Remove "Always Activate" and "Remember this decision" Flash options in Firefox 69
Categories
(Core Graveyard :: Plug-ins, enhancement, P1)
Tracking
(relnote-firefox 69+, firefox-esr60 wontfix, firefox65 wontfix, firefox66 wontfix, firefox67 wontfix, firefox67.0.1 wontfix, firefox68 wontfix, firefox69 fixed)
People
(Reporter: jimm, Assigned: Gijs)
References
(Regression, )
Details
(Keywords: regression, site-compat)
Attachments
(7 files)
(deleted),
text/x-phabricator-request
|
Details | |
(deleted),
text/x-phabricator-request
|
Details | |
(deleted),
text/x-phabricator-request
|
Details | |
(deleted),
text/x-phabricator-request
|
Details | |
(deleted),
text/x-phabricator-request
|
Details | |
(deleted),
text/x-phabricator-request
|
Details | |
(deleted),
text/x-phabricator-request
|
Details |
Per our Flash (plugin) deprecation roadmap, we'll disable Flash by default in Nightly 69 and let that roll out.
Reporter | ||
Updated•6 years ago
|
Reporter | ||
Updated•6 years ago
|
Updated•6 years ago
|
Updated•6 years ago
|
Reporter | ||
Updated•6 years ago
|
Comment 1•6 years ago
|
||
In Firefox 69, we will remove Firefox's:
- "Always Activate" Flash option in about:addons
- If Flash's click-to-activate setting was previously "Always Activate" or "Ask to Activate", it should now be "Ask to Activate".
- If Flash's click-to-activate setting was previously "Never Activate", it should still be "Never Activate". However, if this is difficult to implement, we can reset everyone's Flash click-to-activate setting to "Ask to Activate".
- "Remember this decision" from the Flash click-to-activate door hanger. We want prompt users every time a site wants to activate Flash in each browser session.
But we want Firefox 69+ to remember sites that the user had checked "Remember this decision" in earlier Firefox versions. (Firefox only remembers the door hanger decision for 90 days, so these remembered site permissions will all phase out over 90 days.)
Updated•6 years ago
|
Updated•6 years ago
|
Updated•6 years ago
|
Updated•6 years ago
|
Comment 2•5 years ago
|
||
Priority P1 and 69=affected because we plan to fix this bug in Firefox 69.
Assignee | ||
Comment 3•5 years ago
|
||
Somehow I volunteered to do this, so taking...
Assignee | ||
Comment 4•5 years ago
|
||
Is there a broader plan for what we want here? Some questions that spring to mind (which perhaps are answered in such a doc somewhere):
- I'm assuming we want to actually make this completely impossible, not just remove the UI and keep support for the internal "always run this plugin" state?
- do we need a pref to turn off this restriction if we uncover too many issues?
- we still have a flash_only pref that allows other plugins to be used - in this bug, do we just want to remove support for "always run" for all plugins?
- can we remove support for the flash_only pref except when running automated tests (to reduce the testing/complexity matrix), or is that not possible at the moment?
- do existing users get this change applied, and/or do we need to notify them in any way beyond relnotes?
Comment 5•5 years ago
|
||
(In reply to :Gijs (he/him) from comment #4)
Is there a broader plan for what we want here? Some questions that spring to mind (which perhaps are answered in such a doc somewhere):
No, but I'll create a doc that consolidates all these answers:
https://docs.google.com/document/d/1U5uHskPkJIUkASwLI6uVdFl2s0MM6dfPzCAoT0Bftms/edit
- I'm assuming we want to actually make this completely impossible, not just remove the UI and keep support for the internal "always run this plugin" state?
Good question! I hadn't thought of that.
We had planned to just remove the UI to prevent setting new always-allow site permissions and then let users' existing always-allow site permissions quietly expire after 90 days. But we should probably remove Gecko's always-run Flash code (somewhere in dom/plugins/base) now so Firefox Nightly users can actually experience the always-ask Flash UX now. If there are Flash issues, we want to find them during Nightly testing, not 90 days from now. :) We'll also need to remove any Flash code in the Site Permissions UI.
