Bug 1552602 - Disable FIDO U2F API for Android r=keeler,bzbarsky
authorJ.C. Jones <jjones@mozilla.com>
Mon, 20 May 2019 16:46:43 +0000
changeset 536397 fc4e6975d7fec01df2324aa508b67445554b5c8c
parent 536396 02dcc7ca124a724fa2c5fe193a24a349ef10d603
child 536398 53f8a0553b0e74e4764a49983d63e9f89136bfd5
push id2082
push userffxbld-merge
push dateMon, 01 Jul 2019 08:34:18 +0000
treeherdermozilla-release@2fb19d0466d2 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerskeeler, bzbarsky
bugs1552602, 1550625
milestone68.0
Bug 1552602 - Disable FIDO U2F API for Android r=keeler,bzbarsky Per https://bugzilla.mozilla.org/show_bug.cgi?id=1550625#c5 there is no mechanism available for FIDO U2F JS API operations on Android. The exposed API is FIDO2/WebAuthn-only. As such, Firefox cannot support FIDO U2F JS API operations on Android, and we should disable the u2f preference so that window.u2f is not set inappropriately. Updated to fix test_interfaces.js Differential Revision: https://phabricator.services.mozilla.com/D31695
dom/tests/mochitest/general/test_interfaces.js
security/manager/ssl/security-prefs.js
--- a/dom/tests/mochitest/general/test_interfaces.js
+++ b/dom/tests/mochitest/general/test_interfaces.js
@@ -1155,17 +1155,17 @@ var interfaceNamesInGlobalScope =
     {name: "TouchList", insecureContext: true},
 // IMPORTANT: Do not change this list without review from a DOM peer!
     {name: "TrackEvent", insecureContext: true},
 // IMPORTANT: Do not change this list without review from a DOM peer!
     {name: "TransitionEvent", insecureContext: true},
 // IMPORTANT: Do not change this list without review from a DOM peer!
     {name: "TreeWalker", insecureContext: true},
 // IMPORTANT: Do not change this list without review from a DOM peer!
-    {name: "U2F", insecureContext: false},
+    {name: "U2F", insecureContext: false, android: false},
 // IMPORTANT: Do not change this list without review from a DOM peer!
     {name: "UIEvent", insecureContext: true},
 // IMPORTANT: Do not change this list without review from a DOM peer!
     {name: "URL", insecureContext: true},
 // IMPORTANT: Do not change this list without review from a DOM peer!
     {name: "URLSearchParams", insecureContext: true},
 // IMPORTANT: Do not change this list without review from a DOM peer!
     {name: "UserProximityEvent", insecureContext: true, disabled: true},
--- a/security/manager/ssl/security-prefs.js
+++ b/security/manager/ssl/security-prefs.js
@@ -114,18 +114,23 @@ pref("security.pki.netscape_step_up_poli
 #endif
 
 // Configures Certificate Transparency support mode:
 // 0: Fully disabled.
 // 1: Only collect telemetry. CT qualification checks are not performed.
 pref("security.pki.certificate_transparency.mode", 0);
 
 // Hardware Origin-bound Second Factor Support
+pref("security.webauth.webauthn", true);
+#ifdef MOZ_WIDGET_ANDROID
+// No way to enable on Android, Bug 1552602
+pref("security.webauth.u2f", false);
+#else
 pref("security.webauth.u2f", true);
-pref("security.webauth.webauthn", true);
+#endif
 
 // Only one of ["enable_softtoken", "enable_usbtoken",
 // "webauthn_enable_android_fido2"] should be true at a time, as the
 // softtoken will override the other two.
 pref("security.webauth.webauthn_enable_softtoken", false);
 
 #ifdef FENNEC_NIGHTLY
 pref("security.webauth.webauthn_enable_android_fido2", true);