Closed
Bug 707994
Opened 13 years ago
Closed 12 years ago
Implement navigator.mozApps.verifyReceipt
Categories
(Core :: DOM: Core & HTML, defect, P1)
Tracking
()
RESOLVED
WONTFIX
People
(Reporter: anant, Unassigned)
References
Details
Currently verifyReceipt is implemented, but only for the native-shell: https://github.com/mozilla/openwebapps/blob/develop/addons/jetpack/data/native-install/XUL/content/window.js#L142 This code should be shared across all the other mozApps implementations, which are currently the add-on and HTML5 shim.
Reporter | ||
Updated•13 years ago
|
Priority: P2 → P1
Updated•12 years ago
|
Component: General → DOM: Mozilla Extensions
Product: Web Apps → Core
QA Contact: general → general
Comment 2•12 years ago
|
||
Did this feature get implemented? What's the status on this?
Updated•12 years ago
|
Whiteboard: [mozappsapi]
Comment 3•12 years ago
|
||
(In reply to Jason Smith from comment #2) > Did this feature get implemented? What's the status on this? It's not implemented on m-c.
Updated•12 years ago
|
Whiteboard: [mozappsapi] → [mozApps API 1.0]
Comment 4•12 years ago
|
||
There's an open design question here: do we still want to implement verifyReceipt?
Comment 5•12 years ago
|
||
(In reply to Ian Bicking (:ianb) from comment #4) > There's an open design question here: do we still want to implement > verifyReceipt? What benefits does our stakeholders using verifyReceipt get for it existing? What cost is lost for it not existing? Clarification - Is verifyReceipt a convenience function to operate against marketplace's receipt validation service? Or it something else?
Comment 6•12 years ago
|
||
For the most part, verifyReceipt could be implemented as a JS file, a kind of helper that we provide, but don't need to specifically include as part of the mozApps API. That is, there's no special abilities we need, and no hard security advantage to providing it natively (though there might be some soft advantages). I believe the actual verifyReceipt function was probably too complicated to be part of the mozApps API - it also included some options for various levels of app security. We'd want to distill a smaller API from it, and allow supporting libraries cover app policies.
Reporter | ||
Comment 7•12 years ago
|
||
Ian is right, there are no hard advantages to including it as part of the mozApps API (and is definitely not part of the spec). The original implementation in the add-on served two purposes: - A vehicle to prototype apps that depended on receipt validation quickly - Provide sample code to app developers who wanted to know what the "right" way to validate a receipt was Most serious developers will want to do receipt verification themselves, but for some smaller scale apps the thinking was that verifyReceipt() would serve as a nice convenience function, when the app developer trusts the web run-time to a certain extent.
Updated•12 years ago
|
Whiteboard: [mozApps API 1.0]
Comment 8•12 years ago
|
||
Is this bug still valid, given that Ian is actively working on https://github.com/mozilla/receiptverifier to be integrated into mozmarket.js per bug 755006 and bug 758733?
Comment 9•12 years ago
|
||
I believe the library supersedes this function.
Comment 10•12 years ago
|
||
Okay. Resolving as a won't fix then.
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → WONTFIX
Assignee | ||
Updated•11 years ago
|
Component: DOM: Mozilla Extensions → DOM
Assignee | ||
Updated•5 years ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•