SummerOfCode/2012/UserCSP/WeeklyUpdates/2012-08-13: Difference between revisions

From MozillaWiki
Jump to navigation Jump to search
(Created page with "{{subst:WeeklyUpdates}}")
 
 
(10 intermediate revisions by the same user not shown)
Line 1: Line 1:
<small>[[WeeklyUpdates/{{#time:Y-m-d|{{SUBPAGENAME}} -1 week}}|« previous week]] | [[WeeklyUpdates|index]] | [[WeeklyUpdates/{{#time:Y-m-d|{{SUBPAGENAME}} +1 week}}|next week »]]</small>
<small>[[WeeklyUpdates/{{#time:Y-m-d|{{SUBPAGENAME}} -1 week}}|« previous week]] | [[WeeklyUpdates|index]] | [[WeeklyUpdates/{{#time:Y-m-d|{{SUBPAGENAME}} +1 week}}|next week »]]</small>
{{conf|8600}}
__TOC__
= All-hands Status Meeting Agenda =
Items in this section will be shared during the live all-hand status meeting.
== Friends of the Tree [[Image:Tree.gif|Friends of the Tree]] ==
== Upcoming Events ==


=== This Week ===
=== This Week ===


=== Monday, {{#time:d F|{{SUBPAGENAME}}}} ===
=== Monday, {{#time:d F|{{SUBPAGENAME}}}} ===
* UserCSP Project report preparation. Project report contains, goal and objectives of the project, functionality and how it works, and technical details of the project.


=== Tuesday, {{#time:d F|{{SUBPAGENAME}} +1 day}} ===
=== Tuesday, {{#time:d F|{{SUBPAGENAME}} +1 day}} ===


=== Wednesday, {{#time:d F|{{SUBPAGENAME}} +2 days}} ===
* Intercepted "shouldLoad" method of nsIContentPolicy interface.


=== Thursday, {{#time:d F|{{SUBPAGENAME}} +3 days}} ===
** The nsIContentPolicy interface is useful to observe content that is being loaded into browser.
** The "shouldLoad" method of this interface will be called before loading the resource to determine whether to start the load at all.
* This method is useful to infer the rules for website by observing the contents that are loaded by a web page.


=== Friday, {{#time:d F|{{SUBPAGENAME}} +4 days}} ===
=== Wednesday, {{#time:d F|{{SUBPAGENAME}} +2 days}} ===


=== Next Week ===
* Perform the resource load type check to collect information about the type of load and destination domain of the request.
* To infer CSP directive rules such as, script-src, img-src, etc, I intercepted at "shouldLoad" method of nsIContentPolicy interface. When this method is invoked it provides various  information, we are specifically interested in following information:
  aContentType : TYPE_IMAGE, TYPE_SCRIPT, TYPE_OBJECT, etc.
  aContentLocation: It contains destination domain URL where resource is hosted.
  aRequestOrigin: The domain that initiated this resource load request.


== Product Status Updates (voice updates) ==
** For example, If request is of TYPE_IMAGE then for "aRequestOrigin", I stored "aContentLocation" URL in "img-src" directive. The entry is only inserted if it doesn't exists in CSP directive to remove duplicates.


=== Firefox Desktop ===
=== Thursday, {{#time:d F|{{SUBPAGENAME}} +3 days}} ===
''Speaker Location:''


=== Firefox Mobile ===
* Inferred policy for a website by observing its resource loading is send to add-on UI component for displaying it in the add-on UI.
''Speaker Location:''
** Inferred policy for a website is shown in the "ALL" tab of the add-on UI.


=== Thunderbird ===
** Automatically inferred policy for a website provides hints for users in configuring CSP directives as well as makes their job easier while configuring a CSP policy for the website.
''Speaker Location:''


=== Older Branch Work ===
=== Friday, {{#time:d F|{{SUBPAGENAME}} +4 days}} ===
''Speaker Location:''
 
=== Webmaker ===
''Speaker Location:''
 
=== Identity ===
''Speaker Location:''
 
=== Services ===
''Speaker Location:''
 
=== Firefox OS ===
''Speaker Location:''
 
=== Grow Mozilla ===
''Speaker Location:''
 
== Speakers ==
 
The limit is 3 minutes per speaker.  It's like a lightning talk, but don't feel that you have to have slides in order to make a presentation.
 
{| class="fullwidth-table"
|-
!  Title
!  Presenter
!  Topic
!  Media
!  More Details
|-
| Your Title Here
| Your Name Here
| What are you going to talk about?
| Links to slides or images you want displayed on screen
| Link to where audience can find out more information
|-
|}
 
== Introducing New Hires ==
{| class="fullwidth-table"
|-
!  New Hire
!  Introduced by
!  Speaker location
!  Will be working on
|-
| ''Who is the new hire?''
| ''Who will be introducing that person?''
| ''From which office will that introduction be transmitted?''
| ''What will the new person be working on?''
|-
<!-- Insert new rows here -->
|-
|}
 
== Introducing New Interns ==
{| class="fullwidth-table"
|-
!  New Intern
!  Introduced by
!  Speaker location
!  Will be working on
|-
| ''Who is the new intern?''
| ''Who will be introducing that person?''
| ''From which office will that introduction be transmitted?''
| ''What will the new person be working on?''
|-
<!-- Insert new rows here -->
|-
|}
 
== Roundtable ==
 
= &lt;meta&gt; =
 
Notes and non-voice status updates that aren't part of the live meeting go here.
 
