canmove, Confirmed users, Bureaucrats and Sysops emeriti
2,776
edits
SocialAPIMultiProvider: Difference between revisions
no edit summary
(Created page with "{{SecReviewInfo |SecReview name=Social API Multiple Providers }} {{SecReview}} {{SecReviewActionStatus |SecReview action item status=None }}") |
No edit summary |
||
| Line 1: | Line 1: | ||
{{SecReviewInfo | {{SecReviewInfo | ||
|SecReview name=Social API Multiple Providers | |SecReview name=Social API Multiple Providers | ||
|SecReview target=https://mana.mozilla.org/wiki/display/SECURITY/Social+API+multi-providers+Security+Review | |||
this should have been public :) | |||
Prev review info: https://mana.mozilla.org/wiki/display/SECURITY/Social+API+Security+Review | |||
}} | |||
{{SecReview | |||
|SecReview feature goal=* install process for additional social providers | |||
** (for Facebook) user goes to page, "turn on" button, starts social API, also has an undo panel | |||
* For Firefox 22 only social providers included on our whitelist can be installed, these are restricted to organisations with whom we have working relationships or partnerships with. | |||
* In Firefox 23 we will allow any social provider to be installed. (can be listed on AMO or marketplace) | |||
** additional panel for non-whitelisted provers, panel has a notice and enable button and undo panel | |||
* implementation taken from light weight themes process (DOM event) | |||
** manifest data recieved from target element, validated, then presented with enable panel | |||
** manifest stored into prefs | |||
UI : | |||
* sidebar and content | |||
** sidebar from us | |||
** content page on the site | |||
* buttons in chrome UI | |||
** can be defined from provider and bound by sameorigin | |||
|SecReview alt solutions=* use add-ons, did not want installation of additional items (e.g. features--addons can do anything) | |||
* JSON file from provider, seperatly loaded - unneccessary given it can come from page | |||
|SecReview solution chosen=* most direct pathway with least friction | |||
|SecReview threats considered=* same origin required for additional pages to page requesting installation | |||
* images can come from an alternate domain | |||
* backend also supports blocklisting (hard and soft via AMO) | |||
|SecReview threat brainstorming=* UI redressing attack on the "Enable Services" doorhanger | |||
** Is there a delay before a user can click, similar to the addons dialog | |||
* diff between disable and remove? | |||
** disable only turns it off, removes from list | |||
** remove takes it out | |||
* provider loaded, sidebar hidden | |||
** frame worker loaded (as workers can not currently support sockets) | |||
* supported schemes for iconURLs | |||
** created as image tags | |||
** mobile may handle differently but SOP protects <img> data | |||
* directory provided manifests? | |||
}} | }} | ||
{{SecReviewActionStatus | {{SecReviewActionStatus | ||
|SecReview action item status= | |SecReview action item status=In Progress | ||
|SecReview action items=* [dchan] - Follow up with clouserw on origin verification process for AMO / marketplace directory provided manifests - I dont think that he has even begun thinking about social support at all yet | |||
* [dchan] - Look into about:socialerror chrome privileges and file bug if needed | |||
* [psinnon] http/https discussion | |||
}} | }} | ||