Bug 1552602 - Disable FIDO U2F API for Android r=keeler
☠☠ backed out by 777492b75f97 ☠ ☠
authorJ.C. Jones <jjones@mozilla.com>
Fri, 17 May 2019 23:45:47 +0000
changeset 474411 8e8ea33ecb3da138dbd0af56c2e5550902e7b05a
parent 474410 0649547f4b2947c188067f0502733100b6d7f92d
child 474412 f78634b8bff9ce0b8850e5f9246e7821ded4ef4e
push id113152
push userdluca@mozilla.com
push dateSat, 18 May 2019 10:33:03 +0000
treeherdermozilla-inbound@9b2f851979cb [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerskeeler
bugs1552602, 1550625
milestone68.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1552602 - Disable FIDO U2F API for Android r=keeler Per https://bugzilla.mozilla.org/show_bug.cgi?id=1550625#c5 there is no mechanism available for FIDO U2F JS API operations on Android. The exposed API is FIDO2/WebAuthn-only. As such, Firefox cannot support FIDO U2F JS API operations on Android, and we should disable the u2f preference so that window.u2f is not set inappropriately. Differential Revision: https://phabricator.services.mozilla.com/D31695
security/manager/ssl/security-prefs.js
--- a/security/manager/ssl/security-prefs.js
+++ b/security/manager/ssl/security-prefs.js
@@ -114,18 +114,23 @@ pref("security.pki.netscape_step_up_poli
 #endif
 
 // Configures Certificate Transparency support mode:
 // 0: Fully disabled.
 // 1: Only collect telemetry. CT qualification checks are not performed.
 pref("security.pki.certificate_transparency.mode", 0);
 
 // Hardware Origin-bound Second Factor Support
+pref("security.webauth.webauthn", true);
+#ifdef MOZ_WIDGET_ANDROID
+// No way to enable on Android, Bug 1552602
+pref("security.webauth.u2f", false);
+#else
 pref("security.webauth.u2f", true);
-pref("security.webauth.webauthn", true);
+#endif
 
 // Only one of ["enable_softtoken", "enable_usbtoken",
 // "webauthn_enable_android_fido2"] should be true at a time, as the
 // softtoken will override the other two.
 pref("security.webauth.webauthn_enable_softtoken", false);
 
 #ifdef FENNEC_NIGHTLY
 pref("security.webauth.webauthn_enable_android_fido2", true);