Bug 1552602 - Disable FIDO U2F API for Android r=keeler,bzbarsky
authorJ.C. Jones <jjones@mozilla.com>
Mon, 20 May 2019 16:46:43 +0000
changeset 474740 0b5457f890300631908ed9571c2ccc58fef9cf39
parent 474739 0339e62a0bc95a07f30db5de54c058c72bb0f8f5
child 474741 b24b2261b3ceed9874ec7a2c44a82c5a70916b76
push id36046
push useraiakab@mozilla.com
push dateTue, 21 May 2019 21:45:52 +0000
treeherdermozilla-central@257f2c96cef5 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerskeeler, bzbarsky
bugs1552602, 1550625
milestone69.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1552602 - Disable FIDO U2F API for Android r=keeler,bzbarsky Per https://bugzilla.mozilla.org/show_bug.cgi?id=1550625#c5 there is no mechanism available for FIDO U2F JS API operations on Android. The exposed API is FIDO2/WebAuthn-only. As such, Firefox cannot support FIDO U2F JS API operations on Android, and we should disable the u2f preference so that window.u2f is not set inappropriately. Updated to fix test_interfaces.js Differential Revision: https://phabricator.services.mozilla.com/D31695
dom/tests/mochitest/general/test_interfaces.js
security/manager/ssl/security-prefs.js
--- a/dom/tests/mochitest/general/test_interfaces.js
+++ b/dom/tests/mochitest/general/test_interfaces.js
@@ -1155,17 +1155,17 @@ var interfaceNamesInGlobalScope =
     {name: "TouchList", insecureContext: true},
 // IMPORTANT: Do not change this list without review from a DOM peer!
     {name: "TrackEvent", insecureContext: true},
 // IMPORTANT: Do not change this list without review from a DOM peer!
     {name: "TransitionEvent", insecureContext: true},
 // IMPORTANT: Do not change this list without review from a DOM peer!
     {name: "TreeWalker", insecureContext: true},
 // IMPORTANT: Do not change this list without review from a DOM peer!
-    {name: "U2F", insecureContext: false},
+    {name: "U2F", insecureContext: false, android: false},
 // IMPORTANT: Do not change this list without review from a DOM peer!
     {name: "UIEvent", insecureContext: true},
 // IMPORTANT: Do not change this list without review from a DOM peer!
     {name: "URL", insecureContext: true},
 // IMPORTANT: Do not change this list without review from a DOM peer!
     {name: "URLSearchParams", insecureContext: true},
 // IMPORTANT: Do not change this list without review from a DOM peer!
     {name: "UserProximityEvent", insecureContext: true, disabled: true},
--- a/security/manager/ssl/security-prefs.js
+++ b/security/manager/ssl/security-prefs.js
@@ -114,18 +114,23 @@ pref("security.pki.netscape_step_up_poli
 #endif
 
 // Configures Certificate Transparency support mode:
 // 0: Fully disabled.
 // 1: Only collect telemetry. CT qualification checks are not performed.
 pref("security.pki.certificate_transparency.mode", 0);
 
 // Hardware Origin-bound Second Factor Support
+pref("security.webauth.webauthn", true);
+#ifdef MOZ_WIDGET_ANDROID
+// No way to enable on Android, Bug 1552602
+pref("security.webauth.u2f", false);
+#else
 pref("security.webauth.u2f", true);
-pref("security.webauth.webauthn", true);
+#endif
 
 // Only one of ["enable_softtoken", "enable_usbtoken",
 // "webauthn_enable_android_fido2"] should be true at a time, as the
 // softtoken will override the other two.
 pref("security.webauth.webauthn_enable_softtoken", false);
 
 #ifdef FENNEC_NIGHTLY
 pref("security.webauth.webauthn_enable_android_fido2", true);