Closed Bug 741526 Opened 13 years ago Closed 13 years ago

Mozilla central mozapps implementation ignores Content-Type

Categories

(Core Graveyard :: DOM: Apps, defect, P1)

Product:
Core Graveyard
Component:
DOM: Apps
Type:
defect

Tracking

(blocking-basecamp:+, firefox18 fixed, firefox19 fixed, firefox20 fixed)

Status:
RESOLVED FIXED
Milestone:
B2G C2 (20nov-10dec)
Project Flags:
blocking-basecamp +
Tracking Flags:
Tracking Status
firefox18 --- fixed
firefox19 --- fixed
firefox20 --- fixed

People

(Reporter: onecyrenus, Assigned: fabrice)

References

Details

(Whiteboard: [LOE:M])

Attachments

(1 file, 3 obsolete files)

correct patch
5.94 KB, patch
Details | Diff | Splinter Review
https://developer.mozilla.org/en/Apps/Manifest The Manifest as specified on mdn should be served with a specific content-type. this is ignored in the current moz-central implementation. My recommendation would be to either drop this as a requirement from all api's or enforce on mozilla central. Having it work on some platform instances, can only lead to confusion
Shouldn't this bug be logged in Core/DOM --> Mozilla Extensions? Myk's documentation for the desktop runtime indicates this.
Component: General → DOM: Mozilla Extensions
Product: Web Apps → Core
QA Contact: general → general
Whiteboard: [mozappsapi]
OS: Mac OS X → All
Hardware: x86 → All
Summary: Mozilla central implementation ignores Content-Type → Mozilla central mozapps implementation ignores Content-Type
Whiteboard: [mozappsapi] → [mozApps API 1.0]
Whiteboard: [mozApps API 1.0] → [mozApps API 1.0] [marketplace-beta?]
David - Is this a blocker for marketplace beta? What's the risk with leaving this in?
Blocks: 746465
The primary risk is that it allows a site with user-contributed content to potentially have a file uploaded that can be used to "install" the site, and potentially sell access to the site. However, they could not do this through the Marketplace, as it also validates the Content-Type. So without a viable store that doesn't check the Content-Type there is not much risk currently.
Whiteboard: [mozApps API 1.0] [marketplace-beta?] → [marketplace-beta?]
Not sure what the user experience is as a result of this issue. The user base for this release is small and the number of apps are not many that fact plus what Ian said in comment #4 make this seem not that risky.
Whiteboard: [marketplace-beta?]
Willing to go along with, just there are some caveats which haven't been explained. 1) We are assuming that the only place people will install apps is through the marketplace. 2) There is a developer issue where they will be allowed to install their app, and then they will try to upload to the marketplace, and the flow won't work for them. These are fairly minor but we should document this, so it's clear as to what is happening.
Nominating for k9o - not implementing this results in a large inconsistent user experience between AITC and the desktop implementation, as the following problem can occur: 1. Install an app with the incorrect content-type or encoding 2. Doorhanger appears, select to install Result - Desktop will allow the app to be installed to the underlying registry and natively, but a sync to the AITC server will fail, as we require content-type and encoding there. This results in a large inconsistent user experience - an app that should have been allowed to be installed was installed, resulting in inconsistent results in how this is handled (desktop implementation vs. AITC implementation). We should aim for consistency, so that the end user does not suffer from unexpected limitation of functionality. Note: Top apps are affected here, as I've confirmed this problem happens with Lord of Ultima, a tier 1 app. We also need to fix this for the 1st release of the AITC desktop.
blocking-kilimanjaro: --- → ?
(In reply to Jason Smith [:jsmith] from comment #7) > Nominating for k9o - not implementing this results in a large inconsistent > user experience between AITC and the desktop implementation, as the > following problem can occur: > > 1. Install an app with the incorrect content-type or encoding > 2. Doorhanger appears, select to install > > Result - Desktop will allow the app to be installed to the underlying > registry and natively, but a sync to the AITC server will fail, as we > require content-type and encoding there. This results in a large > inconsistent user experience - an app that should have been allowed to be > installed was installed, resulting in inconsistent results in how this is > handled (desktop implementation vs. AITC implementation). We should aim for > consistency, so that the end user does not suffer from unexpected limitation > of functionality. > > Note: Top apps are affected here, as I've confirmed this problem happens > with Lord of Ultima, a tier 1 app. > > We also need to fix this for the 1st release of the AITC desktop. Change this - checking lord of ultima, it looks like it is serving the right content-type. So removing k9o flag and will reopen other bug on this.
blocking-kilimanjaro: ? → ---
No longer blocks: 746465
Component: DOM: Mozilla Extensions → DOM: Apps
This is a security requirement, and should be implemented ASAP. The Marketplace has been validating the header for a while, but it was recently disabled in bug 778214. I think we should enforce this both in WebRT and the Marketplace for the v1 launch, since it's likely we won't have a solution for bug 712045 before then.
blocking-basecamp: --- → ?
See Also: → 778214
(In reply to Anant Narayanan [:anant] from comment #9) > This is a security requirement, and should be implemented ASAP. The > Marketplace has been validating the header for a while, but it was recently > disabled in bug 778214. I think we should enforce this both in WebRT and the > Marketplace for the v1 launch, since it's likely we won't have a solution > for bug 712045 before then. I could see an argument for blocking in the fact that we shouldn't assume that marketplace will always protect this requirement even if bug 778214 gets backed out, cause for example, maybe the OEM decides to include their own marketplace? Although I know when we originally did a bug scrub of these bugs, this one wasn't chosen on the blocker list probably because marketplace enforcing it. Therefore, I'm kinda in the middle on this one on whether to block or not.
