Closed Bug 1138323 Opened 9 years ago Closed 9 years ago

Heartbeat's browser.selfsupport.url should use https instead of http

Categories

(Firefox :: General, defect)

Product:
Firefox
Component:
General
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
Firefox 39
Tracking Flags:
Tracking Status
firefox37 --- wontfix
firefox38 --- fixed
firefox39 --- fixed

People

(Reporter: cpeterson, Assigned: Dexter)

References

Details

Attachments

(1 file, 1 obsolete file)

bug1138323.patch
1.16 KB, patch
Dexter
: review+
Sylvestre
: approval-mozilla-beta+
Details | Diff | Splinter Review 
We should use HTTPS instead of HTTP for in-product URLs. The server redirects http://self-repair.mozilla.org/en-us/repair to https://self-repair.mozilla.org/en-us/repair anyways.
Attached patch bug1138323.patch (obsolete) — Splinter Review 
This patch uses HTTPS for the self support url pref.
Assignee: nobody → alessio.placitelli
Status: NEW → ASSIGNED
Keywords: checkin-needed
Keywords: checkin-needed
Attached patch bug1138323.patchSplinter Review 
Changed the commit message to mention the name of the reviewer.
Attachment #8571216 - Attachment is obsolete: true
Attachment #8571341 - Flags: review+
Keywords: checkin-needed
Backed out: https://hg.mozilla.org/integration/fx-team/rev/d3c18534ce95

> FATAL ERROR: Non-local network connections are disabled and a connection attempt to self-repair.mozilla.org (54.230.116.22) was made.

It looks like a change will need to be made in talos[1] to change the pref to a dummy value.

[1] http://hg.mozilla.org/build/talos/
OS: Mac OS X → All
Hardware: x86 → All
Whiteboard: [fixed-in-fx-team]
Depends on: 1138823
> > FATAL ERROR: Non-local network connections are disabled and a connection attempt to self-repair.mozilla.org (54.230.116.22) was made.

That's strange, as I've just changed the URL (which was already there!) to use HTTPS. It should have failed before :/ Sorry about that. I've filed bug 1138823.
The Talos changes from bug 1138823 were deployed, so we're save to check that in.
Keywords: checkin-needed
We should really adjust the code to only ever support loading a selfsupport page over https. It looks like the test server used in test environments supports https too, so that shouldn't be a problem (though we'll need another cycle of Talos changes like bug 1138823...)
https://hg.mozilla.org/mozilla-central/rev/335d3dc298d6
Status: ASSIGNED → RESOLVED
Closed: 9 years ago
status-firefox39: affectedfixed
Resolution: --- → FIXED
Whiteboard: [fixed-in-fx-team]
Target Milestone: --- → Firefox 39
Should this get landed in beta 38?  Also, unless I'm reading this wrong, bug 1111022 got backported, so we shipped this in 37.
status-firefox37: unaffectedaffected
Flags: needinfo?(alessio.placitelli)
It's not critical, as the server itself redirects to the HTTPS version of the website. But it's probably better to uplift this to beta 38, to avoid confusion.
Flags: needinfo?(alessio.placitelli)
Comment on attachment 8571341 [details] [diff] [review]
bug1138323.patch

Approval Request Comment
[Feature/regressing bug #]: 1111022
[User impact if declined]: Self-Support will try to load an HTTP url before getting redirected to use HTTPS.
[Describe test coverage new/current, TreeHerder]: This patch has lived for some time now in m-c. Self-Support testing suite covers this change.
[Risks and why]: Low risk, only impacting on Self-Support.
[String/UUID change made/needed]:
Attachment #8571341 - Flags: approval-mozilla-beta?
Comment on attachment 8571341 [details] [diff] [review]
bug1138323.patch

should be in 38b2
Attachment #8571341 - Flags: approval-mozilla-beta? → approval-mozilla-beta+
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: