Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(410)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 10789054: [Chromoting] Add wildcard to talkgadget in manifest permissions. (Closed)

Created:
8 years, 5 months ago by garykac
Modified:
8 years, 4 months ago
Reviewers:
Jamie, Wez
CC:
chromium-reviews, jamiewalch+watch_chromium.org, dcaiafa+watch_chromium.org, simonmorris+watch_chromium.org, hclam+watch_chromium.org, wez+watch_chromium.org, amit, sanjeevr, garykac+watch_chromium.org, lambroslambrou+watch_chromium.org, alexeypa+watch_chromium.org, sergeyu+watch_chromium.org
Visibility:
Public.

Description

[Chromoting] Add wildcard to talkgadget in manifest permissions. This grants permission to <anything>.talkgadget.google.com as well as allowing simply talkgadget.google.com. This is to prepare for (1) changing the default talkgadget name to something specific to chromoting and (2) adding a policy setting that allows the talkgadget name to be changed. BUG=108448 TEST=none Committed: https://src.chromium.org/viewvc/chrome?view=rev&revision=149105

Patch Set 1 #

Total comments: 3

Patch Set 2 : Add chromoting to talkgadget name #

Patch Set 3 : Re-sync to fixup merge #

Patch Set 4 : Re-add wildcard to talkgadget #

Total comments: 1
Unified diffs Side-by-side diffs Delta from patch set Stats (+4 lines, -3 lines) Patch
M remoting/webapp/build-webapp.py View 1 1 chunk +2 lines, -1 line 1 comment Download
M remoting/webapp/manifest.json View 2 3 1 chunk +1 line, -1 line 0 comments Download
M remoting/webapp/wcs_loader.js View 1 1 chunk +1 line, -1 line 0 comments Download

Messages

Total messages: 11 (0 generated)
garykac
8 years, 5 months ago (2012-07-17 23:50:07 UTC) #1
Jamie
http://codereview.chromium.org/10789054/diff/1/remoting/webapp/manifest.json File remoting/webapp/manifest.json (right): http://codereview.chromium.org/10789054/diff/1/remoting/webapp/manifest.json#newcode27 remoting/webapp/manifest.json:27: "https://*.talkgadget.google.com/talkgadget/*", Don't you still need the original permission until ...
8 years, 5 months ago (2012-07-17 23:52:20 UTC) #2
Wez
http://codereview.chromium.org/10789054/diff/1/remoting/webapp/manifest.json File remoting/webapp/manifest.json (right): http://codereview.chromium.org/10789054/diff/1/remoting/webapp/manifest.json#newcode27 remoting/webapp/manifest.json:27: "https://*.talkgadget.google.com/talkgadget/*", What stops the app then accessing e.g. https://myevildomain.com/talkgadget.google.com/talkgadget/? ...
8 years, 5 months ago (2012-07-17 23:53:14 UTC) #3
garykac
Surprising as this may seem, I did actually test it out and it works just ...
8 years, 5 months ago (2012-07-18 00:03:30 UTC) #4
garykac
Ping! We considered explicitly listing all of the allowable xxx.talkgadget values, but we want to ...
8 years, 4 months ago (2012-07-30 18:41:13 UTC) #5
garykac
+jamiewalch
8 years, 4 months ago (2012-07-30 18:47:06 UTC) #6
garykac
ptal
8 years, 4 months ago (2012-07-30 23:10:22 UTC) #7
Jamie
http://codereview.chromium.org/10789054/diff/14001/remoting/webapp/build-webapp.py File remoting/webapp/build-webapp.py (right): http://codereview.chromium.org/10789054/diff/14001/remoting/webapp/build-webapp.py#newcode170 remoting/webapp/build-webapp.py:170: 'https://chromoting.talkgadget.google.com/' This is just the OAuth redirect URL. If ...
8 years, 4 months ago (2012-07-30 23:17:33 UTC) #8
Jamie
8 years, 4 months ago (2012-07-30 23:17:45 UTC) #9
garykac
On 2012/07/30 23:17:33, Jamie wrote: > http://codereview.chromium.org/10789054/diff/14001/remoting/webapp/build-webapp.py > File remoting/webapp/build-webapp.py (right): > > http://codereview.chromium.org/10789054/diff/14001/remoting/webapp/build-webapp.py#newcode170 > ...
8 years, 4 months ago (2012-07-31 00:38:50 UTC) #10
Jamie
8 years, 4 months ago (2012-07-31 01:15:44 UTC) #11 
lgtm

Powered by Google App Engine
This is Rietveld 408576698