Having a http url redirect to an add-on's resource:// uri is forbidden

RESOLVED INCOMPLETE

Status

Add-on SDK
General
P2
normal
RESOLVED INCOMPLETE
5 years ago
4 months ago

People

(Reporter: erikvold, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

I was chatting with vladikoff on irc about implementing oauth with dropbox with a jetpack.  In chrome this is what happens:

1. A tab is opened to https://www.dropbox.com/login?cont=https%3A//www.dropbox.com/1/oauth/authorize%3Foauth_callback%3Dchrome-extension%253A%252F%252Feilfcoobfbpeopacdeglplgabcadjf%252Ftest%252Fhtml%252Fchrome_oauth_receiver.html%253F_dropboxjs_scope%253Dhelper-chrome%2526dboauth_token%253Da3A5bAtyyfpXD0o%26oauth_token%3Da3Ax5btyyfpXD0o&signup_tag=oauth&signup_data=92719

2. Once approved this page redirects to the `oauth_callback` param provided in 1

On Firefox however if one provides a resource:// uri (whereas in chrome a chrome-extension:// is used) then there is a security error.
BTW the work around that vladikoff ended up using was have the page redirect to about:blank (which really ends up being about:blank#?params) and then stripping the params and open a tab for the resource:// uri document with the stripped params.
Probably the same issue as bug 820213, hoping to get a patch up this week.
Depends on: 820213

Updated

5 years ago
Priority: -- → P2
https://bugzilla.mozilla.org/show_bug.cgi?id=1399562
Status: NEW → RESOLVED
Last Resolved: 4 months ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.