Closed
Bug 1086556
Opened 10 years ago
Closed 10 years ago
Use HTTPS instead of HTTP for Gravatar in Loop/Hello
Categories
(Hello (Loop) :: Client, defect, P2)
Tracking
(Not tracked)
RESOLVED
DUPLICATE
of bug 1069962
| backlog | backlog+ |
People
(Reporter: eldmannen+mozilla, Unassigned)
References
Details
(Whiteboard: [gravatar])
User Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:36.0) Gecko/20100101 Firefox/36.0
Build ID: 20141021030208
Steps to reproduce:
about:config
Actual results:
loop.CSP contains http://www.gravatar.com/
Expected results:
Gravatar should be over HTTPS
|
||
Updated•10 years ago
|
Component: Untriaged → Client
Product: Firefox → Loop
QA Contact: anthony.s.hughes
Version: 36 Branch → unspecified
|
||
Updated•10 years ago
|
backlog: --- → Fx34?
|
|
||
Comment 1•10 years ago
|
||
Current target for gravatar support is Fx36 (we need to add UX to ask permission of the user to use gravatars).
backlog: Fx34? → Fx36?
|
|
||
Updated•10 years ago
|
backlog: Fx36? → Fx36+
|
|
||
Updated•10 years ago
|
Status: UNCONFIRMED → NEW
Ever confirmed: true
|
||
Comment 2•10 years ago
|
||
This isn't really an issue with the CSP per se; it's an issue with the Gravitar code, around which the CSP was crafted. At this point, changing the CSP would just break things. The underlying code needs to be updated to use https, and the CSP needs to be updated to match, in that same patch.
Summary: Use HTTPS instead of HTTP in CSP for Gravatar → Use HTTPS instead of HTTP for Gravatar in Loop/Hello
|
||
Updated•10 years ago
|
Rank: 24
Priority: -- → P2
|
|
||
Updated•10 years ago
|
backlog: Fx38? → backlog+
Flags: firefox-backlog+
Whiteboard: [gravatar]
|
|
||
Updated•10 years ago
|
Rank: 24 → 29
|
||
Comment 4•10 years ago
|
||
We addressed this in bug 1069962 when re-enabling Gravatar support for keeps.
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•