Note: There are a few cases of duplicates in user autocompletion which are being worked on.

find a secure way to relax the restriction on webapp launch_path GET args

RESOLVED WORKSFORME

Status

()

Core
DOM
RESOLVED WORKSFORME
6 years ago
4 years ago

People

(Reporter: bwalker, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

6 years ago
at present, GET args in a launch_path are removed prior to being used to launch the App. We should explore whether it is possible to relax this restriction without introducing new security risks.

For example -- If we relax this restriction, an App developer could submit different manifests to different App stores that differ only by a GET arg; this would allow them to distinguish which App Store lead to a given installation.

Comment 1

6 years ago
I think it must be a bug that this is being removed; nothing we've ever discussed would preclude GET args.

Updated

5 years ago
Component: General → DOM: Mozilla Extensions
OS: Mac OS X → All
Product: Web Apps → Core
QA Contact: general → general
Hardware: x86 → All

Updated

5 years ago
Whiteboard: [mozappapi]

Updated

5 years ago
Blocks: 746465

Updated

5 years ago
Whiteboard: [mozappapi]

Comment 2

5 years ago
Tested here, and I cannot reproduce any problem with a query string: http://app1.ianbicking.org/?manifest=manifest-get.webapp

Installation works, and app.launch() starts the app with the query string.
Status: NEW → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → WORKSFORME
(Assignee)

Updated

4 years ago
Component: DOM: Mozilla Extensions → DOM
Product: Core → Core
You need to log in before you can comment on or make changes to this bug.