Closed
Bug 747252
Opened 12 years ago
Closed 12 years ago
[Marketplace] Require 'installs_allowed_from' of uploaded manifests to match SITE_URL
Categories
(Marketplace Graveyard :: Validation, defect)
Tracking
(Not tracked)
RESOLVED
WONTFIX
2012-05-17
People
(Reporter: vince.librandi, Unassigned)
References
()
Details
Attachments
(1 file)
209.14 KB,
image/png
|
Details |
User Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:14.0) Gecko/20120418 Firefox/14.0a1 Build ID: 20120418052015 Steps to reproduce: After clicking the install button for the SeeVan's Underworld Adventure App Actual results: A dialog appears with the the following error message: App installation not allowed. Also no method is displayed to exit the error dialog without closing the page. Expected results: App should have installed
Reporter | ||
Updated•12 years ago
|
Updated•12 years ago
|
Status: NEW → RESOLVED
Closed: 12 years ago
Component: General → Public Pages
Product: Web Apps → addons.mozilla.org
QA Contact: general → web-ui
Resolution: --- → DUPLICATE
Comment 2•12 years ago
|
||
When an error appears in a lightbox like this that's an error from. "App install not allowed" is an error from `navigator.mozApps.install` for the 'DENIED' error code. (https://github.com/mozilla/zamboni/blob/master/media/js/mkt/buttons.js) Presumably, the 'DENIED' code is due to incorrect values set for `installs_allowed_from`. I'm not sure - can someone chime in? The manifest URL: http://dekkostudios.com/private/steamcube.webapp
Status: RESOLVED → REOPENED
Resolution: DUPLICATE → ---
Comment 3•12 years ago
|
||
(In reply to Chris Van Wiemeersch [:cvan] from comment #2) > When an error appears in a lightbox like this that's an error from. > > "App install not allowed" is an error from `navigator.mozApps.install` for > the 'DENIED' error code. > (https://github.com/mozilla/zamboni/blob/master/media/js/mkt/buttons.js) > > Presumably, the 'DENIED' code is due to incorrect values set for > `installs_allowed_from`. I'm not sure - can someone chime in? "installs_allowed_from": ["*"] <--- this is what set in this manifest. Weird, cause that says app installs are allowed anywhere. > > The manifest URL: http://dekkostudios.com/private/steamcube.webapp David Clarke or Ian Bicking - Any ideas?
Comment 4•12 years ago
|
||
Note - This could a problem either with native install or the mozapps API. We need to narrow down the problem.
Comment 5•12 years ago
|
||
I cannot reproduce on Nightly or HTML polyfill. Perhaps this is the installation confirmation error we've been seeing on Windows: Bug 746629 ?
Comment 6•12 years ago
|
||
Also, saw this happen with Boston Globe on win 7 64-bit.
Comment 7•12 years ago
|
||
This happens on a mac as well
Comment 8•12 years ago
|
||
Not getting a reproduction of this issue with the app specified in the URL, but comment 6 is still valid on the current nightly build.
Comment 9•12 years ago
|
||
Tested on FF 12 and Chrome. I don't see the error occur, but I see bug 747010 occur instead.
Comment 10•12 years ago
|
||
Re-tested Boston Globe on Nightly as well. Still seeing the error come up (looks like you can't dismiss dialog when the error appears, is there a bug tracking this issue?). Don't see anything in the error console either.
Comment 11•12 years ago
|
||
Built a test page to test this referencing the manifest directly. I also cannot install Boston Globe with the test page. Confirmed this isn't a marketplace issue.
Component: Public Pages → Web Apps
Product: addons.mozilla.org → Firefox
QA Contact: web-ui → webapps
Version: unspecified → 14 Branch
Comment 12•12 years ago
|
||
Note - We should check the MIME type of the webapp manifest Boston Globe is serving.
Comment 13•12 years ago
|
||
Boston Globe also does not work in FF 12 with the webapps HTML implementation. I don't think this a problem in native installation. Sounds like an issue (either on the developer's side or ours) involving the mozapps API.
Updated•12 years ago
|
Component: Web Apps → General
Product: Firefox → Web Apps
QA Contact: webapps → general
Version: 14 Branch → unspecified
Comment 14•12 years ago
|
||
Moved to web apps general, until we figure out where the root cause of the problem is within the mozapps API.
Updated•12 years ago
|
Whiteboard: [topapps]
Comment 15•12 years ago
|
||
(In reply to Jason Smith from comment #12) > Note - We should check the MIME type of the webapp manifest Boston Globe is > serving. %% curl -I http://www.bostonglobe.com/mozilla-webapp/bostonglobe_manifest.webapp HTTP/1.1 200 OK Date: Sun, 22 Apr 2012 17:51:21 GMT Last-Modified: Fri, 13 Apr 2012 02:32:11 GMT ETag: "10b2bda4d-2ea-4bd8647a05e9f" Accept-Ranges: bytes Content-Length: 746 Cache-Control: max-age=3600 Expires: Sun, 22 Apr 2012 18:51:21 GMT Served-By: auberon Content-Type: application/x-web-app-manifest+json Connection: close Server: BostonGlobe.com Frontend
Comment 16•12 years ago
|
||
I figured out the problem: "installs_allowed_from": [ "https://marketplace.mozilla.org", "http://www.bostonglobe.com/", "https://www.bostonglobe.com/", "http://bostonglobe.com/", "https://bostonglobe.com/", "http://c.o0bg.com/" ], This does not list marketplace dev as an appropriate server to install applications from. My local copy also was not listed as a place you could install apps from.
