Closed
Bug 892670
Opened 11 years ago
Closed 11 years ago
Trying to submit a packaged app with an origin matching a Core Gaia application origin is allowed, but shouldn't be
Categories
(Marketplace Graveyard :: Validation, defect)
Tracking
(Not tracked)
VERIFIED
FIXED
2013-08-13
People
(Reporter: jsmith, Assigned: basta)
Details
Attachments
(1 file)
18.31 KB,
application/zip
|
Details |
STR
1. Go to https://marketplace-dev.allizom.org/developers/submit/
2. Try to submit the attached packaged app
Expected
Validation should fail - the app origin provided matches a Core Gaia application, which isn't allowed to be used by third-party app developers.
Actual
Validation passes. As a result, an app can be published that uses a Core Gaia application origin. If the user tries to install this app, the app will fail to install, as we ban multiple apps per origin on the client-side.
We should implement a blacklist of origins that third-party app developers are not allowed to use. As a start, this blacklist should contain the origins of each Core Gaia application.
Assignee | ||
Comment 1•11 years ago
|
||
Please provide a list of origins that should be banned.
Reporter | ||
Comment 2•11 years ago
|
||
List of origins:
* app://costcontrol.gaiamobile.org
* app://bluetooth.gaiamobile.org
* app://camera.gaiamobile.org
* app://system.gaiamobile.org
* app://calendar.gaiamobile.org
* app://communications.gaiamobile.org
* app://wallpaper.gaiamobile.org
* app://clock.gaiamobile.org
* app://sms.gaiamobile.org
* app://settings.gaiamobile.org
* app://browser.gaiamobile.org
* app://pdfjs.gaiamobile.org
* app://gallery.gaiamobile.org
* app://video.gaiamobile.org
* app://fm.gaiamobile.org
* app://music.gaiamobile.org
* app://keyboard.gaiamobile.org
* app://email.gaiamobile.org
* app://homescreen.gaiamobile.org
* app://marketplace.firefox.com
Reporter | ||
Comment 3•11 years ago
|
||
Should note with marketplace - someone else shouldn't be able to use that origin, but we should be able to. That might already be handled by the fact that we have that app in the marketplace itself.
Comment 4•11 years ago
|
||
I think we have a blacklist in the db for add-on names already, we could do the same here and just pick a pile of domains. *.gaiamobile.org, *.firefox.com, *.mozilla.org, *.mozilla.com, etc.
Any official apps can be uploaded by admins. That would save us remembering to update this list when someone writes an app for flashlight.gaiamobile.org.
Assignee | ||
Comment 5•11 years ago
|
||
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Updated•11 years ago
|
Assignee: nobody → mattbasta
Target Milestone: --- → 2013-08-13
Comment 6•11 years ago
|
||
Verified as fixed : http://screencast.com/t/YImx0h451
Status: RESOLVED → VERIFIED
You need to log in
before you can comment on or make changes to this bug.
Description
•