== Status Updates By Team (*non-voice* updates) ==
 
=== Firefox ===
 
=== Platform ===
 
=== Services ===
 
=== Messaging ===
 
=== Mobile ===
 
=== IT ===
 
=== Release Engineering ===
 
=== QA ===
 
==== Test Execution ====
 
==== WebQA ====
 
==== QA Community ====
 
=== Automation & Tools ===
 
=== Security ===
 
=== Engagement ===
 
==== PR ====
 
==== Events ====
 
==== Creative Team ====
 
==== Community Marketing ====
 
=== Support ===
 
=== Metrics ===


=== Evangelism ===
* Filed a bug on bugzilla.mozilla.org for refinePolicy() method. (Bug 783497)


=== Labs ===
* Changed the logo of userCSP add-on.  Bug 780045 is for content security policy logo. However, the logo is not yet ready so tentatively we used a Shield icon for userCSP add-on.


=== Apps ===


=== Developer Tools ===
=== Saturday, {{#time:d F|{{SUBPAGENAME}} +5 days}} ===


=== Add-ons ===
* userCSP add-on sqlite database file is now stored in ProfD (profile directory) of Firefox. Previously, it was stored on user's Desk(Desktop).
* Added "Infer CSP" tab to add-on UI.
** Infer policy  tab provides three buttons to the user namely, Start, Stop and SetInferredCSPAsUserCSP.
*** The "Start" button when clicked starts inferring of a CSP policy for a website and "Stop" button stops automatic inferring of a CSP policy for a website.


=== Webdev ===
=== Sunday, {{#time:d F|{{SUBPAGENAME}} +6 days}} ===


=== L10n ===
* "Help" tab is added to add-on UI and it say "If the website rules appear to be missing for a site that has implemented CSP, try clicking shift-refresh.  It may be because the website is cached."
** When a site is loaded from a cache and it has set "X-Content-Security-Policy header, then we don't know how to retrieve its "X-Content-Security-Policy" Header for the website when it is loaded from a cache. Therefore, in such scenario we are not able to display the CSP policy into add-on UI. Whereas shift-refresh causes a site to be loaded from network, so that we can retrieve CSP policy from HTTP header.


=== People Team ===
* Added "setInferredCSPAsUserCSP" button into "Infer CSP" tab.  This feature allows user to set automatically inferred policy for a website as well as allows user to update inferred CSP policy.


=== WebFWD ===
* userCSP add-on source code is uploaded on GitHub (https://github.com/patilkr/userCSP)


== Foundation Updates ==
* Project report is uploaded at (https://wiki.mozilla.org/SummerOfCode/2012/UserCSP/Wiki)

Latest revision as of 07:49, 19 August 2012

« previous week | index | next week »

This Week

Monday, 13 August

  • UserCSP Project report preparation. Project report contains, goal and objectives of the project, functionality and how it works, and technical details of the project.

Tuesday, 14 August

  • Intercepted "shouldLoad" method of nsIContentPolicy interface.
    • The nsIContentPolicy interface is useful to observe content that is being loaded into browser.
    • The "shouldLoad" method of this interface will be called before loading the resource to determine whether to start the load at all.
  • This method is useful to infer the rules for website by observing the contents that are loaded by a web page.

Wednesday, 15 August

  • Perform the resource load type check to collect information about the type of load and destination domain of the request.
  • To infer CSP directive rules such as, script-src, img-src, etc, I intercepted at "shouldLoad" method of nsIContentPolicy interface. When this method is invoked it provides various information, we are specifically interested in following information:
 aContentType : TYPE_IMAGE, TYPE_SCRIPT, TYPE_OBJECT, etc. 
 aContentLocation: It contains destination domain URL where resource is hosted.
 aRequestOrigin: The domain that initiated this resource load request.
    • For example, If request is of TYPE_IMAGE then for "aRequestOrigin", I stored "aContentLocation" URL in "img-src" directive. The entry is only inserted if it doesn't exists in CSP directive to remove duplicates.

Thursday, 16 August

  • Inferred policy for a website by observing its resource loading is send to add-on UI component for displaying it in the add-on UI.
** Inferred policy for a website is shown in the "ALL" tab of the add-on UI.
    • Automatically inferred policy for a website provides hints for users in configuring CSP directives as well as makes their job easier while configuring a CSP policy for the website.

Friday, 17 August

  • Filed a bug on bugzilla.mozilla.org for refinePolicy() method. (Bug 783497)
  • Changed the logo of userCSP add-on. Bug 780045 is for content security policy logo. However, the logo is not yet ready so tentatively we used a Shield icon for userCSP add-on.


Saturday, 18 August

  • userCSP add-on sqlite database file is now stored in ProfD (profile directory) of Firefox. Previously, it was stored on user's Desk(Desktop).
  • Added "Infer CSP" tab to add-on UI.
    • Infer policy tab provides three buttons to the user namely, Start, Stop and SetInferredCSPAsUserCSP.
      • The "Start" button when clicked starts inferring of a CSP policy for a website and "Stop" button stops automatic inferring of a CSP policy for a website.

Sunday, 19 August

  • "Help" tab is added to add-on UI and it say "If the website rules appear to be missing for a site that has implemented CSP, try clicking shift-refresh. It may be because the website is cached."
    • When a site is loaded from a cache and it has set "X-Content-Security-Policy header, then we don't know how to retrieve its "X-Content-Security-Policy" Header for the website when it is loaded from a cache. Therefore, in such scenario we are not able to display the CSP policy into add-on UI. Whereas shift-refresh causes a site to be loaded from network, so that we can retrieve CSP policy from HTTP header.
  • Added "setInferredCSPAsUserCSP" button into "Infer CSP" tab. This feature allows user to set automatically inferred policy for a website as well as allows user to update inferred CSP policy.
Retrieved from "https://wiki.allizom.org/index.php?title=SummerOfCode/2012/UserCSP/WeeklyUpdates/2012-08-13&oldid=462147"