Closed
Bug 878101
Opened 12 years ago
Closed 12 years ago
Validate origin in manifest
Categories
(Marketplace Graveyard :: Validation, defect, P1)
Tracking
(Not tracked)
VERIFIED
FIXED
2013-06-27
People
(Reporter: andy+bugzilla, Assigned: robhudson)
References
Details
In bug 852720 packaged apps were allowed to have an origin in the manifest. This is for the validator to check that the origin is valid.
|
Reporter | |
Comment 1•12 years ago
|
||
Blocking bug 867265, so bumping to P1.
Blocks: 867265
Priority: -- → P1
|
|
Reporter | |
Comment 2•12 years ago
|
||
Do we need to ping the domain? Or just check that its a valid fqdn?
|
Assignee | |
Comment 3•12 years ago
|
||
Is bug 883185 possibly a dupe of this?
|
|
Reporter | |
Comment 4•12 years ago
|
||
That's about checking domain ownership and could be considered a follow on from this. My original intent of this bug was to check that someone hasn't entered garbage into this field.
|
|
Assignee | |
Updated•12 years ago
|
Assignee: nobody → robhudson.mozbugs
Target Milestone: --- → 2013-06-27
|
|
Assignee | |
Comment 5•12 years ago
|
||
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
|
|
||
Comment 6•12 years ago
|
||
Please add STR here or mark it with [qa-] if no QA is needed.
|
|
Assignee | |
Comment 7•12 years ago
|
||
To verify:
Submit a packaged app with an "origin" property in the manifest. The origin should only be allowed if it follows the form of "app://domain.com". Things like "http://domain.com" or "mailto:domain.com" or even "app:something-else" should fail validation and show a warning.
|
|
||
Comment 8•12 years ago
|
||
(In reply to Rob Hudson [:robhudson] from comment #7)
> To verify:
> Submit a packaged app with an "origin" property in the manifest. The origin
> should only be allowed if it follows the form of "app://domain.com". Things
> like "http://domain.com" or "mailto:domain.com" or even "app:something-else"
> should fail validation and show a warning.
Should "app://something-else" also pass validation? To pass validation it only needs to have "app://" in the beginning or it has to contain a valid domain after?
http://screencast.com/t/t5q65TPaI
Flags: needinfo?(robhudson.mozbugs)
|
|
Assignee | |
Comment 9•12 years ago
|
||
I'm not sure anymore, sorry. Basta, do you know the answer to comment 8?
Flags: needinfo?(robhudson.mozbugs) → needinfo?(mattbasta)
|
||
Comment 10•12 years ago
|
||
There is no requirement that the origin represents a valid domain or a domain that the developer owns. The following are perfectly valid origins:
app://my.great.domain
app://not.actually.a.domain
app://trolololo
app://hypens-are-fun-too
Flags: needinfo?(mattbasta)
|
|
||
Comment 11•12 years ago
|
||
Ok. Thanks Basta.
Verified as fixed in https://marketplace-dev.allizom.org/developers/submit/ on FF28 (Win 7).
Closing bug.
Status: RESOLVED → VERIFIED
You need to log in
before you can comment on or make changes to this bug.
Description
•