Closed
Bug 776731
Opened 12 years ago
Closed 12 years ago
cfx xpi should reject update-link without https
Categories
(Add-on SDK Graveyard :: General, defect)
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: BenWa, Unassigned)
References
()
Details
Attachments
(1 file)
1.45 KB,
patch
|
irakli
:
review+
|
Details | Diff | Splinter Review |
I lost nearly an hour today to find out the reason my addons wasn't compatible with nightly was because the updatelink wasn't https. We should fix this.
According to https://developer.mozilla.org/en/Extension_Versioning,_Update_and_Compatibility#Securing_Updates you can use a plain http link if you supply an updateHash with it. Alex, do you know if cfx deals with updateHash correctly?
Reporter | ||
Comment 2•12 years ago
|
||
As a point of reference this is the build script I was using with HTTP, note that it's fix on the head revision to use https: https://github.com/bgirard/PlatformDebug/blob/28dc6627419bc24acfcbc398ecd1e7f7996a4cbb/build.sh From what I gather it didn't have a chance of working without HTTPS.
This catches it for me in a really quick test addon I through together: (C:\Users\KWierso\Documents\GitHub\addon-sdk) C:\Users\KWierso\Documents\GitHub\ myaddon>cfx xpi --update-link http://people.mozilla.org/~bgirard/PlatformDebug/P latformDebug.xpi --update-url http://people.mozilla.org/~bgirard/PlatformDebug/P latformDebug.update.rdf Traceback (most recent call last): File "C:\Users\KWierso\Documents\GitHub\addon-sdk\bin\cfx", line 33, in <modul e> cuddlefish.run() File "C:\Users\KWierso\Documents\GitHub\addon-sdk\python-lib\cuddlefish\__init __.py", line 741, in run raise optparse.OptionValueError("--update-link must start with 'https': %s" % options.update_link) optparse.OptionValueError: --update-link must start with 'https': http://people. mozilla.org/~bgirard/PlatformDebug/PlatformDebug.xpi (C:\Users\KWierso\Documents\GitHub\addon-sdk) C:\Users\KWierso\Documents\GitHub\ myaddon>cfx xpi --update-link https://people.mozilla.org/~bgirard/PlatformDebug/ PlatformDebug.xpi --update-url https://people.mozilla.org/~bgirard/PlatformDebug /PlatformDebug.update.rdf Exporting update description to myaddon.update.rdf. Exporting extension to myaddon.xpi.
Attachment #645113 -
Flags: review?(rFobic)
Updated•12 years ago
|
Attachment #645113 -
Flags: review?(rFobic) → review+
Comment 4•12 years ago
|
||
Commit pushed to master at https://github.com/mozilla/addon-sdk https://github.com/mozilla/addon-sdk/commit/84cdc9b0a1f3102764219fcd1f659af2bb4ce6b7 Merge pull request #522 from Gozala/bug/https-update-link@776731 fix Bug 776731 - cfx xpi should reject update-link without https r=@gozala
Updated•12 years ago
|
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•