However, we do not want to remove always-run support for the dummy NPAPI test plugin (used for our automated NPAPI tests), Widevine, or OpenH264! Widevine and OpenH264 are GMPs (Gecko Media Plugins), not NPAPI plugins, so they might use a different code path. Just something to watch for.
- do we need a pref to turn off this restriction if we uncover too many issues?
I don't think we need a pref. Chrome has shipped a similar always-ask UX since September 2018, so there should not be any Flash sites that cause problems in Firefox but not Chrome:
- we still have a flash_only pref that allows other plugins to be used - in this bug, do we just want to remove support for "always run" for all plugins?
- can we remove support for the flash_only pref except when running automated tests (to reduce the testing/complexity matrix), or is that not possible at the moment?
Flash and the dummy NPAPI test plugin are the only NPAPI plugins we support. Widevine and OpenH264 are also "plugins" but we do not want to remove their always-allow support.
The flash_only pref should only be used for our automated NPAPI tests, so we can disable or remove the pref in non-test code paths, as long as disabling it doesn't affect Widevine or OpenH264.
- do existing users get this change applied, and/or do we need to notify them in any way beyond relnotes?
All users should get this change. We don't need to notify users.
Comment 6•5 years ago
|
||
I've tried to summarize in the following doc my current understanding of what we would like do. Feel free to add comments or questions.
https://docs.google.com/document/d/1U5uHskPkJIUkASwLI6uVdFl2s0MM6dfPzCAoT0Bftms/edit
Assignee | ||
Comment 7•5 years ago
|
||
Johann, can you help me understand how this code:
fits into the permissions page in the page info dialog, and whether I need to change something there? It looks to me like right now, allowing flash without ticking the 'remember' checkbox shows up as "allow", and this permission is simply gone (because it's a per-session permission) after a restart -- but some other permissions in the page info dialog have an "allow for session" option; does something need to change as part of this bug or not (or only to make it slightly more correct, but kind of orthogonal to this bug) ?
(TL;DR for this bug: we want to remove the ability to permanently/persistently allow flash to play, including all the UI to that effect.)
Comment 8•5 years ago
|
||
Yeah, so, the plugin permissions in the doorhanger are set here: https://searchfox.org/mozilla-central/rev/153172de0c5bfca31ef861bd8fc0995f44cada6a/browser/base/content/browser-plugins.js#143
What that code does is if you simply click "allow" it will set a session scoped permission to allow Flash.
This works independently of SitePermissions.jsm, but after the permission is updated the SitePermissions stuff is needed to display the correct permission state in the identity popup and page info.
As you noted, PageInfo lists all states for each permission as they are specified in SitePermissions.jsm. Then it tries to select one of them and that part is a little wrong for at least plugins. We fetch state and scope here, but then continue to only consider state when selecting an item. So we select "Allow" when there really should be an "Allow for Session" item.
but some other permissions in the page info dialog have an "allow for session" option
Only cookies has that and it's an entirely independent permission state, not denoted by its permission scope. It's very confusing.
(TL;DR for this bug: we want to remove the ability to permanently/persistently allow flash to play, including all the UI to that effect.)
Then I would suggest just dropping that option from the doorhanger (see link above) and renaming "Allow" into "Allow for session" for plugins in Page Info (the identity popup should already correctly display "Temporarily Allowed").
Do you want to keep supporting previous permanent ALLOW entries for plugin permissions in the permission manager? Then we might need a bit of hackery to have Allow as an unselectable? option there, too.
I hope that helps!
