These are chat archives for codexa/firetext

6th
Jun 2015
Josh Smith
@joshua-s
Jun 06 2015 02:51 UTC
I am having lots of trouble with this :/
See my test work on gh-pages (careful, it's live so only /auth/dropbox/oauth2/ can be modified) and dropbox-oauth2
Apparently, the parent receives the message, and dispatches one of its own that the child does not receive
This is my modification to {dropboxjs}/src/auth_driver/browser.coffee
Any ideas?
Josh Smith
@joshua-s
Jun 06 2015 02:57 UTC
(P.S. when we get it working I think we could move it to our own "driver" so we are not required to patch dropbox.js with every update)
Daniel Huigens
@twiss
Jun 06 2015 14:30 UTC
In case you haven't caught that yet, my first guess would be on line 487 you addEventListener receiveMessage, which is only defined on line 488
Josh Smith
@joshua-s
Jun 06 2015 14:36 UTC
This message was deleted
Josh Smith
@joshua-s
Jun 06 2015 14:54 UTC
lol, that was it :D
Daniel Huigens
@twiss
Jun 06 2015 15:02 UTC
Cool :+1:
Josh Smith
@joshua-s
Jun 06 2015 15:07 UTC
So, file has a null origin so I can't allow it
Daniel Huigens
@twiss
Jun 06 2015 15:35 UTC
Oh, that's a shame
One thing about the building thing: with HTTPS/2 it might not be faster anymore to make less requests
I'm still going to create something for now though
Josh Smith
@joshua-s
Jun 06 2015 15:51 UTC
When is that coming?
:+1: sounds good. It will be smaller at least!
Daniel Huigens
@twiss
Jun 06 2015 15:56 UTC
HTTP/2 I mean. It's already here, e.g. here is an implementation for Node JS: https://www.npmjs.com/package/http2. Etcetera
It depend on your server stack whether or not it's easy to start using it I guess
Josh Smith
@joshua-s
Jun 06 2015 16:09 UTC
We just use github pages atm
Josh Smith
@joshua-s
Jun 06 2015 16:21 UTC
So, are you working on the build stuff?
Josh Smith
@joshua-s
Jun 06 2015 17:50 UTC
It works!!!
joshua-s @joshua-s sets topic to error
Josh Smith
@joshua-s
Jun 06 2015 17:59 UTC
Sometime within the last few days, we did something that causes NS_ERROR_FILE_NOT_FOUND: when trying to load modules/editor/editor.html
The error occurs on develop and dropbox-oauth2
Josh Smith
@joshua-s
Jun 06 2015 18:07 UTC
The cause: #304
I have added a comment
Josh Smith
@joshua-s
Jun 06 2015 18:16 UTC
Fixed!
Daniel Huigens
@twiss
Jun 06 2015 18:16 UTC
Uhm, is it used there or just referenced?
Josh Smith
@joshua-s
Jun 06 2015 18:19 UTC
Oh, it's just referenced
Removed!
Josh Smith
@joshua-s
Jun 06 2015 18:27 UTC
@twiss I think we can merge #299 now!
Daniel Huigens
@twiss
Jun 06 2015 18:34 UTC
Er, aren't you supposed to use an actual domain that we own in origin?
You could just submit it and see if they complain
Josh Smith
@joshua-s
Jun 06 2015 18:35 UTC
You mean as the app's origin
Daniel Huigens
@twiss
Jun 06 2015 18:36 UTC
Yes, like app://firetext.codexa.bugs3.com or something, I don't know
Or the github one
Maybe they'll find app://firetext is just fine though, and it's certainly cleaner
Josh Smith
@joshua-s
Jun 06 2015 18:39 UTC
Yeah. I'm asking, but I think they won't mind
I think the principal is to not have apps specifying things like app://facebook.com as their origin
Daniel Huigens
@twiss
Jun 06 2015 18:39 UTC
Yes
Josh Smith
@joshua-s
Jun 06 2015 18:40 UTC
There might be some sort of verification process though, so I'm going to test it right now
Daniel Huigens
@twiss
Jun 06 2015 18:46 UTC
Also, not that it looks like it matters much but why did you change the regexes?
And, do you have the latest browser.coffee somewhere or didn't it change beyond that bugfix?