While this is an important thing to do before first launch of the Marketplace, would we hold the first release of B2G for it?
Whiteboard: [blocked-on-input Anant Narayanan]
Yes, this is an important security measure. Given that the Marketplace recently stopped checking for the Content-Type, it is doubly important that the m-c implementation does.
Whiteboard: [blocked-on-input Anant Narayanan]
Thanks for the input, Anant. Marking as a blocker.
blocking-basecamp: ? → +
Anant, is this something you can take? If not, do you have any suggestions for an owner? Thanks.
Assignee: nobody → anant
Whiteboard: [WebAPI:P0]
Whiteboard: [WebAPI:P0] → [WebAPI:P0][LOE:M]
Attached patch Patch (obsolete) — Splinter Review
Attachment #663724 - Flags: review?(fabrice)
Assignee: anant → mar.castelluccio
Status: NEW → ASSIGNED
Comment on attachment 663724 [details] [diff] [review] Patch Review of attachment 663724 [details] [diff] [review]: ----------------------------------------------------------------- Sorry for the late review. Since we landed support for updates, we also need to add a content-type check there. And we must decide if we want/need a mime type for the mini-manifests that are used for packaged apps.
Attachment #663724 - Flags: review?(fabrice) → review-
Jonas, any opinion here? I'm not convinced at all that we need this content-type check, but I won't fight either...
For both packaged and hosted apps, we should enforce a Content-Type if the URL passed to .install/.installPackaged is a cross-origin URL. For same-origin URLs we should not enforce a content-type.
Priority: -- → P1
Whiteboard: [WebAPI:P0][LOE:M] → [LOE:M]
Marco, do you have everything you need to proceed with this bug? Are you still able to do this work?
Flags: needinfo?(mar.castelluccio)
Milestoning for C2 (deadline of 12/10), as this meets the criteria of "known bugs with LOE:M".
Target Milestone: --- → B2G C2 (20nov-10dec)
Attached patch Patch v2 (obsolete) — Splinter Review
So, if I understand correctly, the content-type check during the update isn't needed because the same origin check doesn't apply there. Right? Sorry for the delay, I've been really busy recently.
Attachment #663724 - Attachment is obsolete: true
Attachment #681726 - Flags: feedback?(fabrice)
Flags: needinfo?(mar.castelluccio)
Comment on attachment 681726 [details] [diff] [review] Patch v2 Review of attachment 681726 [details] [diff] [review]: ----------------------------------------------------------------- Sorry for the late review Marco. That looks good, let me know if you need me to land the patch.
Attachment #681726 - Flags: feedback?(fabrice) → review+
(In reply to Fabrice Desré [:fabrice] from comment #22) > Comment on attachment 681726 [details] [diff] [review] > Patch v2 > > Review of attachment 681726 [details] [diff] [review]: > ----------------------------------------------------------------- > > Sorry for the late review Marco. That looks good, let me know if you need me > to land the patch. I'd say let's just get this landed now given that's a basecamp+ blocker.
Keywords: checkin-needed
This totally breaks B2G; it dies during startup with: E/GeckoConsole( 43): [JavaScript Error: "SyntaxError: missing : after property id" {file: "resource://gre/modules/AppsUtils.jsm" line: 187}]
So this basically blew up the world when it landed. Backed out. Please don't request re-landing until you've got a green Try link to go with it. https://hg.mozilla.org/integration/mozilla-inbound/rev/34e6bda0ba0e https://tbpl.mozilla.org/?tree=Mozilla-Inbound&pusher=ryanvm@gmail.com
Marco or Fabrice, when can you update this patch? We're 7 days out from the end of C2 so need to get this landed as soon as possible.
Attached patch v3 (obsolete) — Splinter Review
Try build: https://tbpl.mozilla.org/?tree=Try&rev=081c9cfde4c7
Attachment #681726 - Attachment is obsolete: true
Tests are locally passing: 0 INFO SimpleTest START 1 INFO TEST-START | chrome://mochitests/content/chrome/dom/apps/tests/test_apps_service.xul 2 INFO TEST-PASS | chrome://mochitests/content/chrome/dom/apps/tests/test_apps_service.xul | Should be able to get the Apps Service 3 INFO TEST-PASS | chrome://mochitests/content/chrome/dom/apps/tests/test_apps_service.xul | getAppByManifestURL() should be a method in nsIAppsService 4 INFO TEST-PASS | chrome://mochitests/content/chrome/dom/apps/tests/test_apps_service.xul | getAppByManifestURL() should return null for an empty string manifest url 5 INFO TEST-END | chrome://mochitests/content/chrome/dom/apps/tests/test_apps_service.xul | finished in 81ms 6 INFO TEST-START | Shutdown 7 INFO Passed: 3 8 INFO Failed: 0 9 INFO Todo: 0 10 INFO SimpleTest FINISHED
I didn't noticed the tests located at dom/tests/mochitests/apps/ : 9736 ERROR TEST-UNEXPECTED-FAIL | chrome://mochitests/content/chrome/dom/tests/mochitest/webapps/test_install_errors.xul | origin is not in installs_allowed_from - got INVALID_MANIFEST, expected INSTALL_FROM_DENIED 9737 ERROR TEST-UNEXPECTED-FAIL | chrome://mochitests/content/chrome/dom/tests/mochitest/webapps/test_install_errors.xul | installation error: INVALID_MANIFEST I'll take a look at them tomorrow afternoon if no one else does it before.
Switching assignee given that ferjm is working on this now.
Assignee: mar.castelluccio → ferjmoreno
Attached patch correct patchSplinter Review
SO, the tests were missing some ^headers^ file to set the correct content-type...
Assignee: ferjmoreno → fabrice
Attachment #688177 - Attachment is obsolete: true
https://hg.mozilla.org/mozilla-central/rev/7bb787b0d740
Status: ASSIGNED → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
Depends on: 819103
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: