Labs/Jetpack/Reboot/JEP/106

From MozillaWiki
< Labs‎ | Jetpack‎ | Reboot‎ | JEP
Revision as of 23:09, 5 February 2010 by Varmaa (talk | contribs) (added more stuff)
Jump to navigation Jump to search

JEP 106 - Registered Jetpack URLs

  • Champion: Atul Varma - avarma@mozilla.com
  • Status: Accepted/In-Queue
  • Bug Ticket:
  • Type: API
  • Difficulty: 8


Proposal

Every file in a Jetpack package needs a unique identifier for a variety of reasons:

  • If an error occurs in a Jetpack's code, the traceback needs to include a URL that doesn't give away potentially sensitive information about its location on the user's filesystem.
  • If a Jetpack wants to embed one of its images in a web page, it probably needs to do so with a URL, although such could also be done with a data: URI.
  • If a Jetpack wants to self-host a web-like UI, it needs a URL to display in the URL bar. This URL should preferably be memorable but doesn't need to be.
  • If a Jetpack wants to process the data contained in a file in its package, it should do so via a URL (though a relative path can potentially be used).

A prerequisite for this is that each Jetpack must have a unique ID that cannot be spoofed. This is valuable for a number of reasons:

  • The host environment needs a way to keep track of Jetpack-specific resources; thus each Jetpack needs a primary key. If a Jetpack is uninstalled and reinstalled later and the user wants to keep their data, then the primary key may need to be preserved.
  • The host environment needs a way of telling that one Jetpack is an upgrade for another, while guaranteeing that the upgrade isn't a forgery.

Key Issues

There are a number of security issues involved in this.

  • Jetpacks should have a way of specifying which of their resources is "private", i.e. accessible only by itself, vs. "public", i.e. accessible from external code like web pages.
  • It shouldn't be possible for a Jetpack to "spoof" another by e.g. having the same ID.
  • The security policy for HTML code needs to be well-defined; should it follow the Web's standard single-origin policy, or something else? Can scripts be loaded from remote pages?

Dependencies & Requirements

Internal Methods

API Methods