Use HTTPS for Rakuten search provider if possible

RESOLVED FIXED in Firefox 55

Status

RESOLVED FIXED
2 years ago
a year ago

People

(Reporter: m_kato, Assigned: bugzilla)

Tracking

unspecified
mozilla55
Unspecified
All

Firefox Tracking Flags

(firefox55 fixed)

Details

Attachments

(1 attachment)

(Reporter)

Description

2 years ago
https://affiliate.rakuten.co.jp/info/back2016.html
- アフィリエイトリンクのSSL対応について

Although our searchbox has rakuten affiliate. we doesn't use non-HTTPS search.  But from Dec 2016, they supports HTTPS.  So if possible, we should change from HTTP to HTTPS.
(Reporter)

Updated

2 years ago
Summary: Use HTTPS for Rakuten serach provider if possible → Use HTTPS for Rakuten search provider if possible
Someone should contact this search provider and make sure they're OK with us switching to https.

That's what we used to do in the past, not sure if the policy changed because we want most of them to be https (CCing mkaply).

Comment 2

2 years ago
> Although our searchbox has rakuten affiliate. we doesn't use non-HTTPS search.  But from Dec 2016, they supports HTTPS.  So if possible, we should change from HTTP to HTTPS.

I just ran some tests and it's not using https for me. Going to

https://search.rakuten.co.jp/

Redirects to http.

Is it a different URL?

This particular URL is an affilate URL and we would have to go to them and request a new URL, which is not practical at this time.

So I don't think we'll be able to do this.

On another note, that page seems to indicate that they are ending their affiliate program? I wonder if this affects us...
(Assignee)

Comment 3

2 years ago
The announcement Makoto linked say:

HTML tag and link target URL generated on Item/hop link generation page will be changed from "http" to "https" as following:
This change is currently about tags generated on Item/hop link generation page but motion widget and other tags will be also changed step by step.

href="http://hb.afl.rakuten.co.jp     => a href="https://hb.afl.rakuten.co.jp
img src="http://hbb.afl.rakuten.co.jp => img src="https://hbb.afl.rakuten.co.jp

That is, Rakuten is now under transition to wtich HTTP to HTTPS.
I guess the transition is not completed yet and main Rakuten site still use HTTP, only some of sub domains switched to use HTTPS currently.

The search url of for Rakuten Affiliate for Firefox Desktop is currently
http://pt.afl.rakuten.co.jp/c/013ca98b.cd7c5f0c/
HTTPS version seems to work already but this sub domain is not hb.afl.rakuten.co.jp nor hbb.afl.rakuten.co.jp mentioned in the annoucement. it's not yet sure if our affiliate can already use HTTPS or not.

Anyway, I'll contact to Rakuten staff who is in charge of our search affiliate and ask her when should our search plugin can use HTTPS.

(In reply to Mike Kaply [:mkaply] from comment #2)
> On another note, that page seems to indicate that they are ending their
> affiliate program? I wonder if this affects us...

The closing announcement is about the "楽天ネットスーパー" (http://netsuper.rakuten.co.jp/) service affiliate, not about main Rakuten shopping (http://www.rakuten.co.jp/). So this will not affect us.
(Assignee)

Comment 4

2 years ago
Update from Rakuten:
(As I wrote above) They are currently underway to switch Rakuten Ichiba to full HTTPS.
Their current plan is to complete it around the end of June.
They request us to keep using HTTP for our query and switch to HTTPS after their transition.
(Assignee)

Comment 5

a year ago
I've talked more with Rakuten staffs about the search engine parameters and redirection etc.
Then finally they agreed to switch our search url to HTTPS now. I'll attache the patch for this.


Note from the talk with them:

Current search url is:
http://pt.afl.rakuten.co.jp/c/013ca98b.cd7c5f0c/?sitem=keyword&sv=2&p=0
this will be redirected to:
-> http://esearch.rakuten.co.jp/r/sar.cgi/?sv=2&p=0&sitem=keyword&scid=af_pc_etc&sc2id=20752779
-> http://esearch.rakuten.co.jp/rms/sd/esearch/vc?sv=2&sitem=keyword&p=0
-> http://search.rakuten.co.jp/search/mall/keyword/?p=0

These redirections make load time longer but it's intentional and must not change the domain/url of the search.
They use these redirections to track search partners.

Final url (search.rakuten.co.jp) is still HTTP but will be changed soon (around the end of June, TBD) and they agreed to change our search query from HTTP to HTTPS now.
(Assignee)

Comment 6

a year ago
Created attachment 8859936 [details] [diff] [review]
use https for rakuten search plugin

Please review the patch and check into mozilla-central
Attachment #8859936 - Flags: review?(francesco.lodolo)
Comment on attachment 8859936 [details] [diff] [review]
use https for rakuten search plugin

Review of attachment 8859936 [details] [diff] [review]:
-----------------------------------------------------------------

I'm turning this over to Mike, since it's a partner.

I have some concerns on the number of redirects they do, and also the fact that they lose https right after the first one. It also means that we're going to update this searchplugin a second time in 2 months, to fix the search URL. Does it make sense to wait until they fully switch they systems to https?
Attachment #8859936 - Flags: review?(francesco.lodolo) → review?(mozilla)
(Assignee)

Comment 8

a year ago
(In reply to Francesco Lodolo [:flod] from comment #7)
> I have some concerns on the number of redirects they do, and also the fact
> that they lose https right after the first one. It also means that we're
> going to update this searchplugin a second time in 2 months, to fix the
> search URL. Does it make sense to wait until they fully switch they systems
> to https?

Unfortunately we (or they) cannot reduce the number of redirection unless Mozilla give up the current affiliation partnership with them. I guess they cannot change their server infrastructure to reduce the redirections only for us.

As for the update of the searchplugin, we need not update again when they fully switch to https. Even when they start using https for their main shopping site (www.rakuten.co.jp & search.rakuten.co.jp), search query from Firefox will not change. It should continue to be this one:
https://pt.afl.rakuten.co.jp/c/013ca98b.cd7c5f0c/?sitem=keyword&sv=2&p=0
The end result between https and http seems to be the same (in terms of where you land), so it doesn't seem like we lose anything by doing this.

Is that what you see flod?
(In reply to Mike Kaply [:mkaply] from comment #9)
> The end result between https and http seems to be the same (in terms of
> where you land), so it doesn't seem like we lose anything by doing this.
> 
> Is that what you see flod?

Yes, we end up in the same place.

Updated

a year ago
Attachment #8859936 - Flags: review?(mozilla) → review+
Assignee: nobody → bugzilla
Keywords: checkin-needed

Comment 11

a year ago
Pushed by ryanvm@gmail.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/b55e0e4fec2d
Use HTTPS for Rakuten search provider if possible. r=mkaply
Keywords: checkin-needed

Comment 12

a year ago
bugherder
https://hg.mozilla.org/mozilla-central/rev/b55e0e4fec2d
Status: NEW → RESOLVED
Last Resolved: a year ago
status-firefox55: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla55
You need to log in before you can comment on or make changes to this bug.