Mounir Lamouri (:mounir) <
mou...@lamouri.fr> has asked Jonas Sicking (:sicking)
<
jo...@sicking.cc> for superreview:
Attachment 751937: Desktop push.
https://bugzilla.mozilla.org/attachment.cgi?id=751937&action=edit
------- Additional Comments from Mounir Lamouri (:mounir) <
mou...@lamouri.fr>
Review of attachment 751937:
-----------------------------------------------------------------
r=me with my comments applied and the register() method signature discussed a
bit more.
I guess Doug need to review this code too. You should also ask a browser/ peer
to review the changes in nsBrowserGlue.js and browser.properties. You should
also ask a ui-review for the strings in browser.properties.
::: browser/locales/en-US/chrome/browser/browser.properties
@@ +300,5 @@
> +push.alwaysAllow=Always allow
> +push.alwaysAllow.accesskey=A
> +push.neverAllow=Never allow
> +push.neverAllow.accesskey=N
> +push.allowFromSite=Do you want to allow push notifications from %S?
You should ask ui-review for that I believe.
FWIW, I wonder why the accesskey for "allowForSession" is lowercase while the
other a uppercase. It might change nothing though. Also, I think the
description will never be understood by a real human being: I doubt most our
users have any idea what "push notifications" are and what would be the
consequences of allowing them.
::: dom/interfaces/push/nsIDOMPushManager.idl
@@ +21,5 @@
> *
> * On success, the DOMRequest's result field will be a string URL. This
URL
> * is the endpoint that can be contacted to wake up the application.
> */
> + nsIDOMDOMRequest register([optional] in ACString wakeupURL);
I'm not terribly convinced that we should bind the system message mechanism to
every API that will require it. I'm also not a super fan of having two
different method signatures, one for application context and one for browser
context. I will not r- the patch for that but I would appreciate some
discussions before pushing this forward.
::: dom/permission/PermissionPromptService.js
@@ +71,5 @@
> let type = aRequest.access !== "unused" ? aRequest.type + "-" +
aRequest.access
> : aRequest.type;
> let perm =
> permissionManager.testExactPermissionFromPrincipal(aRequest.principal,
type);
> + dump(type + " " + perm);
I guess this debug code should go away.
::: dom/push/src/Push.js
@@ +168,5 @@
> + },
> + allow: function() {
> + // Add push permissions to the wakeup URL.
> + Services.perms.add(wakeupURI, 'push',
Ci.nsIPermissionManager.ALLOW_ACTION,
> + Ci.nsIPermissionManager.EXPIRE_NEVER);
I believe this should be done by nsIContentPermissionPrompt, shouldn't it? I'm
afraid you might end up over-writting session permission with a always
permission here.
::: dom/push/src/PushService.jsm
@@ +505,5 @@
> this._requestTimeout = prefs.get("requestTimeout");
>
> this._udpPort = prefs.get("udp.port");
>
> this._db.getAllChannelIDs(
nit: a comment saying what this method is doing would be pretty awesome.
@@ -506,5 @@
> -
> - // At this point, profile-change-net-teardown has already fired, so the
> - // WebSocket has been closed with NS_ERROR_ABORT (if it was up) and will
> - // try to reconnect. Stop the timer.
> - this._stopAlarm();
Is that chunk here on purpose?
@@ +1265,5 @@
> + return;
> + }
> + // If endpoint was created by a web page, only allow pages with the
same
> + // origin permission to delete the endpoint.
> + else if (!record.manifestURL) {
No need for "else" here.
@@ +1274,5 @@
> + " is trying to delete endpoint set by " + recordPageURI.spec);
> + try {
> + Services.scriptSecurityManager.checkSameOriginURI(callerPageURI,
> + recordPageURI,
> + false);
If the call is developer initiated, having true as a third parameter would be
better so developers can debug more easily.