Re: Intent to implement and ship: Blocking FTP subresources
On 09.04.2018 15:13, Tom Schuster wrote: > Summary: All FTP subresources in HTTPs pages (this also includes blob: > etc) will be blocked. Opening FTP links as toplevel documents is still > possible. > > Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1404744 > > Platform coverage: All > Target release: Firefox 61 (this already landed, but we forgot to send > this, sorry!) > Preference behind which this will be implemented: None > Is this feature enabled by default in sandboxed iframes: Yes, enabled > everywhere > DevTools bug: None For those who have wondered about the same. If you try loading an FTP url in an iframe, we show the following warning in the DevTools: Loading FTP subresource within http(s) page not allowed (Blocked loading of: “ftp://evil.com/”) > Do other browser engines implement this? > Chrome shipped in M62? > web-platform-tests: No > Secure contexts: n/a > ___ > dev-platform mailing list > dev-platform@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-platform > ___ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
Re: Intent to implement and ship: Blocking FTP subresources
Good idea. Opened a bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1452701 At least in the Chrome bug somebody was complaining that web cam page was broken by this change. Seems like the reloading image was embedded over FTP. On Mon, Apr 9, 2018 at 5:54 PM, Patrick McManuswrote: > imo, you really need to add a pref to cover this (I'm not saying make it > opt-in, just preffable.). It will break something somewhere and at least you > can tell that poor person they can have compat back via config. > > It also has a very small possibility of breaking enterprises or something we > would discover late, and we would want to be able to push a pref to fix > that. > > > On Mon, Apr 9, 2018 at 9:13 AM, Tom Schuster wrote: >> >> Summary: All FTP subresources in HTTPs pages (this also includes blob: >> etc) will be blocked. Opening FTP links as toplevel documents is still >> possible. >> >> Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1404744 >> >> Platform coverage: All >> Target release: Firefox 61 (this already landed, but we forgot to send >> this, sorry!) >> Preference behind which this will be implemented: None >> Is this feature enabled by default in sandboxed iframes: Yes, enabled >> everywhere >> DevTools bug: None >> Do other browser engines implement this? >> Chrome shipped in M62? >> web-platform-tests: No >> Secure contexts: n/a >> ___ >> dev-platform mailing list >> dev-platform@lists.mozilla.org >> https://lists.mozilla.org/listinfo/dev-platform >> > ___ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
Re: Intent to implement and ship: Blocking FTP subresources
imo, you really need to add a pref to cover this (I'm not saying make it opt-in, just preffable.). It will break something somewhere and at least you can tell that poor person they can have compat back via config. It also has a very small possibility of breaking enterprises or something we would discover late, and we would want to be able to push a pref to fix that. On Mon, Apr 9, 2018 at 9:13 AM, Tom Schusterwrote: > Summary: All FTP subresources in HTTPs pages (this also includes blob: > etc) will be blocked. Opening FTP links as toplevel documents is still > possible. > > Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1404744 > > Platform coverage: All > Target release: Firefox 61 (this already landed, but we forgot to send > this, sorry!) > Preference behind which this will be implemented: None > Is this feature enabled by default in sandboxed iframes: Yes, enabled > everywhere > DevTools bug: None > Do other browser engines implement this? > Chrome shipped in M62? > web-platform-tests: No > Secure contexts: n/a > ___ > dev-platform mailing list > dev-platform@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-platform > > ___ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform