Closed Bug 1705202 Opened 4 years ago Closed 3 years ago

Add FTP related protocols to the registerProtocolHandler safelist.

Categories

(Core :: Networking, enhancement, P2)

Product:
Core
Component:
Networking
Type:
enhancement

Tracking

()

Status:
RESOLVED FIXED
Milestone:
98 Branch
Tracking Flags:
Tracking Status
firefox98 --- fixed

People

(Reporter: asanka, Assigned: valentin)

References

(Blocks 1 open bug)

Details

(Keywords: dev-doc-complete, Whiteboard: [necko-triaged])

Attachments

(2 files)

Bug 1705202 - Add FTP related protocols to the registerProtocolHandler safelist. r=#necko,annevk!
(deleted), text/x-phabricator-request
Details
Bug 1705202 - Strip user & password from FTP schemes when going through webhandler r=Gijs
(deleted), text/x-phabricator-request
Details

As a part of removing FTP support in Chromium (and in turn Google Chrome, Edge, etc.) I'd like to release ftp, sftp, ftps protocols as being registrable via registerProtocolHandler.

ChromeStatus entry is here: https://www.chromestatus.com/feature/5762628536238080

I'll follow up with relevant PR to whatwg/html and wpt.

Blink I2S thread is https://groups.google.com/a/chromium.org/g/blink-dev/c/ABhlioapE0E/m/gXL84wPfAAAJ . Please express your support objections here or there as appropriate.

Related whatwg/html issue : https://github.com/whatwg/html/issues/6583

Hi Asanka. You should file an issue on https://github.com/mozilla/standards-positions/issues to get a position on this topic.
I'll keep this bug for necessary changes if we reach a decision.

Blocks: kill-ftp
Severity: -- → S3
Flags: needinfo?(annevk)
Priority: -- → P2
Whiteboard: [necko-triaged]

Ah, I saw this after the GitHub issue. 😊 This seems reasonable to me now FTP is no longer a scheme the browser handles.

Flags: needinfo?(annevk)
Blocks: 1056860
Assignee: nobody → valentin.gosu
Status: UNCONFIRMED → ASSIGNED
Component: Networking: FTP → Networking
Ever confirmed: true

According to https://github.com/mozilla/standards-positions/issues/513
the safe thing to do for FTP URLs when using a protocol handler is to strip
the credentials from them first.

This also adds a test that makes sure credentials are stripped when using
a web protocol handler.

Depends on D136121

Pushed by valentin.gosu@gmail.com: https://hg.mozilla.org/integration/autoland/rev/b52cf82fbe03 Add FTP related protocols to the registerProtocolHandler safelist. r=annevk https://hg.mozilla.org/integration/autoland/rev/882c7f9567cd Strip user & password from FTP schemes when going through webhandler r=Gijs

https://hg.mozilla.org/mozilla-central/rev/b52cf82fbe03
https://hg.mozilla.org/mozilla-central/rev/882c7f9567cd

Status: ASSIGNED → RESOLVED
Closed: 3 years ago
status-firefox98: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 98 Branch

FF98 docs work for this can be tracked in https://github.com/mdn/content/pull/12790

I see from https://github.com/whatwg/html/issues/6583#issue-858243907 that this change is currently non-spec. Will this bugfix remain in the release even if the PR is not accepted?
This will affect how the browser compatibility and MDN documents are updated.

Flags: needinfo?(valentin.gosu)

Presumably this change will be backed out if the PR gets rejected, but that's unlikely given this is a widely supported change.

Flags: needinfo?(valentin.gosu)

Thanks! The spec got updated. I have marked as dev-doc-complete. The browser compatibility update is still in discussion though (you can follow that through issue linked in https://github.com/mdn/content/pull/12790)

Keywords: dev-doc-neededdev-doc-complete
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: