Closed Bug 765383 Opened 10 years ago Closed 9 years ago

SecReview: Notifications Back End - iframes

Categories

(mozilla.org :: Security Assurance, task)

task
Not set
normal

Tracking

(Not tracked)

RESOLVED INCOMPLETE

People

(Reporter: curtisk, Assigned: dchanm+bugzilla)

References

Details

(Whiteboard: [action item])

SecReview tracking bug
Actions regarding the review of the dependent bug should be tracked here.

are iframes allowed to generate notifications doorhangars? Should follow same model as geolocation.
I tested this with cross origin frames

- child.html contains script to request geolocation data through navigator.geolocation.getCurrentPosition() (hosted on people)
- parent.html includes child.html as an iframe (hosted on local fs)

Tests
- Loading child.html
-- doorhanger prompting whether to allow child.html geolocation
- Loading parent.html
-- doorhanger prompting whether to allow child.html geolocation


There is some magic that happens if both files are local and in the same directory. In that case, the second test shows the origin / file name for the parent. However we shouldn't run into that issue for notifications.

JR: I believe the followup is to allow iframe notifications to cause doorhangars and to show origin of the originating url (iframe'd site).
It's been a while since I've look at the notifications code. Is there anything that needs to be done for comment 0?
Flags: needinfo?(jrconlin)
dchan: 

Currently, this version of notifications is on hold. Again. 

There is effort around PushAPI (https://wiki.mozilla.org/WebAPI/PushAPI). 

Closing the bug for now, thanks!
Status: NEW → RESOLVED
Closed: 9 years ago
Flags: needinfo?(jrconlin)
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.