bernhardr...@gmail.com wrote: > i'm willing to fix > https://bugzilla.mozilla.org/show_bug.cgi?id=836602 > > Summary: The rest api should not send cookies and thus now uses the > LOAD_ANONYMOUS flag. But this flag also denies (client side) > authentication like my custom firefox sync requires. > therefore firefox sync is broken for me since >= F18.
Which modes of authentication does the Sync team wish to support in the product? Currently it supports and requires (I think) HTTP authentication without cookies and without SSL client certificates. The proposal (I think) is to support SSL client certificates with HTTP authentication. But, if you area already doing SSL client authentication then do you really need HTTP authentication too? Should that mode of operation be, instead, SSL client authentication without HTTP authentication and without cookies? How would the Sync client decide whether to use SSL client certificates or HTTP authentication? Would there be some new UI? I am willing to help with things (e.g. reviewing the tests) but it is up to the Sync team to decide on the prioritization of the work and decide what the testing requirements are. IMO, writing tests for this will be difficult as there's no framework for SSL client cert testing. > i'm planing to add 2 new constants: > > const unsigned long LOAD_NOCOOKIES = 1 << 15; > const unsigned long LOAD_NOAUTH = 1 << 16; > the second constant would be the fix for > https://bugzilla.mozilla.org/show_bug.cgi?id=646686 I don't see a problem with adding these. But, we should be clear on what the final goal of this work is. Cheers, Brian _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform