Closed Bug 815970 Opened 12 years ago Closed 6 years ago

toURL param in notification requests should have https:// scheme

Categories

(Firefox Graveyard :: SocialAPI: Providers, defect)

Product:
Firefox Graveyard
Component:
SocialAPI: Providers
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX

People

(Reporter: markh, Unassigned)

Details

We intend enforcing a same-origin restriction for the toURL param in notification requests, but all such URLs currently use a http:// scheme which would fail the same origin check. We have a work-around in place for this issue but would like to remove it. Note that an option is just to provide a relative URL - we resolve such URLs against the provider origin, so it would magically work in that case.
SocialAPI was removed from Firefox 57 and is no longer available in any current release.
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → WONTFIX
Product: Firefox → Firefox Graveyard
You need to log in before you can comment on or make changes to this bug.