Assignee | ||
Comment 9•5 years ago
|
||
Assignee | ||
Comment 10•5 years ago
|
||
Depends on D34212
Assignee | ||
Comment 11•5 years ago
|
||
Depends on D34213
Assignee | ||
Comment 12•5 years ago
|
||
Depends on D34214
Assignee | ||
Comment 13•5 years ago
|
||
Depends on D34215
Assignee | ||
Comment 14•5 years ago
|
||
Depends on D34216
Assignee | ||
Comment 15•5 years ago
|
||
Depends on D34217
Assignee | ||
Comment 16•5 years ago
|
||
Green try for all but the topmost (permission popup / page info code removal) cset:
https://treeherder.mozilla.org/#/jobs?repo=try&revision=24a53529f6e5c4c87d76d96111127fea6379c56d
Try including that last cset shows xpcshell error which is fixed in the next update to that cset:
https://treeherder.mozilla.org/#/jobs?repo=try&revision=e52231ef1615872c8b6a01d3576295a0b06c1254
Updated•5 years ago
|
Comment 17•5 years ago
|
||
Release Note Request (optional, but appreciated)
[Why is this notable]: flash can't be set to always activate anymore
[Affects Firefox for Android]: I don't think so, but there's also no fennec 69 so kind of moot
[Suggested wording]:
[Links (documentation, blog post, etc)]:
Assignee | ||
Updated•5 years ago
|
Comment 18•5 years ago
|
||
[Affects Firefox for Android]: I don't think so, but there's also no fennec 69 so kind of moot
That's correct. We dropped Android support for Flash a couple years ago (2017 bug 1381916).
[Suggested wording]:
Always ask for user permission before activating Flash on a website.
[Links (documentation, blog post, etc)]:
Mozilla's Plugin Roadmap:
https://developer.mozilla.org/en-US/docs/Plugins/Roadmap
Comment 19•5 years ago
|
||
Comment 20•5 years ago
|
||
Backed out for mochitest failures e.g. test_bug1165981.html
Push with failures: https://treeherder.mozilla.org/#/jobs?repo=autoland&resultStatus=testfailed%2Cbusted%2Cexception&revision=b7340dfe4325f8beb09a1a4cbfeae383f69d14bf&selectedJob=251468474
Failure log: https://treeherder.mozilla.org/logviewer.html#/jobs?job_id=251468474&repo=autoland&lineNumber=3249
Backout: https://hg.mozilla.org/integration/autoland/rev/28c26b4a8e989d134458a65c746d361adfefed03
Assignee | ||
Comment 21•5 years ago
|
||
It turns out that (a) we have mochitest-plain plugin tests, and (b) they rely on setting plugin.enabledState
to 'enabled', from the content process, to enable plugins. Which broke because for click-to-play flash, it's no longer possible to do that. What they should be doing is giving themselves permission, but that's easier said than done...
Assignee | ||
Comment 22•5 years ago
|
||
Comment 23•5 years ago
|
||
Updated•5 years ago
|
Comment 24•5 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/38fc0d299eb0
https://hg.mozilla.org/mozilla-central/rev/96fe8a446f82
https://hg.mozilla.org/mozilla-central/rev/6fc16812b039
https://hg.mozilla.org/mozilla-central/rev/60f078cb766e
https://hg.mozilla.org/mozilla-central/rev/d09f4e29a628
https://hg.mozilla.org/mozilla-central/rev/fce03ecd272a
https://hg.mozilla.org/mozilla-central/rev/7a3feaf795b3
Comment 25•5 years ago
|
||
Posted site compatibility note: https://www.fxsitecompat.dev/en-CA/docs/2019/flash-player-can-no-longer-always-be-activated/
Comment 28•5 years ago
|
||
(In reply to Kohei Yoshino [:kohei] (Bugzilla UX) (FxSiteCompat) from comment #25)
Posted site compatibility note: https://www.fxsitecompat.dev/en-CA/docs/2019/flash-player-can-no-longer-always-be-activated/
The page has the options reversed. It says, Firefox 69 has removed the “Always Activate” option from the page notification dialog and the “Remember this decision” option from the Add-on Manager.
Actually, the “Always Activate” option was removed from the Add-ons Manager and the “Remember this decision” option
was removed from the page notification dialog (described in comment 1 as the click-to-activate door hanger).
Comment hidden (advocacy) |
Comment hidden (advocacy) |
Updated•3 years ago
|
Updated•2 years ago
|
Description
•