Closed
Bug 1335224
Opened 8 years ago
Closed 8 years ago
System addon to disable HSTS priming on Release and Beta
Categories
(Core :: DOM: Security, defect)
Tracking
()
RESOLVED
FIXED
People
(Reporter: kmckinley, Assigned: kmckinley)
References
Details
(Whiteboard: [go-faster-system-addon])
Attachments
(3 files)
This bug is for a system add-on to implement the pref flip described in bug 1335134 to disable HSTS priming requests in Release.
Updated•8 years ago
|
Whiteboard: [go-faster-system-addon]
Assignee | ||
Comment 1•8 years ago
|
||
Assignee | ||
Comment 2•8 years ago
|
||
hsts-priming.xpi (unsigned)
Comment 4•8 years ago
|
||
Comment on attachment 8831860 [details] [diff] [review]
Patch (without .xpi file)
Review of attachment 8831860 [details] [diff] [review]:
-----------------------------------------------------------------
(I'll take a second look early tomorrow)
Attachment #8831860 -
Flags: feedback+
Assignee | ||
Comment 5•8 years ago
|
||
Jason, could you please sign the hsts-priming.xpi pending Felipe's final r+?
Flags: needinfo?(jthomas)
Updated•8 years ago
|
Attachment #8831860 -
Flags: review+
Assignee | ||
Comment 7•8 years ago
|
||
Steps to test from bug 1311807
On https://www.franceinter.fr/ page, click headphone icon to start audio player
This opens audio player in the bottom, audio should begin playing quickly.
Before the addon is installed:
Audio will be delayed for some time (1 minute or more, depending on OS timeouts)
After the addon is installed:
audio playing starts within 1 or 2 seconds
Comment 8•8 years ago
|
||
Hi,
I verified this bug on FF release 51.0.1 and beta 52.0b2 on Mac OS, Windows and Ubuntu and I can confirm the fix. I used the .xpi from comment 6.
Flags: needinfo?(ovidiu.boca)
Comment 9•8 years ago
|
||
We tested this on the release-sysaddon update channel using various platforms, versions, build architectures and locales, detailed test report available here:
https://public.etherpad-mozilla.org/p/1335224&1307568
Comment 10•8 years ago
|
||
This has been deployed to release.
Status: ASSIGNED → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
Comment 11•8 years ago
|
||
Is the system addon deployment actually working and being picked up by live browsers? From my understanding it's supposed to check for it once per day, and by using the Timer Fire plugin I can see it fire off some HTTPS requests, but it doesn't seem to be poking the Balrog/AUS system or install this system plugin on any of the 51.0.1 installations I'm running, even after a restart.
I can see the hsts-priming@mozilla.org plugin listed here, so it is deployed to Balrog:
https://aus5.mozilla.org/update/3/SystemAddons/51.0.1/20170125094131/default/en-US/release/default/default/default/update.xml
But the extension log in the browser console does not reference this URL at all, it seems to be poking https://services.addons.mozilla.org/en-US/firefox/api/1.5/search with a specific list of (previously installed) addon checks instead.
Is the wiki entry at https://wiki.mozilla.org/Firefox/Go_Faster/Releasing_an_add-on_mechanics outdated when it comes to using the Timer Fire plugin to force the system addon check, or is something else wrong here?
Flags: needinfo?(kmckinley)
Assignee | ||
Comment 12•8 years ago
|
||
You should be able to see if it is installed by going to about:config and searching on hsts. If the addon is installed, extensions.bootstrappedAddons, extensions.systemAddonSet, and extensions.xpiState should all appear with the hsts-priming extension listed. Additionally, the security.mixed_content.send_hsts_priming preference default will appear as "false".
Flags: needinfo?(kmckinley)
Comment 13•8 years ago
|
||
None of my four 51.0.1 installations on the release update channel have picked up the system addon yet. The metioned extensions.bootstrappedAddons, extensions.systemAddonSet, and extensions.xpiState do not contain the hsts@mozilla.org addon, and security.mixed_content.send_hsts_priming is still set as "true". Some of these have been restarted in the last day.
While the communication is obviously encrypted, I've been monitoring outgoing TCP connections from Firefox, and the IPs listed on the DNS entry for aus5.mozilla.org have not been touched.
All this leads me to believe that the system addon update mechanism is not working, or at least not reliably. Do you know of any 51.0.1 release channel installations that *have* picked it up without manual intervention?
Flags: needinfo?(kmckinley)
Comment 14•8 years ago
|
||
I figured it out: if the automatic update setting is set to "Check for updates, but let me choose whether to install them", it doesn't look like it will ever look for system addon updates at all, much less ask to install them. When changed to "Automatically install updates", it did successfully grab the HSTS addon from aus5.mozilla.org and toggle the prefs as intended.
Assignee | ||
Updated•8 years ago
|
Flags: needinfo?(kmckinley)
You need to log in
before you can comment on or make changes to this bug.
Description
•