Closed Bug 824172 Opened 12 years ago Closed 12 years ago

Re-enable security.fileuri.strict_origin_policy

Tracking

(blocking-basecamp:+, firefox19 fixed, firefox20 fixed, b2g18 fixed)

Status:

RESOLVED FIXED

Milestone:

B2G C3 (12dec-1jan)

Project Flags:

blocking-basecamp

Tracking Flags:

Tracking

Status

firefox19

---

fixed

firefox20

---

fixed

b2g18

---

fixed

People

(Reporter: cjones, Assigned: cjones)

Details

Attachments

(1 file)

Re-enable strict file:// security, because yes we have wifi and installed apps now 12 years ago Chris Jones [:cjones] inactive; ni?/f?/r? if you need me 1.48 KB, patch	sicking : review+	Details \| Diff \| Splinter Review

Chris Jones [:cjones] inactive; ni?/f?/r? if you need me

Assignee

Description

•

12 years ago

http://mxr.mozilla.org/mozilla-central/source/b2g/app/b2g.js#361

This opens new potential holes in the gecko VM, but doesn't affect the OS security model.

Lawrence Mandel [:lmandel] (use needinfo)

Comment 1

•

12 years ago

Chris, the comment in b2g.js that you reference states

"Remove me when we have installable apps or wifi support."

Are we ready to revert this pref now?

Flags: needinfo?(jones.chris.g)

Chris Jones [:cjones] inactive; ni?/f?/r? if you need me

Assignee

Comment 2

•

12 years ago

We flipped that pref over a year ago when gaia dev was done primarily over file://.  That hasn't been possible for a long time, and we do have wifi and installable apps now.

Flags: needinfo?(jones.chris.g)

Doug Turner (:dougt)

Updated

•

12 years ago

Assignee: nobody → jonas

blocking-basecamp: ? → +

Chris Jones [:cjones] inactive; ni?/f?/r? if you need me

Assignee

Comment 3

•

12 years ago

Attached patch Re-enable strict file:// security, because yes we have wifi and installed apps now — Details — Splinter Review

Assignee: jonas → jones.chris.g

Attachment #695844 - Flags: review?(jonas)

Jonas Sicking (:sicking) No longer reading bugmail consistently

Comment 4

•

12 years ago

Comment on attachment 695844 [details] [diff] [review]
Re-enable strict file:// security, because yes we have wifi and installed apps now

Review of attachment 695844 [details] [diff] [review]:
-----------------------------------------------------------------

This is the right thing to do, but I don't think it'll actually affect B2G in any way. It only affects pages which have a file:// URL and I don't think that we have any of those.

Hmm.. That does bring up a good question, I wonder what security checks we do for URLs loaded through <iframe mozbrowser>. That's fodder for a separate bug though.

Attachment #695844 - Flags: review?(jonas) → review+

Chris Jones [:cjones] inactive; ni?/f?/r? if you need me

Assignee

Comment 5

•

12 years ago

https://hg.mozilla.org/integration/mozilla-inbound/rev/5e425fc7bf37

Graeme McCutcheon [:graememcc]

Comment 6

•

12 years ago

https://hg.mozilla.org/mozilla-central/rev/5e425fc7bf37

Status: NEW → RESOLVED

Closed: 12 years ago

Resolution: --- → FIXED

Ryan VanderMeulen [:RyanVM]

Comment 7

•

12 years ago

https://hg.mozilla.org/releases/mozilla-aurora/rev/0687a40d2076
https://hg.mozilla.org/releases/mozilla-b2g18/rev/4c0b7ae362ba

status-b2g18: --- → fixed

status-firefox19: --- → fixed

status-firefox20: --- → fixed

Target Milestone: --- → B2G C3 (12dec-1jan)

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Quick Search

Re-enable security.fileuri.strict_origin_policy

Categories

(Firefox OS Graveyard :: General, defect)

Tracking

(blocking-basecamp:+, firefox19 fixed, firefox20 fixed, b2g18 fixed)

People

(Reporter: cjones, Assigned: cjones)

References

Details

Crash Data

Security

(public)

User Story

Attachments

(1 file)

Description

Comment 1

Comment 2

Updated

Comment 3

Comment 4

Comment 5

Comment 6

Comment 7

Attachment

General

Description

File Name

Content Type