If you think a bug might affect users in the 57 release, please set the correct tracking and status flags for Release Management.

Heartbeat's browser.selfsupport.url should use https instead of http

RESOLVED FIXED in Firefox 38

Status

()

Firefox
General
RESOLVED FIXED
3 years ago
3 years ago

People

(Reporter: cpeterson, Assigned: Dexter)

Tracking

unspecified
Firefox 39
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(firefox37 wontfix, firefox38 fixed, firefox39 fixed)

Details

Attachments

(1 attachment, 1 obsolete attachment)

(Reporter)

Description

3 years ago
We should use HTTPS instead of HTTP for in-product URLs. The server redirects http://self-repair.mozilla.org/en-us/repair to https://self-repair.mozilla.org/en-us/repair anyways.
(Assignee)

Comment 1

3 years ago
Created attachment 8571216 [details] [diff] [review]
bug1138323.patch

This patch uses HTTPS for the self support url pref.
Assignee: nobody → alessio.placitelli
Status: NEW → ASSIGNED
Attachment #8571216 - Flags: review+
(Assignee)

Updated

3 years ago
Keywords: checkin-needed
(Assignee)

Updated

3 years ago
Keywords: checkin-needed
(Assignee)

Comment 2

3 years ago
Created attachment 8571341 [details] [diff] [review]
bug1138323.patch

Changed the commit message to mention the name of the reviewer.
Attachment #8571216 - Attachment is obsolete: true
Attachment #8571341 - Flags: review+
(Assignee)

Updated

3 years ago
Keywords: checkin-needed
https://hg.mozilla.org/integration/fx-team/rev/00c0d934ae62
Keywords: checkin-needed
Whiteboard: [fixed-in-fx-team]
Backed out: https://hg.mozilla.org/integration/fx-team/rev/d3c18534ce95

> FATAL ERROR: Non-local network connections are disabled and a connection attempt to self-repair.mozilla.org (54.230.116.22) was made.

It looks like a change will need to be made in talos[1] to change the pref to a dummy value.

[1] http://hg.mozilla.org/build/talos/
OS: Mac OS X → All
Hardware: x86 → All
Whiteboard: [fixed-in-fx-team]
(Assignee)

Updated

3 years ago
Depends on: 1138823
(Assignee)

Comment 5

3 years ago
> > FATAL ERROR: Non-local network connections are disabled and a connection attempt to self-repair.mozilla.org (54.230.116.22) was made.

That's strange, as I've just changed the URL (which was already there!) to use HTTPS. It should have failed before :/ Sorry about that. I've filed bug 1138823.
(Assignee)

Comment 6

3 years ago
The Talos changes from bug 1138823 were deployed, so we're save to check that in.
Keywords: checkin-needed
https://hg.mozilla.org/integration/fx-team/rev/335d3dc298d6
Keywords: checkin-needed
Whiteboard: [fixed-in-fx-team]
We should really adjust the code to only ever support loading a selfsupport page over https. It looks like the test server used in test environments supports https too, so that shouldn't be a problem (though we'll need another cycle of Talos changes like bug 1138823...)
I filed bug 1141052 for that.
https://hg.mozilla.org/mozilla-central/rev/335d3dc298d6
Status: ASSIGNED → RESOLVED
Last Resolved: 3 years ago
status-firefox39: affected → fixed
Resolution: --- → FIXED
Whiteboard: [fixed-in-fx-team]
Target Milestone: --- → Firefox 39
Should this get landed in beta 38?  Also, unless I'm reading this wrong, bug 1111022 got backported, so we shipped this in 37.
status-firefox37: unaffected → affected
Flags: needinfo?(alessio.placitelli)
(Assignee)

Comment 12

3 years ago
It's not critical, as the server itself redirects to the HTTPS version of the website. But it's probably better to uplift this to beta 38, to avoid confusion.
Flags: needinfo?(alessio.placitelli)
(Assignee)

Comment 13

3 years ago
Comment on attachment 8571341 [details] [diff] [review]
bug1138323.patch

Approval Request Comment
[Feature/regressing bug #]: 1111022
[User impact if declined]: Self-Support will try to load an HTTP url before getting redirected to use HTTPS.
[Describe test coverage new/current, TreeHerder]: This patch has lived for some time now in m-c. Self-Support testing suite covers this change.
[Risks and why]: Low risk, only impacting on Self-Support.
[String/UUID change made/needed]:
Attachment #8571341 - Flags: approval-mozilla-beta?
status-firefox37: affected → wontfix
Comment on attachment 8571341 [details] [diff] [review]
bug1138323.patch

should be in 38b2
Attachment #8571341 - Flags: approval-mozilla-beta? → approval-mozilla-beta+
https://hg.mozilla.org/releases/mozilla-beta/rev/bfe014dd05ef
status-firefox38: affected → fixed
You need to log in before you can comment on or make changes to this bug.