Closed
Bug 1460506
Opened 6 years ago
Closed 6 years ago
registerProtocolHandler require SecureContext in stable
Categories
(Core :: DOM: Security, enhancement, P2)
Tracking
()
RESOLVED
FIXED
mozilla62
| Tracking | Status | |
|---|---|---|
| firefox62 | --- | fixed |
People
(Reporter: jkt, Assigned: jkt)
References
Details
(Keywords: dev-doc-complete, site-compat, Whiteboard: [domsecurity-active])
Attachments
(1 file)
Add restriction to stable releases as outlined in the intent to unship (https://groups.google.com/forum/#!topic/mozilla.dev.platform/zzBWOPMPPs0/discussion) 62 was the timeline.
| Comment hidden (mozreview-request) |
|
Assignee | |
Updated•6 years ago
|
Keywords: site-compat
|
||
Comment 2•6 years ago
|
||
| mozreview-review | ||
Comment on attachment 8974617 [details] Bug 1460506 - Restrict registerProtocolHandler over insecure connections in stable releases. https://reviewboard.mozilla.org/r/242990/#review249302
Attachment #8974617 -
Flags: review?(dao+bmo) → review+
|
||
Updated•6 years ago
|
Status: NEW → ASSIGNED
Priority: -- → P2
Whiteboard: [domsecurity-active]
Pushed by jkingston@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/7ff220eb5453 Restrict registerProtocolHandler over insecure connections in stable releases. r=dao
|
||
Comment 4•6 years ago
|
||
Posted the site compatibility note: https://www.fxsitecompat.com/en-CA/docs/2018/navigator-registerprotocolhandler-can-no-longer-be-used-on-insecure-sites/
|
||
Comment 5•6 years ago
|
||
| bugherder | ||
https://hg.mozilla.org/mozilla-central/rev/7ff220eb5453
Status: ASSIGNED → RESOLVED
Closed: 6 years ago
status-firefox62:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla62
|
||
Comment 6•6 years ago
|
||
(In reply to Kohei Yoshino [:kohei] from comment #4) > Posted the site compatibility note: > https://www.fxsitecompat.com/en-CA/docs/2018/navigator- > registerprotocolhandler-can-no-longer-be-used-on-insecure-sites/ I don't think the presentation here is appropriate. While it's technically correct that this patch means it can no longer be used on non-HTTPS sites, the patch from bug 1460481 means it can't be used on HTTPS sites either, as described in your other site compatibility note (https://www.fxsitecompat.com/en-CA/docs/2018/navigator-registercontenthandler-has-been-removed/). It might be better to merge the notes together, describing which pref change controls what restriction, or just drop this note entirely as superfluous to the other.
|
|
||
Comment 7•6 years ago
|
||
I guess you are confusing registerProtocolHandler with registerContentHandler :)
|
|
||
Comment 8•6 years ago
|
||
Oh, you're absolutely right, I just saw registerFooHandler and assumed. My apologies!
|
||
Updated•6 years ago
|
Keywords: dev-doc-needed
|
||
Comment 9•6 years ago
|
||
Updated https://developer.mozilla.org/en-US/docs/Web/API/Navigator/registerProtocolHandler a bit to note generally the kinds of security restrictions that may occur, and submitted PR #2440 to note that Firefox started requiring a secure context in 62. Also added a mention to Firefox 62 for developers.
Keywords: dev-doc-needed → dev-doc-complete
You need to log in
before you can comment on or make changes to this bug.
Description
•