SIMPLER STR (with less site-specific weirdness involved): 1. Start Fenix with a fresh profile. 2. Visit `about:config` and toggle `dom.security.https_first` to `false`. (BUT, ensure that `dom.security.https_first_schemeless` is `true`) 3. Open a new tab and type `example.org` and submit. ACTUAL RESULTS: You end up at http://example.org (note HTTP, no S), indicated with a broken lock icon. EXPECTED RESULTS: You should end up at https://example.org (note HTTPS), indicated with a full lock icon. REASONING: `dom.security.https_first_schemeless` should cause your schemeless domain entry to a https-first-style request. Firefox on Desktop gives expected-results. I'm marking this as depending on bug 1812192 where this `https_first_schemeless` feature was implemented.
Bug 1901120 Comment 3 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
SIMPLER STR (with less site-specific weirdness involved): 1. Start Fenix with a fresh profile (not sure a fresh profile is necessary but it's helpful to reduce variability). 2. Visit `about:config` and toggle `dom.security.https_first` to `false`. (BUT, ensure that `dom.security.https_first_schemeless` is `true`) 3. Open a new tab and type `example.org` and submit. ACTUAL RESULTS: You end up at http://example.org (note HTTP, no S), indicated with a broken lock icon. EXPECTED RESULTS: You should end up at https://example.org (note HTTPS), indicated with a full lock icon. REASONING: `dom.security.https_first_schemeless` should cause your schemeless domain entry to a https-first-style request. Firefox on Desktop gives expected-results. I'm marking this as depending on bug 1812192 where this `https_first_schemeless` feature was implemented.
SIMPLER STR (with less site-specific weirdness involved): 1. Start Fenix, ideally with a fresh profile (not sure a fresh profile is actually necessary but it's helpful to reduce variability). 2. Visit `about:config` and toggle `dom.security.https_first` to `false`. (BUT, ensure that `dom.security.https_first_schemeless` is `true`) 3. Open a new tab and type `example.org` and submit. ACTUAL RESULTS: You end up at http://example.org (note HTTP, no S), indicated with a broken lock icon. EXPECTED RESULTS: You should end up at https://example.org (note HTTPS), indicated with a full lock icon. REASONING: `dom.security.https_first_schemeless` should cause your schemeless domain entry to a https-first-style request. Firefox on Desktop gives expected-results. I'm marking this as depending on bug 1812192 where this `https_first_schemeless` feature was implemented.
SIMPLER STR (with less site-specific weirdness involved): 1. Start Fenix, ideally with a fresh profile (not sure a fresh profile is actually necessary but it's helpful to reduce variability). 2. Visit `about:config` and toggle `dom.security.https_first` to `false`. (BUT, ensure that `dom.security.https_first_schemeless` is `true`) 3. Open a new tab and type `example.org` and submit. ACTUAL RESULTS: You end up at http://example.org (note HTTP, no S), indicated with a broken lock icon. EXPECTED RESULTS: You should end up at https://example.org (note HTTPS), indicated with a full lock icon. REASONING: `dom.security.https_first_schemeless` should cause your schemeless domain entry to produce a HTTPS-first-style request, which should give you the HTTPS page since that attempt succeeds. Firefox on Desktop gives expected-results. I'm marking this as depending on bug 1812192 where this `https_first_schemeless` feature was implemented.
SIMPLER STR (with less site-specific weirdness involved): 1. Start Fenix, ideally with a fresh profile (not sure a fresh profile is actually necessary but it's helpful to reduce variability). 2. Visit `about:config` and toggle `dom.security.https_first` to `false`. (BUT, ensure that `dom.security.https_first_schemeless` is `true`) 3. Open a new tab and type `example.org` and submit. ACTUAL RESULTS: You end up at http://example.org (note HTTP, no S), indicated with a broken lock icon. EXPECTED RESULTS: You should end up at https://example.org (note HTTPS), indicated with a full lock icon. REASONING: `dom.security.https_first_schemeless` should cause your schemeless domain entry to produce a HTTPS-first-style request, which should give you the HTTPS page since that attempt succeeds. Firefox on Desktop gives expected-results. I'm marking this as depending on bug 1812192 where this `https_first_schemeless` feature was implemented, and adjusting the component accordingly. (Not sure if this involves necko code after all.)