Keywords: qawanted
Comment 17•12 years ago
|
||
Checking the marketplace dev validator, it looks like that manifest was allowed to be submitted (http://www.bostonglobe.com/mozilla-webapp/bostonglobe_manifest.webapp), even though marketplace dev is a server not allowed for app installations.
Comment 18•12 years ago
|
||
(In reply to Jason Smith from comment #17) > Checking the marketplace dev validator, it looks like that manifest was > allowed to be submitted > (http://www.bostonglobe.com/mozilla-webapp/bostonglobe_manifest.webapp), > even though marketplace dev is a server not allowed for app installations. Ah, so the marketplace validator only checks for marketplace.mozilla.org to exist (which it does exist in the boston globe manifest), but this also occurs on marketplace dev (marketplace dev checks that marketplace.mozilla.org exists, even though this is not correct). Sounds like a configuration problem on the marketplace dev deployment side for the validator. Also, sounds like a problem with error messages (we should be getting something to the JS error console when this occurs, but nothing happened). Someone from Marketplace - How would you like to resolve this issue, given that i think it's marketplace dev specific (the validator checks the incorrect URL for marketplace dev, but this won't happen on production) Someone from mozapps API - Should we open a bug to track improving error messages for this issue? Thoughts?
Comment 19•12 years ago
|
||
(In reply to Jason Smith from comment #18) > Someone from Marketplace - How would you like to resolve this issue, given > that i think it's marketplace dev specific (the validator checks the > incorrect URL for marketplace dev, but this won't happen on production) I've opened up a pull request for this: https://github.com/mozilla/amo-validator/pull/141 We should be checking that 'https://marketplace-dev.allizom.org' or '*' are values in `installs_allowed_from` if we're on -dev. And similarly for staging and production.
Comment 20•12 years ago
|
||
Jorge: Can you give an opinion on this?
Comment 21•12 years ago
|
||
(In reply to Chris Van Wiemeersch [:cvan] from comment #19) > We should be checking that 'https://marketplace-dev.allizom.org' or '*' are > values in `installs_allowed_from` if we're on -dev. That sounds good to me. > And similarly for staging and production. If that means "We should be checking that 'https://marketplace.mozilla.org' or '*' are values in `installs_allowed_from` if we're on prod", then I agree. FYI, Andrew is working on the review policies for apps, so I'm adding him on the loop.
Comment 22•12 years ago
|
||
I've seen this error present with apps in production that specify ["*"] as allowed.
Comment 23•12 years ago
|
||
(In reply to Justin Scott [:fligtar] from comment #22) > I've seen this error present with apps in production that specify ["*"] as > allowed. Could you point out which apps have this problem?
Comment 24•12 years ago
|
||
Please try it with this manifest: http://app-6-mwa-vc-as-en.jocly.com/jocly.webapp
Comment 25•12 years ago
|
||
(In reply to Justin Scott [:fligtar] from comment #24) > Please try it with this manifest: > http://app-6-mwa-vc-as-en.jocly.com/jocly.webapp Tested that with my local app install page. I was successfully able to install the app in Nightly on Win 7 64-bit.
Comment 26•12 years ago
|
||
Does this bug need to remain open at this point, given that we know the problem was on marketplace dev configuration (it allows apps that do not have marketplace dev configured)? Other issues could be marked in different bugs (trying to narrow down this bug scope to the root cause). Thoughts?
Comment 27•12 years ago
|
||
It sounds like we should leave this open but make it a Marketplace bug, since we need a bug to track resolution of the problem in the Marketplace code.
Updated•12 years ago
|
Component: General → Public Pages
Product: Web Apps → addons.mozilla.org
QA Contact: general → web-ui
Target Milestone: --- → 6.5.2
Updated•12 years ago
|
Assignee: nobody → cvan
Summary: When installing a Web App from the market place: App Installation not allowed → [Marketplace] Require 'installs_allowed_from' of uploaded manifests to match SITE_URL
Comment 28•12 years ago
|
||
This should be behind a waffle switch.
Updated•12 years ago
|
Whiteboard: [topapps]
Updated•12 years ago
|
Target Milestone: 6.5.2 → 6.5.4
Updated•12 years ago
|
Assignee: cvan → nobody
Component: Public Pages → Validation
Product: addons.mozilla.org → Marketplace
QA Contact: web-ui → validation
Target Milestone: 2012-05-10 → 2012-05-17
Version: unspecified → 1.0
Comment 29•12 years ago
|
||
I've filed bug 755495 with the next steps for adjusting the validator. This bug has changed focus and there's no need to complicate the change with 28 other comments.
Status: REOPENED → RESOLVED
Closed: 12 years ago → 12 years ago
Resolution: --- → WONTFIX
You need to log in
before you can comment on or make changes to this bug.
Description
•