Josh Smith
@joshua-s
Jun 06 2015 18:49 UTC
I changed the regexs to detect an origin as opposed to returning one
Josh Smith
@joshua-s
Jun 06 2015 18:49 UTC
So, all localhost origins return the string "localhost"
All file:// origins (if they weren't null) would return "file"
And the other regexs were not changed
Daniel Huigens
@twiss
Jun 06 2015 18:51 UTC
Oh, I'm comparing to a different browser.coffee then I think
Josh Smith
@joshua-s
Jun 06 2015 18:51 UTC
I moved all my changes into scripts/cloud/dropbox_authdriver_firefoxos.js
So, dropbox.min.js is the vanilla build with no changes from their repo
Daniel Huigens
@twiss
Jun 06 2015 18:51 UTC
Right, cool
Josh Smith
@joshua-s
Jun 06 2015 18:53 UTC
Oh, I'll fix that bug
Nasty coffeescript compile error
Daniel Huigens
@twiss
Jun 06 2015 19:02 UTC
Also, e.origin already contains an origin, not a location. It's not important, but you could remove the last regex probably
Josh Smith
@joshua-s
Jun 06 2015 19:04 UTC
We could, except I have it there for the localhost and file:// cases
(where what we check is not a standard origin, but compliance with a scheme)
Daniel Huigens
@twiss
Jun 06 2015 19:05 UTC
Yup
Josh Smith
@joshua-s
Jun 06 2015 19:05 UTC
So, we don't have to add every localhost scheme and port to the whitelist
I messaged someone on Mozilla's IRC channel, and he said the origin should be fine
Daniel Huigens
@twiss
Jun 06 2015 19:06 UTC
Cool
Josh Smith
@joshua-s
Jun 06 2015 19:06 UTC
...as long as we don't use something like app://facebook.com
Daniel Huigens
@twiss
Jun 06 2015 19:09 UTC
So, did you say it works from file:// now?
Josh Smith
@joshua-s
Jun 06 2015 19:09 UTC
Everything but dropbox (null origin)
Daniel Huigens
@twiss
Jun 06 2015 19:10 UTC
Alright. Well you could remove it but it doesn't matter. Looks ready to merge to me!
Josh Smith
@joshua-s
Jun 06 2015 19:10 UTC
Remove file from the whitelist?
Daniel Huigens
@twiss
Jun 06 2015 19:11 UTC
Yes, and the regex check. The only regex check you then need is the one for localhost
Josh Smith
@joshua-s
Jun 06 2015 19:12 UTC
That sounds good :)
That is only in the server code, so we can merge dropbox-oauth2 and modify server whenever
Daniel Huigens
@twiss
Jun 06 2015 19:22 UTC
Yup
Josh Smith
@joshua-s
Jun 06 2015 19:23 UTC
Alright, then!
Daniel Huigens
@twiss
Jun 06 2015 19:24 UTC
Cool! Gratz and thanks for the hard work :)
Josh Smith
@joshua-s
Jun 06 2015 19:25 UTC
No problem, thanks for preventing me from shipping insecure stuff :D
Daniel Huigens
@twiss
Jun 06 2015 19:26 UTC
Always! :)
So, about
So, are you working on the build stuff?
Daniel Huigens
@twiss
Jun 06 2015 19:31 UTC
I started working on it yes, the current idea is a giant hack and will produce a single html file with scripts and css inlined
Josh Smith
@joshua-s
Jun 06 2015 19:32 UTC
Cool!
Daniel Huigens
@twiss
Jun 06 2015 19:32 UTC
There's much to be improved on that probably, but this was the easiest thing that came to mind
Josh Smith
@joshua-s
Jun 06 2015 19:32 UTC
One thing: inline css/js are blocked by CSP
Daniel Huigens
@twiss
Jun 06 2015 19:33 UTC
Well, it won't be faster for Firefox OS anyway
Since it doesn't have a maximum amount of concurrent requests
tbh I'm not even sure if it will be faster on a server
Josh Smith
@joshua-s
Jun 06 2015 19:35 UTC
That's ok. It will be concise and minified, right?
Daniel Huigens
@twiss
Jun 06 2015 19:36 UTC
Well, if you do that part it will be :)
Nah, I'll see if it's easy to do
Josh Smith
@joshua-s
Jun 06 2015 19:37 UTC
What are you using? I have heard many good things about node
Daniel Huigens
@twiss
Jun 06 2015 19:38 UTC
As server stack?
Josh Smith
@joshua-s
Jun 06 2015 19:39 UTC
As the build system
Daniel Huigens
@twiss
Jun 06 2015 19:41 UTC
I'm using node yes, and a two line shell script. There are probably more organized ways to do it esp when/if you want it to work on Windows
Josh Smith
@joshua-s
Jun 06 2015 19:45 UTC
:+1:
Josh Smith
@joshua-s
Jun 06 2015 20:01 UTC
Do you want to get the build in by this release or wait until next?
Daniel Huigens
@twiss
Jun 06 2015 20:13 UTC
Well, I don't think it matters much for FFOS either way, but let me finish a PR, it shouldn't take long