Revisit testing privileges for 127.0.0.1 in add-on

NEW
Unassigned

Status

Web Apps
Extension
6 years ago
6 years ago

People

(Reporter: anant, Unassigned)

Tracking

Details

(Reporter)

Description

6 years ago
We've added a special case for .install() calls from 127.0.0.1, which allows the test suite to bypass the doorhanger (this is required for automated testing). We need to evaluate the security implications of this, and perhaps figure out if there's a better way to do this.

Some ideas:
- detect if we are in 'cfx run' mode to bypass doorhanger instead of using origin
- correctly implement setMockResponse and only make it available to test scripts when the add-on is in 'test mode', which should also be implemented
Could this issue also apply to the mozilla-central version of the implementation? Specifically with the test infrastructure? Anant what do you think?
You need to log in before you can comment on or make changes to this bug.