Closed
Bug 796433
Opened 12 years ago
Closed 12 years ago
Show the origin of the page if you are within a web app, but not on the app origin
Categories
(Firefox OS Graveyard :: Gaia, defect)
Firefox OS Graveyard
Gaia
Tracking
(blocking-basecamp:+)
VERIFIED
FIXED
| blocking-basecamp | + |
People
(Reporter: ghtobz, Assigned: alive)
Details
(Whiteboard: [label:mozapps][label:needsGeckoSupport][label:needsUXinput][label:needsVISUALinput][LOE:S])
[GitHub issue by jds2501 on 2012-07-26T00:26:42Z, https://github.com/mozilla-b2g/gaia/issues/2831] Security requirement for web apps running in a runtime. If an app goes off the origin of the app origin, it needs to show the current origin of the page in the chrome of the web app. An example use case: 1. Launch mozilla marketplace <-- nothing in the chrome yet 2. Click login <-- pop-up would have chrome with BID as the origin Reference bugs: * https://bugzilla.mozilla.org/show_bug.cgi?id=771915 * https://bugzilla.mozilla.org/show_bug.cgi?id=771395 * https://bugzilla.mozilla.org/show_bug.cgi?id=741955
[GitHub comment by autonome on 2012-07-26T22:56:13Z] @jcarpenter needs UX input
[GitHub comment by jcarpenter on 2012-07-27T17:17:46Z] Tried to skim the attached Bugzilla threads but simply don't have the time right now to do forensics and unpack this issue. Given current bandwidth constraints, am going to need clear explanation and requirements here before I can solve for. A session in front of whiteboard is probably most expedient, if someone is available to break this issue down for me?
[GitHub comment by jds2501 on 2012-07-27T17:20:14Z] @jcarpenter You are in house in Mt View this week, right? I can stop by and grab someone as well who was in the original sec review to help go over the requirements if need be.
[GitHub comment by jcarpenter on 2012-07-31T03:19:40Z] Hi @jds2501 , sorry I missed this until yesterday. I am in SF this week, but available to chat, usually in the afternoons, if you have some time for a quick review?
[GitHub comment by jcarpenter on 2012-09-04T16:49:02Z] Hey guys, I need to jump back on this and resolve, ideally by next week. It dovetails with the work being done on the wrapper. Who will the appropriate Gaia dev be? @autonome
[GitHub comment by ferjm on 2012-09-17T15:55:36Z] Is this related to the trusted UI requirements? `If an app goes off the origin of the app origin, it needs to show the current origin of the page in the chrome of the web app.` FTR, as you probably know, currently there is no chrome in Gaia, so any app could show a fake origin. CCing @AntonioMA
[GitHub comment by jds2501 on 2012-09-17T17:02:49Z] @ferjm Don't know. This issue got filed as a result of a security review that was done on desktop web apps that ended up applying globally to all three possible places for web apps (desktop, android, ff os). It was meant to solve the problem of how we handle the case of when an app leaves the context of it's app origin via a link.
[GitHub comment by vingtetun on 2012-09-17T17:14:32Z] @ferjm It's not. This is more a matter of navigation. Let's say you open an application 'facebook' and one of the link brings you to 'twitter'. Then the user needs to understand that he has leaves the application itself and he is navigating to a different origin at this point (and also to provide him a way to go back!)
[GitHub comment by ferjm on 2012-09-17T17:27:30Z] @vingtetun ok, I see, that's how I understood it. But how/where would you provide the user feedback (I guess the origin as it is mentioned before) that cannot be emulated by another application about navigating to a different origin? That is why I guess this issue is related to the trusted UI. Desktop and android has unspoofable UIs, B2G has not.
|
Reporter | |
Comment 10•12 years ago
|
||
[GitHub comment by AntonioMA on 2012-09-17T21:26:05Z] To be honest, I would fix this by not letting the main frame of the app to navigate away from the domain and protocol on which the user opened it. If the developer wants to navigate to another place, that's cool, he can use the browser app to do it. Or just do it on another window/frame inside his app. But since I don't think that's going to fly well, otherwise I agree with Fernando. Either we have a 'chrome-like' element on the device (and call that Trusted UI or whatever) or this cannot be solved. Whatever we show to indicate the new source can be overwritten by a mallicious app. One possible solution would be to show the origin/current location on the task manager (the screen that shows when you long click the home button). But that's assuming the home button cannot be intercepted (which I assume as true, OTOH)
|
|
Reporter | |
Comment 11•12 years ago
|
||
[GitHub comment by jds2501 on 2012-09-17T22:35:35Z] @AntonioMA We proposed a solution similar to what you specified on desktop a while back, but we received a lot of negative reception from our web app community when we made a decision to not allow navigation off of the domain, mainly since auth usually was off-origin. The proposal in this bug was one of the two fixes made to get around this: * This bug - showing the origin when you are off the app origin * Another bug just fixed - target blank links within a web app open up the link in the browser
|
|
Reporter | |
Comment 12•12 years ago
|
||
[GitHub comment by jcarpenter on 2012-09-18T07:08:02Z] I have uploaded v1 specs here: [Window.open & Off-Origin Content, v1](https://www.dropbox.com/sh/79sdblx96965s0n/CZZ5su8z05). It will probably need another round to incorporate inevitable feedback from dev-gaia. I'll keep this thread updated.
|
|
Reporter | |
Comment 13•12 years ago
|
||
[GitHub comment by jcarpenter on 2012-09-20T05:50:46Z] @patrykdesign We're clear to implement visual designs based on v1 specs. Have reassigned to you for that step. Ping me tomorrow to touch bases and we can walk through what's needed, what our options are, etc :)
|
|
Reporter | |
Comment 14•12 years ago
|
||
[GitHub comment by jcarpenter on 2012-09-20T05:52:58Z] @alivedise You're clear to start dev based on [v1 specs](https://www.dropbox.com/sh/79sdblx96965s0n/CZZ5su8z05). Please let me know if there are any questions. I did not get much technical feedback in my dev-gaia post, so I would start by confirming technical and performance feasibility.
|
|
Reporter | |
Comment 15•12 years ago
|
||
[GitHub comment by patrykdesign on 2012-09-25T20:34:50Z] @alivedise I believe you're executing on the code. Let me know when its landed, but from a visual side of things there is very little to be done. The transition effect is another story so I made a separate bug for that, I shouldn't be blocking on this.
|
|
Reporter | |
Comment 16•12 years ago
|
||
[GitHub comment by alivedise on 2012-09-26T10:32:02Z] @patrykdesign Are you also on charge of the visual of trusted dialog? :) I have no idea now so I rescale to trusted dialog to 90%.
|
|
Reporter | |
Comment 17•12 years ago
|
||
[GitHub comment by alivedise on 2012-09-28T11:01:41Z] @patrykdesign It is in the build now.
|
Assignee | |
Comment 18•12 years ago
|
||
Feature done, track visual issues if any in another bug.
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
|
||
Comment 19•12 years ago
|
||
Verified through logging into marketplace during a smoke test and seeing the off-origin URL present.
Status: RESOLVED → VERIFIED
QA Contact: jsmith
You need to log in
before you can comment on or make changes to this bug.
Description
•