Closed Bug 1232258 Opened 5 years ago Closed 5 years ago

"Learn more..." link on the error page for expired certificates links to TLS error reports content

Categories

(Core :: Security: PSM, defect)

44 Branch
defect
Not set
normal

Tracking

()

VERIFIED FIXED
mozilla46
Tracking Status
firefox44 - wontfix
firefox45 + verified
firefox46 --- verified

People

(Reporter: mgoodwin, Assigned: mgoodwin)

References

Details

Attachments

(1 file)

Issue:
The "Learn More" link on the error page displayed for expired certs links to the TLS error report pages - which contains information only applicable to non-overridable errors.

Expected behavior:
The link should take the user to information pertinent to overridable TLS errors.

Steps to reproduce:
Visit https://expired.badssl.com/
https://support.mozilla.org/kb/what-does-your-connection-is-not-secure-mean is probably the most relevant and useful page at the moment (there is another page that covers similar content but goes into more depth (but uses out-of-date screenshots), so we might consider merging the two).
so it looks like we will have to merge the current content of https://support.mozilla.org/en-US/kb/connection-untrusted-error-message into https://support.mozilla.org/en-US/kb/what-does-your-connection-is-not-secure-mean and adapt it for 44 accordingly.

also need-infoing joni to make her aware of this issue...
Flags: needinfo?(jsavage)
Can you let me know which URL you want to use so I can make the changes to aboutCertError.xhtml

It's worth noting that bug 1207130 (in progress) will mean reporting is available to both pages. With this in mind, maybe the content of https://support.mozilla.org/kb/tls-error-reports should be merged too?
As discussed in IRC (with philipp), I'll also change the value in aboutNetError.xhtml
Version: unspecified → 44 Branch
Blocks: 1207107
Comment on attachment 8709985 [details]
MozReview Request: Bug 1232258 - Fix 'Learn More' link in aboutCertError.xhtml and aboutNetError.xhtml r?Gijs

302 past who named that page in bug 1207107 comment #0.
Attachment #8709985 - Flags: review?(gijskruitbosch+bugs) → review?(past)
Duplicate of this bug: 1229515
[Tracking Requested - why for this release]:
UI should point the user to the right place and not be confusing.
So hg.m.o would like to pretend that bug 1207107 only landed on 45, but it was uplifted. So we're about to ship this. I don't know what our odds are to still get this into 44.

It seems like the more sensible option for 44 would be to make the SUMO page just redirect to the thing we want. (And potentially include any other info that tls-error-report has but that page doesn't).

Joni/Mark, can we do that? Dumb idea? (should probably be a separate bug for tracking reasons if we do it)
Flags: needinfo?(mgoodwin)
(In reply to :Gijs Kruitbosch from comment #9)
> Joni/Mark, can we do that? Dumb idea? (should probably be a separate bug for
> tracking reasons if we do it)

In terms of the content, no. Everything that's on tls-error-report can (and given the new UI, probably should) be in the other page.
Flags: needinfo?(mgoodwin)
(In reply to Mark Goodwin [:mgoodwin] from comment #10)
> In terms of the content, no.

To be clear, that's "no, it's not a dumb idea"
Comment on attachment 8709985 [details]
MozReview Request: Bug 1232258 - Fix 'Learn More' link in aboutCertError.xhtml and aboutNetError.xhtml r?Gijs

https://reviewboard.mozilla.org/r/31623/#review28343
Attachment #8709985 - Flags: review?(past) → review+
[Tracking Requested - why for this release]:
in addition to comment #8 adding tracking flag for 44 as well
a first version of https://support.mozilla.org/en-US/kb/what-does-your-connection-is-not-secure-mean with some more relevant content is now public...
https://hg.mozilla.org/integration/mozilla-inbound/rev/d5c2df6407e6db8503ed37fbdb002c5b0dadfa7e
Bug 1232258 - Fix 'Learn More' link in aboutCertError.xhtml and aboutNetError.xhtml r=past
Assignee: nobody → mgoodwin
https://hg.mozilla.org/mozilla-central/rev/d5c2df6407e6
Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla46
we have put a redirect in place on sumo now - maybe it would be good to get the fix uplifted to firefox 45 nevertheless.
Flags: needinfo?(jsavage)
Gijs, do we need to uplift this to beta45? It's a wontfix for fx44 with a hard-coded (temp) redirect on sumo for 44.
Flags: needinfo?(gijskruitbosch+bugs)
Comment on attachment 8709985 [details]
MozReview Request: Bug 1232258 - Fix 'Learn More' link in aboutCertError.xhtml and aboutNetError.xhtml r?Gijs

(In reply to Ritu Kothari (:ritu) from comment #19)
> Gijs, do we need to uplift this to beta45? It's a wontfix for fx44 with a
> hard-coded (temp) redirect on sumo for 44.

Yes, also because esr. Normally we ask the patch author or the reviewer to do an uplift request, but I think Mark will forgive me if I do it for him... :-)

Approval Request Comment
[Feature/regressing bug #]: bug 1207107
[User impact if declined]: irrelevant/confusing information shown when clicking "learn more"
[Describe test coverage new/current, TreeHerder]: nope, just changing a link
[Risks and why]: none, just changing a link from one href to another, already baked for a bit
[String/UUID change made/needed]: no, the link was and is hardcoded, so no l10n changes. SUMO translations should be fine as the alternative page has existed for a while now, and anyway, that's not relevant for uplift.
Flags: needinfo?(gijskruitbosch+bugs)
Attachment #8709985 - Flags: approval-mozilla-beta?
Comment on attachment 8709985 [details]
MozReview Request: Bug 1232258 - Fix 'Learn More' link in aboutCertError.xhtml and aboutNetError.xhtml r?Gijs

Fix the link. Taking it. Should be in 45 beta2
Attachment #8709985 - Flags: approval-mozilla-beta? → approval-mozilla-beta+
QA Whiteboard: [good first verify]
Verified as fixed in Firefox Stable 45 Debian 8 GNU/Linux 

Verified as Fixed in Firefox Beta 46.0b1 Debian 8 GNU/Linux
Status: RESOLVED → VERIFIED
QA Whiteboard: [good first verify] → [good first verify][bugday-20160316]
You need to log in before you can comment on or make changes to this bug.