Closed Bug 1809333 Opened 2 years ago Closed 2 years ago

Disable the U2F DOM API by default

Categories

(Core :: DOM: Web Authentication, enhancement)

Product:
Core
Component:
DOM: Web Authentication
Type:
enhancement

Tracking

()

Status:
RESOLVED FIXED
Milestone:
112 Branch
Tracking Flags:
Tracking Status
firefox112 --- fixed

People

(Reporter: jschanck, Assigned: jschanck)

References

Details

Attachments

(1 file)

Bug 1809333 - Disable the U2F DOM API by default. r=dveditz
(deleted), text/x-phabricator-request
Details

We deprecated the U2F DOM API in 109 (Bug 1804579). Use telemetry (e.g. USE_COUNTER2_DEPRECATED_U2FRegister_DOCUMENT) shows little activity, and Chrome has fully deleted their support of the API. So we can set the default value of security.webauth.u2f to false in 111.

Pushed by jschanck@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/d24c37cd2f63 Disable the U2F DOM API by default. r=dveditz

Release Note Request (optional, but appreciated)
[Why is this notable]: It is possible that this change breaks some second factor authentication flows.
[Affects Firefox for Android]: no
[Suggested wording]: The deprecated U2F Javascript API is now disabled by default. The U2F protocol remains usable through the WebAuthn API. The U2F API can be re-enabled using the security.webauth.u2f preference.
[Links (documentation, blog post, etc)]:

relnote-firefox: --- → ?

Backed out changeset d24c37cd2f63 (Bug 1809333) for causing mochitest failures on test_interfaces_secureContext.html.
Backout link
Push with failures <--> 2
Failure Log

Flags: needinfo?(jschanck)

I updated the failing test so that it expects the interface to be disabled.

Flags: needinfo?(jschanck)
Pushed by jschanck@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/8e01a52267b3 Disable the U2F DOM API by default. r=dveditz,webidl,saschanaz

https://hg.mozilla.org/mozilla-central/rev/8e01a52267b3

Status: NEW → RESOLVED
Closed: 2 years ago
status-firefox111: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 111 Branch

Added to Nightly release notes.
Keeping the relnote? flag open to keep it on the radar for inclusion in our final release notes.

Regressions: 1814983

Backed out for causing Bug 1814983.

Backout link: https://hg.mozilla.org/integration/autoland/rev/0d34245412816a5db90f8d6d25337673cd6fd33a

Status: RESOLVED → REOPENED
status-firefox111: fixed → ---
Flags: needinfo?(jschanck)
Resolution: FIXED → ---
Target Milestone: 111 Branch → ---

Removed the release note from 111, since this was backed out.

relnote-firefox: ? → ---

We're waiting for a change to Google Accounts. We expect to be able to land this again in 2 weeks.

Flags: needinfo?(jschanck)
Pushed by jschanck@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/c2c5479b5bf0 Disable the U2F DOM API by default. r=dveditz,webidl,saschanaz

https://hg.mozilla.org/mozilla-central/rev/c2c5479b5bf0

Status: REOPENED → RESOLVED
Closed: 2 years ago2 years ago
status-firefox112: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 112 Branch

Note added back to Nightly 112

You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: