Bug 1346072 - Remove accounts.firefox.com from the whitelist of domains allowed to send objects over webchannels. r=markh
MozReview-Commit-ID: 4ts3uBPuXom
--- a/browser/app/profile/firefox.js
+++ b/browser/app/profile/firefox.js
@@ -1660,17 +1660,17 @@ pref("signon.schemeUpgrades", true);
pref("print.use_simplify_page", true);
#endif
#else
pref("print.use_simplify_page", true);
#endif
// Space separated list of URLS that are allowed to send objects (instead of
// only strings) through webchannels. This list is duplicated in mobile/android/app/mobile.js
-pref("webchannel.allowObject.urlWhitelist", "https://accounts.firefox.com https://content.cdn.mozilla.net https://input.mozilla.org https://support.mozilla.org https://install.mozilla.org");
+pref("webchannel.allowObject.urlWhitelist", "https://content.cdn.mozilla.net https://input.mozilla.org https://support.mozilla.org https://install.mozilla.org");
// Whether or not the browser should scan for unsubmitted
// crash reports, and then show a notification for submitting
// those reports.
#ifdef EARLY_BETA_OR_EARLIER
pref("browser.crashReports.unsubmittedCheck.enabled", true);
#else
pref("browser.crashReports.unsubmittedCheck.enabled", false);
--- a/services/fxaccounts/FxAccountsConfig.jsm
+++ b/services/fxaccounts/FxAccountsConfig.jsm
@@ -63,32 +63,16 @@ this.FxAccountsConfig = {
}
// They have the autoconfig uri pref set, so we clear all the prefs that we
// will have initialized, which will leave them pointing at production.
for (let pref of CONFIG_PREFS) {
Services.prefs.clearUserPref(pref);
}
// Reset the webchannel.
EnsureFxAccountsWebChannel();
- if (!Services.prefs.prefHasUserValue("webchannel.allowObject.urlWhitelist")) {
- return;
- }
- let whitelistValue = Services.prefs.getCharPref("webchannel.allowObject.urlWhitelist");
- if (whitelistValue.startsWith(autoconfigURL + " ")) {
- whitelistValue = whitelistValue.slice(autoconfigURL.length + 1);
- // Check and see if the value will be the default, and just clear the pref if it would
- // to avoid it showing up as changed in about:config.
- let defaultWhitelist = Services.prefs.getDefaultBranch("webchannel.allowObject.").getCharPref("urlWhitelist", "");
-
- if (defaultWhitelist === whitelistValue) {
- Services.prefs.clearUserPref("webchannel.allowObject.urlWhitelist");
- } else {
- Services.prefs.setCharPref("webchannel.allowObject.urlWhitelist", whitelistValue);
- }
- }
},
getAutoConfigURL() {
let pref = Services.prefs.getCharPref("identity.fxaccounts.autoconfig.uri", "");
if (!pref) {
// no pref / empty pref means we don't bother here.
return "";
}
@@ -158,21 +142,16 @@ this.FxAccountsConfig = {
Services.prefs.setCharPref("identity.fxaccounts.remote.webchannel.uri", rootURL);
Services.prefs.setCharPref("identity.fxaccounts.settings.uri", rootURL + "/settings?service=sync&context=" + contextParam);
Services.prefs.setCharPref("identity.fxaccounts.settings.devices.uri", rootURL + "/settings/clients?service=sync&context=" + contextParam);
Services.prefs.setCharPref("identity.fxaccounts.remote.signup.uri", rootURL + "/signup?service=sync&context=" + contextParam);
Services.prefs.setCharPref("identity.fxaccounts.remote.signin.uri", rootURL + "/signin?service=sync&context=" + contextParam);
Services.prefs.setCharPref("identity.fxaccounts.remote.email.uri", rootURL + "/?service=sync&context=" + contextParam + "&action=email");
Services.prefs.setCharPref("identity.fxaccounts.remote.force_auth.uri", rootURL + "/force_auth?service=sync&context=" + contextParam);
- let whitelistValue = Services.prefs.getCharPref("webchannel.allowObject.urlWhitelist");
- if (!whitelistValue.includes(rootURL)) {
- whitelistValue = `${rootURL} ${whitelistValue}`;
- Services.prefs.setCharPref("webchannel.allowObject.urlWhitelist", whitelistValue);
- }
// Ensure the webchannel is pointed at the correct uri
EnsureFxAccountsWebChannel();
} catch (e) {
log.error("Failed to initialize configuration preferences from autoconfig object", e);
throw e;
}
},