Closed Bug 892670 Opened 11 years ago Closed 11 years ago

Trying to submit a packaged app with an origin matching a Core Gaia application origin is allowed, but shouldn't be

Categories

(Marketplace Graveyard :: Validation, defect)

defect
Not set
normal

Tracking

(Not tracked)

VERIFIED FIXED
2013-08-13

People

(Reporter: jsmith, Assigned: basta)

Details

Attachments

(1 file)

Attached file Test App
STR 1. Go to https://marketplace-dev.allizom.org/developers/submit/ 2. Try to submit the attached packaged app Expected Validation should fail - the app origin provided matches a Core Gaia application, which isn't allowed to be used by third-party app developers. Actual Validation passes. As a result, an app can be published that uses a Core Gaia application origin. If the user tries to install this app, the app will fail to install, as we ban multiple apps per origin on the client-side. We should implement a blacklist of origins that third-party app developers are not allowed to use. As a start, this blacklist should contain the origins of each Core Gaia application.
Please provide a list of origins that should be banned.
List of origins: * app://costcontrol.gaiamobile.org * app://bluetooth.gaiamobile.org * app://camera.gaiamobile.org * app://system.gaiamobile.org * app://calendar.gaiamobile.org * app://communications.gaiamobile.org * app://wallpaper.gaiamobile.org * app://clock.gaiamobile.org * app://sms.gaiamobile.org * app://settings.gaiamobile.org * app://browser.gaiamobile.org * app://pdfjs.gaiamobile.org * app://gallery.gaiamobile.org * app://video.gaiamobile.org * app://fm.gaiamobile.org * app://music.gaiamobile.org * app://keyboard.gaiamobile.org * app://email.gaiamobile.org * app://homescreen.gaiamobile.org * app://marketplace.firefox.com
Should note with marketplace - someone else shouldn't be able to use that origin, but we should be able to. That might already be handled by the fact that we have that app in the marketplace itself.
I think we have a blacklist in the db for add-on names already, we could do the same here and just pick a pile of domains. *.gaiamobile.org, *.firefox.com, *.mozilla.org, *.mozilla.com, etc. Any official apps can be uploaded by admins. That would save us remembering to update this list when someone writes an app for flashlight.gaiamobile.org.
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Assignee: nobody → mattbasta
Target Milestone: --- → 2013-08-13
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: