||
Comment 11•13 years ago
|
||
Opening a new bug would be the right way to go about. Closing this out.
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → WONTFIX
Updated•13 years ago
|
Updated•9 years ago
|
Product: mozilla.org → mozilla.org Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•